From 83e145f0384ca3fc63d1406476254f70ee1adbff Mon Sep 17 00:00:00 2001
From: Chong Cai <chongc@google.com>
Date: Tue, 8 Dec 2020 17:59:11 -0800
Subject: [PATCH] Check sgx_param input is outside enclave

PiperOrigin-RevId: 346450518
Change-Id: I53e6a3a6de581d1696ccfd801c35b4b9711fe9c8
---
 asylo/platform/primitives/sgx/trusted_sgx.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/asylo/platform/primitives/sgx/trusted_sgx.cc b/asylo/platform/primitives/sgx/trusted_sgx.cc
index 51487a3c81..916b99fa42 100644
--- a/asylo/platform/primitives/sgx/trusted_sgx.cc
+++ b/asylo/platform/primitives/sgx/trusted_sgx.cc
@@ -282,6 +282,11 @@ PrimitiveStatus TrustedPrimitives::UntrustedCall(uint64_t untrusted_selector,
     if (sgx_params->input_size > 0) {
       // Allocate and copy data to |input_buffer|.
       sgx_params->input = untrusted_cache->Malloc(sgx_params->input_size);
+      if (!TrustedPrimitives::IsOutsideEnclave(sgx_params->input,
+                                               sgx_params->input_size)) {
+        TrustedPrimitives::BestEffortAbort(
+            "UntrustedCall: sgx_param input should be in untrusted memory");
+      }
       input->Serialize(const_cast<void *>(sgx_params->input));
     }
   }