Open yyyledu opened 7 years ago
In call.c, optee_open_session(), the destination uuid in arg->uuid is being copied twice instead of copying the arg->clnt_uuid field.
Indeed, looks like a bug to me.
Note, in optee_client/libteec/src/tee_client_api.c TEEC_OpenSession() clnt_uuid is not being initialized.
Well it is set to zero which is OK at least for the TEEC_LOGIN_PUBLIC
connection method.
Now I'm a bit confused about this clnt_id
parameter, it looks like it was meant to be used with connection methods != TEEC_LOGIN_PUBLIC
(see here: https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/tee/entry_std.c#L200-L206). But,TEEC_OpenSession()
does not take a UUID, it takes an opaque (implementation-dependent) pointer. Since our implementation of TEEC_OpenSession()
does not do anything to encode the clnt_id
value from the const void *connection_data
parameter, I think it should reject connection_method
values other than TEEC_LOGIN_PUBLIC
.
Yes, it's a bug.
I agree that we should reject connection_method
values other than TEEC_LOGIN_PUBLIC
. But the question is when and where. Always In the framework or only if TEE_GEN_CAP_GP
is set or only inside the OP-TEE driver?
In call.c, optee_open_session(), the destination uuid in arg->uuid is being copied twice instead of copying the arg->clnt_uuid field.
Note, in optee_client/libteec/src/tee_client_api.c TEEC_OpenSession() clnt_uuid is not being initialized.