Skip to content
Permalink
Browse files Browse the repository at this point in the history
Store untrusted input to enclave variable
The untrusted input pointer should be stored to trusted variable before
checking to avoid unexpected modifications after checking.

PiperOrigin-RevId: 362553830
Change-Id: I743f9bd3487de60269e247d74f2188f2ffc06d01
  • Loading branch information
kongoshuu committed Mar 12, 2021
1 parent e95fc9e commit ecfcd00
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions asylo/platform/primitives/sgx/trusted_sgx.cc
Expand Up @@ -281,12 +281,13 @@ PrimitiveStatus TrustedPrimitives::UntrustedCall(uint64_t untrusted_selector,
if (sgx_params->input_size > 0) {
// Allocate and copy data to |input_buffer|.
sgx_params->input = untrusted_cache->Malloc(sgx_params->input_size);
if (!TrustedPrimitives::IsOutsideEnclave(sgx_params->input,
sgx_params->input_size)) {
const void *input_pointer = sgx_params->input;
uint64_t input_size = sgx_params->input_size;
if (!TrustedPrimitives::IsOutsideEnclave(input_pointer, input_size)) {
TrustedPrimitives::BestEffortAbort(
"UntrustedCall: sgx_param input should be in untrusted memory");
}
input->Serialize(const_cast<void *>(sgx_params->input));
input->Serialize(const_cast<void *>(input_pointer));
}
}
sgx_params->output_size = 0;
Expand Down

0 comments on commit ecfcd00

Please sign in to comment.