From 5da96cc41f6a1d07d5e12e8966c7a88c8f322068 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Tue, 29 Jul 2025 13:52:23 +0200 Subject: [PATCH 1/3] fix: potential buffer overflows --- .../src/secret_provider_agent.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c b/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c index 5ffb65e..0940067 100644 --- a/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c +++ b/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c @@ -93,10 +93,14 @@ char* get_secret_from_kbs_through_rats_tls(rats_tls_log_level_t log_level, } conf.log_level = log_level; - strcpy(conf.attester_type, attester_type); - strcpy(conf.verifier_type, verifier_type); - strcpy(conf.tls_type, tls_type); - strcpy(conf.crypto_type, crypto_type); + strncpy(conf.attester_type, attester_type, ENCLAVE_ATTESTER_TYPE_NAME_SIZE - 1); + conf.attester_type[ENCLAVE_ATTESTER_TYPE_NAME_SIZE - 1] = '\0'; + strncpy(conf.verifier_type, verifier_type, ENCLAVE_VERIFIER_TYPE_NAME_SIZE - 1); + conf.verifier_type[ENCLAVE_VERIFIER_TYPE_NAME_SIZE - 1] = '\0'; + strncpy(conf.tls_type, tls_type, TLS_TYPE_NAME_SIZE - 1); + conf.tls_type[TLS_TYPE_NAME_SIZE - 1] = '\0'; + strncpy(conf.crypto_type, crypto_type, CRYPTO_TYPE_NAME_SIZE - 1); + conf.crypto_type[CRYPTO_TYPE_NAME_SIZE - 1] = '\0'; conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; if (mutual) conf.flags |= RATS_TLS_CONF_FLAGS_MUTUAL; From 2cc7e8c5cdb36875e91ccf5a1f88c6b6fa4d0f43 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Tue, 29 Jul 2025 15:36:05 +0200 Subject: [PATCH 2/3] fix: improve conf validation --- .../src/secret_provider_agent.c | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c b/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c index 0940067..560ead2 100644 --- a/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c +++ b/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c @@ -72,6 +72,35 @@ char* get_secret_from_kbs_through_rats_tls(rats_tls_log_level_t log_level, char* ip, int port, bool appid_flag) { + + bool validation_error = false; + if (strlen(attester_type) >= ENCLAVE_ATTESTER_TYPE_NAME_SIZE) { + LOG_ERROR("attester_type exceeds maximum allowed size (%d)\n", + ENCLAVE_ATTESTER_TYPE_NAME_SIZE - 1); + validation_error = true; + } + + if (strlen(verifier_type) >= ENCLAVE_VERIFIER_TYPE_NAME_SIZE) { + LOG_ERROR("verifier_type exceeds maximum allowed size (%d)\n", + ENCLAVE_VERIFIER_TYPE_NAME_SIZE - 1); + validation_error = true; + } + + if (strlen(tls_type) >= TLS_TYPE_NAME_SIZE) { + LOG_ERROR("tls_type exceeds maximum allowed size (%d)\n", + TLS_TYPE_NAME_SIZE - 1); + validation_error = true; + } + + if (strlen(crypto_type) >= CRYPTO_TYPE_NAME_SIZE) { + LOG_ERROR("crypto_type exceeds maximum allowed size (%d)\n", + CRYPTO_TYPE_NAME_SIZE - 1); + validation_error = true; + } + + if (validation_error) { + return NULL; + } rats_tls_conf_t conf; memset(&conf, 0, sizeof(conf)); From 5393d91e592565a265f011edcb4912d6710d4e06 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Tue, 29 Jul 2025 17:14:57 +0200 Subject: [PATCH 3/3] fix: add checks against NULL values --- .../src/secret_provider_agent.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c b/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c index 560ead2..c268447 100644 --- a/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c +++ b/cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c @@ -74,26 +74,26 @@ char* get_secret_from_kbs_through_rats_tls(rats_tls_log_level_t log_level, bool appid_flag) { bool validation_error = false; - if (strlen(attester_type) >= ENCLAVE_ATTESTER_TYPE_NAME_SIZE) { - LOG_ERROR("attester_type exceeds maximum allowed size (%d)\n", + if (attester_type == NULL || strlen(attester_type) >= ENCLAVE_ATTESTER_TYPE_NAME_SIZE) { + LOG_ERROR("attester_type is NULL or exceeds maximum allowed size (%d)\n", ENCLAVE_ATTESTER_TYPE_NAME_SIZE - 1); validation_error = true; } - if (strlen(verifier_type) >= ENCLAVE_VERIFIER_TYPE_NAME_SIZE) { - LOG_ERROR("verifier_type exceeds maximum allowed size (%d)\n", + if (verifier_type == NULL || strlen(verifier_type) >= ENCLAVE_VERIFIER_TYPE_NAME_SIZE) { + LOG_ERROR("verifier_type is NULL or exceeds maximum allowed size (%d)\n", ENCLAVE_VERIFIER_TYPE_NAME_SIZE - 1); validation_error = true; } - if (strlen(tls_type) >= TLS_TYPE_NAME_SIZE) { - LOG_ERROR("tls_type exceeds maximum allowed size (%d)\n", + if (tls_type == NULL || strlen(tls_type) >= TLS_TYPE_NAME_SIZE) { + LOG_ERROR("tls_type is NULL or exceeds maximum allowed size (%d)\n", TLS_TYPE_NAME_SIZE - 1); validation_error = true; } - if (strlen(crypto_type) >= CRYPTO_TYPE_NAME_SIZE) { - LOG_ERROR("crypto_type exceeds maximum allowed size (%d)\n", + if (crypto_type == NULL || strlen(crypto_type) >= CRYPTO_TYPE_NAME_SIZE) { + LOG_ERROR("crypto_type is NULL or exceeds maximum allowed size (%d)\n", CRYPTO_TYPE_NAME_SIZE - 1); validation_error = true; }