Fix memory range check on ecall by achamayou · Pull Request #1553 · microsoft/CCF

achamayou · 2020-09-01T15:07:46Z

Adjustment to #1492, which introduced range checks that weren't quite right. We want to check that the entire buffer subject to user_check is strictly outside enclave memory (https://github.com/openenclave/openenclave/blob/b9ae53c1e580fd1af4760f914d53cba1650068ae/include/openenclave/enclave.h#L105) and fail if it's not.

Current code instead checks for strictly in-enclave buffers, and would therefore be satisfied by a partially in-enclave buffer.

Thank you to Zhaofeng Chen, Qinkun Bao, Mingshen Sun, and Kang Li from Baidu Security for spotting and reporting this issue.

ghost · 2020-09-01T15:15:28Z

fix_memory_check_on_ecall_args@12158 aka 20200901.12 vs master ewma over 50 builds from 11648 to 12155

Fix memory range check on ecall

595212c

achamayou requested a review from a team as a code owner September 1, 2020 15:07

ashamis approved these changes Sep 1, 2020

View reviewed changes

Merge branch 'master' into fix_memory_check_on_ecall_args

6bcbaa2

achamayou merged commit 5530f71 into microsoft:master Sep 1, 2020

Provide feedback