In kmstool-enclave-cli/main.c, if the call to decrypt() fails, the program proceeds to printf() the contents of ciphertext_decrypted_b64.buffer, which may be uninitialized. This sad path is triggered for example when KMS returns an HTTP code 400 (bad credentials, for instance).
This commit fixes this.
Issue #, if available:
Example of a buggy execution within an enclave:
[...]
Got non-200 answer from KMS: 400
[ 1039.835800] traps: kmstool_enclave[634] general protection ip:4ff0b0 sp:7fff80428c70 error:0 in kmstool_enclave_cli[400000+30a000]
/bin/bash: line 3: 634 Segmentation fault /kmstool_enclave_cli
Description of changes:
Bubble up error code of decrypt in kmstool-enclave-cli/main.c
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
In
kmstool-enclave-cli/main.c, if the call todecrypt()fails, the program proceeds to printf() the contents ofciphertext_decrypted_b64.buffer, which may be uninitialized. This sad path is triggered for example when KMS returns an HTTP code 400 (bad credentials, for instance).This commit fixes this.
Issue #, if available:
Example of a buggy execution within an enclave:
Description of changes:
Bubble up error code of
decryptinkmstool-enclave-cli/main.cBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.