Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add sysno check in MessageReader
The sysno in MessageReader is interpreted from the Message header passed
from the host. A malicious Message header may provide a modified sysno
to bypass the validation, and overwrites enclave memory. This change
adds a check for sysno to make sure it matches the expected value.

This issue was reported by Qinkun Bao, Zhaofeng Chen, Mingshen Sun, and
Kang Li from Baidu Security.

PiperOrigin-RevId: 377328054
Change-Id: I3ff6f60694d3390f66da89d139cf7cc7b49abaea
  • Loading branch information
kongoshuu committed Jun 3, 2021
1 parent b0413b7 commit 90d7619
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions asylo/platform/system_call/system_call.cc
Expand Up @@ -115,6 +115,9 @@ extern "C" int64_t enc_untrusted_syscall(int sysno, ...) {
// Copy outputs back into pointer parameters.
auto response_reader =
asylo::system_call::MessageReader({response_buffer, response_size});
if (response_reader.sysno() != sysno) {
error_handler("system_call.cc: Unexpected sysno in response");
}
const asylo::primitives::PrimitiveStatus response_status =
response_reader.Validate();
if (!response_status.ok()) {
Expand Down

0 comments on commit 90d7619

Please sign in to comment.