Check sgx_param input is outside enclave

PiperOrigin-RevId: 346450518 Change-Id: I53e6a3a6de581d1696ccfd801c35b4b9711fe9c8
google · Dec 9, 2020 · 83e145f · 83e145f
1 parent c64d514
commit 83e145f
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/asylo/platform/primitives/sgx/trusted_sgx.cc b/asylo/platform/primitives/sgx/trusted_sgx.cc
@@ -282,6 +282,11 @@ PrimitiveStatus TrustedPrimitives::UntrustedCall(uint64_t untrusted_selector,
     if (sgx_params->input_size > 0) {
       // Allocate and copy data to |input_buffer|.
       sgx_params->input = untrusted_cache->Malloc(sgx_params->input_size);
+      if (!TrustedPrimitives::IsOutsideEnclave(sgx_params->input,
+                                               sgx_params->input_size)) {
+        TrustedPrimitives::BestEffortAbort(
+            "UntrustedCall: sgx_param input should be in untrusted memory");
+      }
       input->Serialize(const_cast<void *>(sgx_params->input));
     }
   }