Fix TOCTOU pattern for string copy in ocalls

openenclave / oeedger8r-cpp

An implementation of oeedger8r in C++

MIT License

8 stars 13 forks source link

Fix TOCTOU pattern for string copy in ocalls #50

Closed mingweishih closed 3 years ago

mingweishih commented 3 years ago

The PR fixes TOCTOU pattern of checking the null terminator of a host controlled string before copying the string into an enclave. This fix is reverting the order of the checking and copying.

Signed-off-by: Ming-Wei Shih mishih@microsoft.com

BRMcLaren commented 3 years ago

/retest

BRMcLaren commented 3 years ago

/override pr-oeedger8r-cpp-windows-2019

oe-ci-robot commented 3 years ago

@BRMcLaren: Overrode contexts on behalf of BRMcLaren: pr-oeedger8r-cpp-windows-2019

In response to [this](https://github.com/openenclave/oeedger8r-cpp/pull/50#issuecomment-703149549): >/override pr-oeedger8r-cpp-windows-2019 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

anakrish commented 3 years ago

/lgtm

anakrish commented 3 years ago

/approve

oe-ci-robot commented 3 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anakrish, mingweishih

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openenclave/oeedger8r-cpp/blob/master/OWNERS)~~ [anakrish,mingweishih] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

BRMcLaren commented 3 years ago

/test all