general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check the buffer address before copy the data from the buffer

Browse Source 
This commit fixed an Occlum security issue. The researchers from KU
Leuven (Belgium) and the University of Birmingham (UK) found it and
reported it to Occlum team. Thank you, Jo Van Bulck, Frank Piessens,
Fritz Alder, David Oswald, Jesse Spielman and Sam Thomas.
This commit is contained in:
zongmin.gu 2021-11-25 17:36:23 +08:00 committed by Tate, Hongliang Tian
parent 580a981ee3
commit 36918e42bf
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/libos/src/util/mem_util.rs
View File

@ -48,9 +48,12 @@ pub mod from_user {
return_errno!(EINVAL, "NULL address is invalid");
}
// confirm that at least the fisrt byte of the string is from user
check_ptr(out_ptr)?;
let cstr = unsafe { CStr::from_ptr(out_ptr) };
let cstring = CString::from(cstr);
if !is_inside_user_space(out_ptr as *const u8, cstring.as_bytes().len()) {
if !is_inside_user_space(out_ptr as *const u8, cstring.as_bytes_with_nul().len()) {
return_errno!(EFAULT, "the whole buffer is not in the user space");
}
Ok(cstring)
@ -127,11 +130,14 @@ pub mod from_untrusted {
return_errno!(EINVAL, "NULL address is invalid");
}
// confirm that at least the fisrt byte of the string is out side of enclave
check_ptr(out_ptr)?;
let cstr = unsafe { CStr::from_ptr(out_ptr) };
let cstring = CString::from(cstr);
if !sgx_trts::trts::rsgx_raw_is_outside_enclave(
out_ptr as *const u8,
cstring.as_bytes().len(),
cstring.as_bytes_with_nul().len(),
) {
return_errno!(EFAULT, "the string is not outside enclave");
}