You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,sir,
I think there is a security issue here,could you help me confirm it?
in sqlite.c:
if( m!=0 ){
struct stat statbuf; // statbuf is not initializatized,which may exist some sensitive data
if( osFstat(fd, &statbuf)==0 // when osFstat is invoked , the ocall ocall_stat will be invoked later
&& statbuf.st_size==0
&& (statbuf.st_mode&0777)!=m
){
osFchmod(fd, m);
}
}
in edl: int ocall_stat([in, string] const char *path, [in, out, size=size] struct stat *buf, size_t size); , because buf is in, the original data in buf will be copied out of the Enclave , which leads to an information leakage.
solution:
memset statbuf to zero before invoke osFstat or remove in flag in edl
The text was updated successfully, but these errors were encountered:
Hi,sir,
I think there is a security issue here,could you help me confirm it?
in sqlite.c:
in edl:
int ocall_stat([in, string] const char *path, [in, out, size=size] struct stat *buf, size_t size);
, becausebuf
isin
, the original data inbuf
will be copied out of the Enclave , which leads to an information leakage.solution:
memset statbuf to zero before invoke
osFstat
or removein
flag in edlThe text was updated successfully, but these errors were encountered: