Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault and PANIC inside LKL Enclave #732

Open
Arslan8 opened this issue Aug 6, 2020 · 2 comments
Open

Segfault and PANIC inside LKL Enclave #732

Arslan8 opened this issue Aug 6, 2020 · 2 comments
Assignees
@wintersteiger
Labels
p1 Medium priority security

Comments

@Arslan8
Copy link

Arslan8 commented Aug 6, 2020

Hi,
While doing genration based fuzzing on existing SGX programs, we found that SGX-LKL encalve does not do proper checking on the following fields:

  • #0 0x00007fe0005c93d2 in lkl_virtio_console_add (console=0x0)
  • args->shm->enc_dev_config
  • args->shm->timer_dev_mem
  • args->shm->virtio_blk_dev_mem
  • args->shm->virtio_blk_dev_names
  • args->shm->env
  • args->shm->virtio_swiotlb

The fuzzer works on the principle that arguments to enclave are coming from untrusted runtime and should be checked accordingly.
@Arslan8 Arslan8 changed the title Segfault and PANIC inside Kernel Segfault and PANIC inside LKL Enclave Aug 6, 2020
@github-actions github-actions bot added the needs-triage Bug does not yet have a priority assigned label Aug 6, 2020
@paulcallen paulcallen added p2 Important but non-urgent priority and removed p2 Important but non-urgent priority labels Aug 6, 2020
@wintersteiger wintersteiger self-assigned this Aug 7, 2020
This was referenced Aug 7, 2020
Open
Open
@bodzhang
Copy link
Contributor

bodzhang commented Aug 7, 2020

This issue has security implication. Proposed to assign P1.

@bodzhang bodzhang added p1 Medium priority security and removed needs-triage Bug does not yet have a priority assigned labels Aug 7, 2020
@douglasmaciver
Copy link
Collaborator

@Arslan8 Kudos to you and those involved. This is good work. Please keep it up.

@bodzhang bodzhang added the needs-triage Bug does not yet have a priority assigned label Aug 17, 2020
@bodzhang bodzhang removed the needs-triage Bug does not yet have a priority assigned label Aug 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wintersteiger wintersteiger

Labels
p1 Medium priority security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Arslan8 @wintersteiger @paulcallen @bodzhang @douglasmaciver