Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-525h-wxcc-f66m
Signed-off-by: Ming-Wei Shih <mishih@microsoft.com>
  • Loading branch information
mingweishih committed Oct 12, 2020
1 parent 10186a4 commit bcac8e7
Show file tree
Hide file tree
Showing 12 changed files with 714 additions and 82 deletions.
12 changes: 5 additions & 7 deletions include/openenclave/edl/socket.edl
Expand Up @@ -18,8 +18,6 @@

enclave
{


// Headers needed for integral types
include "openenclave/corelibc/bits/types.h"
include "openenclave/bits/edl/syscall_types.h"
Expand Down Expand Up @@ -73,7 +71,7 @@ enclave

oe_host_fd_t oe_syscall_accept_ocall(
oe_host_fd_t sockfd,
[in, out, size=addrlen_in] struct oe_sockaddr* addr,
[out, size=addrlen_in] struct oe_sockaddr* addr,
oe_socklen_t addrlen_in,
[out, count=1] oe_socklen_t* addrlen_out)
propagate_errno;
Expand Down Expand Up @@ -117,7 +115,7 @@ enclave

ssize_t oe_syscall_recv_ocall(
oe_host_fd_t sockfd,
[in, out, size=len] void* buf,
[out, size=len] void* buf,
size_t len,
int flags)
propagate_errno;
Expand All @@ -127,7 +125,7 @@ enclave
[out, size=len] void* buf,
size_t len,
int flags,
[in, out, size=addrlen_in] struct oe_sockaddr* src_addr,
[out, size=addrlen_in] struct oe_sockaddr* src_addr,
oe_socklen_t addrlen_in,
[out, count=1] oe_socklen_t* addrlen_out)
propagate_errno;
Expand Down Expand Up @@ -186,14 +184,14 @@ enclave

int oe_syscall_getsockname_ocall(
oe_host_fd_t sockfd,
[in, out, size=addrlen_in] struct oe_sockaddr* addr,
[out, size=addrlen_in] struct oe_sockaddr* addr,
oe_socklen_t addrlen_in,
[out, size=1] oe_socklen_t* addrlen_out)
propagate_errno;

int oe_syscall_getpeername_ocall(
oe_host_fd_t sockfd,
[in, out, size=addrlen_in] struct oe_sockaddr* addr,
[out, size=addrlen_in] struct oe_sockaddr* addr,
oe_socklen_t addrlen_in,
[out, size=1] oe_socklen_t* addrlen_out)
propagate_errno;
Expand Down
2 changes: 1 addition & 1 deletion include/openenclave/internal/syscall/fd.h
Expand Up @@ -110,7 +110,7 @@ typedef struct _oe_socket_ops
void* buf,
size_t len,
int flags,
const struct oe_sockaddr* src_addr,
struct oe_sockaddr* src_addr,
oe_socklen_t* addrlen);

ssize_t (*sendmsg)(oe_fd_t* sock, const struct oe_msghdr* msg, int flags);
Expand Down
3 changes: 2 additions & 1 deletion include/openenclave/internal/syscall/iov.h
Expand Up @@ -15,7 +15,8 @@ int oe_iov_pack(
const struct oe_iovec* iov,
int iovcnt,
void** buf_out,
size_t* buf_size_out);
size_t* buf_size_out,
size_t* data_size_out);

int oe_iov_sync(
const struct oe_iovec* iov,
Expand Down
5 changes: 4 additions & 1 deletion include/openenclave/internal/syscall/sys/socket.h
Expand Up @@ -133,6 +133,9 @@ OE_EXTERNC_BEGIN
#define OE_SO_BSDCOMPAT 14
#define OE_SO_REUSEPORT 15

/* Socket message flags. */
#define OE_MSG_CTRUNC 0x0008

/* oe_shutdown() options. */
#define OE_SHUT_RD 0
#define OE_SHUT_WR 1
Expand Down Expand Up @@ -204,7 +207,7 @@ ssize_t oe_recvfrom(
void* buf,
size_t len,
int flags,
const struct oe_sockaddr* src_addr,
struct oe_sockaddr* src_addr,
oe_socklen_t* addrlen);

ssize_t oe_sendmsg(int sockfd, const struct oe_msghdr* buf, int flags);
Expand Down
88 changes: 84 additions & 4 deletions syscall/consolefs.c
Expand Up @@ -205,12 +205,30 @@ static ssize_t _consolefs_read(oe_fd_t* file_, void* buf, size_t count)
ssize_t ret = -1;
file_t* file = _cast_file(file_);

if (!file)
/*
* According to the POSIX specification, when the count is greater
* than SSIZE_MAX, the result is implementation-defined. OE raises an
* error in this case.
* Refer to
* https://pubs.opengroup.org/onlinepubs/9699919799/functions/read.html for
* for more detail.
*/
if (!file || count > OE_SSIZE_MAX)
OE_RAISE_ERRNO(OE_EINVAL);

if (oe_syscall_read_ocall(&ret, file->host_fd, buf, count) != OE_OK)
OE_RAISE_ERRNO(OE_EINVAL);

/*
* Guard the special case that a host sets an arbitrarily large value.
* The returned value should not exceed count.
*/
if (ret > (ssize_t)count)
{
ret = -1;
OE_RAISE_ERRNO(OE_EINVAL);
}

done:
return ret;
}
Expand All @@ -220,12 +238,30 @@ static ssize_t _consolefs_write(oe_fd_t* file_, const void* buf, size_t count)
ssize_t ret = -1;
file_t* file = _cast_file(file_);

if (!file)
/*
* According to the POSIX specification, when the count is greater
* than SSIZE_MAX, the result is implementation-defined. OE raises an
* error in this case.
* Refer to
* https://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html for
* for more detail.
*/
if (!file || count > OE_SSIZE_MAX)
OE_RAISE_ERRNO(OE_EINVAL);

if (oe_syscall_write_ocall(&ret, file->host_fd, buf, count) != OE_OK)
OE_RAISE_ERRNO(OE_EINVAL);

/*
* Guard the special case that a host sets an arbitrarily large value.
* The returned value should not exceed count.
*/
if (ret > (ssize_t)count)
{
ret = -1;
OE_RAISE_ERRNO(OE_EINVAL);
}

done:
return ret;
}
Expand All @@ -239,21 +275,43 @@ static ssize_t _consolefs_readv(
file_t* file = _cast_file(desc);
void* buf = NULL;
size_t buf_size = 0;
size_t data_size = 0;

if (!file || !iov || iovcnt < 0 || iovcnt > OE_IOV_MAX)
OE_RAISE_ERRNO(OE_EINVAL);

/* Flatten the IO vector into contiguous heap memory. */
if (oe_iov_pack(iov, iovcnt, &buf, &buf_size) != 0)
if (oe_iov_pack(iov, iovcnt, &buf, &buf_size, &data_size) != 0)
OE_RAISE_ERRNO(OE_ENOMEM);

/*
* According to the POSIX specification, when the data_size is greater
* than SSIZE_MAX, the result is implementation-defined. OE raises an
* error in this case.
* Refer to
* https://pubs.opengroup.org/onlinepubs/9699919799/functions/readv.html for
* for more detail.
*/
if (data_size > OE_SSIZE_MAX)
OE_RAISE_ERRNO(OE_EINVAL);

/* Call the host. */
if (oe_syscall_readv_ocall(&ret, file->host_fd, buf, iovcnt, buf_size) !=
OE_OK)
{
OE_RAISE_ERRNO(OE_EINVAL);
}

/*
* Guard the special case that a host sets an arbitrarily large value.
* The returned value should not exceed data_size.
*/
if (ret > (ssize_t)data_size)
{
ret = -1;
OE_RAISE_ERRNO(OE_EINVAL);
}

/* Synchronize data read with IO vector. */
if (oe_iov_sync(iov, iovcnt, buf, buf_size) != 0)
OE_RAISE_ERRNO(OE_EINVAL);
Expand All @@ -275,21 +333,43 @@ static ssize_t _consolefs_writev(
file_t* file = _cast_file(desc);
void* buf = NULL;
size_t buf_size = 0;
size_t data_size = 0;

if (!file || (!iov && iovcnt) || iovcnt < 0 || iovcnt > OE_IOV_MAX)
OE_RAISE_ERRNO(OE_EINVAL);

/* Flatten the IO vector into contiguous heap memory. */
if (oe_iov_pack(iov, iovcnt, &buf, &buf_size) != 0)
if (oe_iov_pack(iov, iovcnt, &buf, &buf_size, &data_size) != 0)
OE_RAISE_ERRNO(OE_ENOMEM);

/*
* According to the POSIX specification, when the data_size is greater
* than SSIZE_MAX, the result is implementation-defined. OE raises an
* error in this case.
* Refer to
* https://pubs.opengroup.org/onlinepubs/9699919799/functions/writev.html
* for more detail.
*/
if (data_size > OE_SSIZE_MAX)
OE_RAISE_ERRNO(OE_EINVAL);

/* Call the host. */
if (oe_syscall_writev_ocall(&ret, file->host_fd, buf, iovcnt, buf_size) !=
OE_OK)
{
OE_RAISE_ERRNO(OE_EINVAL);
}

/*
* Guard the special case that a host sets an arbitrarily large value.
* The returned value should not exceed data_size.
*/
if (ret > (ssize_t)data_size)
{
ret = -1;
OE_RAISE_ERRNO(OE_EINVAL);
}

done:

if (buf)
Expand Down

0 comments on commit bcac8e7

Please sign in to comment.