Skip to content
Permalink
Browse files Browse the repository at this point in the history
Check for return size in enc_untrusted_read
Check return size does not exceed requested. The returned result and
content still cannot be trusted, but it's expected behavior when not
using a secure file system.

PiperOrigin-RevId: 333827386
Change-Id: I0bdec0aec9356ea333dc8c647eba5d2772875f29
  • Loading branch information
kongoshuu committed Sep 25, 2020
1 parent 8fed5e3 commit b1d120a
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion asylo/platform/host_call/trusted/host_calls.cc
Expand Up @@ -226,8 +226,13 @@ int enc_untrusted_rename(const char *oldpath, const char *newpath) {
}

ssize_t enc_untrusted_read(int fd, void *buf, size_t count) {
return static_cast<ssize_t>(EnsureInitializedAndDispatchSyscall(
ssize_t ret = static_cast<ssize_t>(EnsureInitializedAndDispatchSyscall(
asylo::system_call::kSYS_read, fd, buf, count));
if (ret != -1 && ret > count) {
::asylo::primitives::TrustedPrimitives::BestEffortAbort(
"enc_untrusted_read: read result exceeds requested");
}
return ret;
}

ssize_t enc_untrusted_write(int fd, const void *buf, size_t count) {
Expand Down

0 comments on commit b1d120a

Please sign in to comment.