Memory Corruption Vulnerability in Enclave due to missing nullptr check

omec-project / c3po

C3PO repository packages the Home Subscription Service (HSS), Database, Charge Data Function (CDF), Charge Trigger Function (CTF), Policy Control Rules Function (PCRF) and Intel® SGX (SGX-DLR-IN, SGX Router, SGX-DLR-OUT), a set of three VNFs/Processes that enable protection of sensitive Call Data Records (CDR) for adds security and audit capabilities to billing and charging.

http://www.omecproject.org

Apache License 2.0

50 stars 31 forks source link

Memory Corruption Vulnerability in Enclave due to missing nullptr check #98

Closed Tcc100 closed 5 months ago

Tcc100 commented 2 years ago

The ssl_conn_handle ecalls do not check if connectionHandler is null causing exploitable nullptr dereferences in TLSConnectionHandler::handle.