Store untrusted output pointer in enclave

Validate the pointer after it's stored in enclave to avoid unexpected modifications after it's validated. PiperOrigin-RevId: 365648810 Change-Id: I3079128040c142e86bab8255b07d03562a6fcb61
google · Mar 29, 2021 · 53ed5d8 · 53ed5d8
1 parent e73373f
commit 53ed5d8
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/asylo/platform/primitives/sgx/trusted_sgx.cc b/asylo/platform/primitives/sgx/trusted_sgx.cc
@@ -306,15 +306,16 @@ PrimitiveStatus TrustedPrimitives::UntrustedCall(uint64_t untrusted_selector,
   if (sgx_params->input) {
     untrusted_cache->Free(const_cast<void *>(sgx_params->input));
   }
-  if (!TrustedPrimitives::IsOutsideEnclave(sgx_params->output,
-                                           sgx_params->output_size)) {
+  const void *output_pointer = sgx_params->output;
+  uint64_t output_size = sgx_params->output_size;
+  if (!TrustedPrimitives::IsOutsideEnclave(output_pointer, output_size)) {
     TrustedPrimitives::BestEffortAbort(
         "UntrustedCall: sgx_param output should be in untrusted memory");
   }
   if (sgx_params->output) {
     // For the results obtained in |output_buffer|, copy them to |output|
     // before freeing the buffer.
-    output->Deserialize(sgx_params->output, sgx_params->output_size);
+    output->Deserialize(output_pointer, output_size);
     TrustedPrimitives::UntrustedLocalFree(sgx_params->output);
   }
   return PrimitiveStatus::OkStatus();