search

openenclave / oeedger8r-cpp

An implementation of oeedger8r in C++
MIT License
8 stars 13 forks source link

Prevent struct members used by size/count attributes from being modified by the callee during deep copy #52

Closed mingweishih closed 4 years ago

mingweishih commented 4 years ago

This PR fixes a security issue that callee can set arbitrary value to the struct member used by size/count during the deepcopy. More specifically, now the generated code will not copy the struct member set by the callee to the caller if the member is used by size/count attributes.

Signed-off-by: Ming-Wei Shih mishih@microsoft.com

mingweishih commented 4 years ago

/retest

BRMcLaren commented 4 years ago

/retest

oe-ci-robot commented 4 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anakrish, mingweishih, radhikaj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openenclave/oeedger8r-cpp/blob/master/OWNERS)~~ [anakrish,mingweishih] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
mingweishih commented 4 years ago

LGTM.

If we can emit: out() << " uint64_t rhs_local_val = " << rhs_val << "; ". Then we can later use rhs_local_val safely without TOCTOU issues.

In addition to this, we would also need to update the psize() function so that the local variable will be used. I'll defer this to a follow-up PR.

anakrish commented 4 years ago

/merge

anakrish commented 4 years ago

/lgtm

BRMcLaren commented 4 years ago

@anakrish Good try. Each pr needs an /approve and a /lgtm.

It has the approval just needs a reviewer for the /lgtm

BRMcLaren commented 4 years ago

Oh Rhel...

Upgrading disk size to 200 gb

mingweishih commented 4 years ago

/lgtm

oe-ci-robot commented 4 years ago

@mingweishih: you cannot LGTM your own PR.

In response to [this](https://github.com/openenclave/oeedger8r-cpp/pull/52#issuecomment-705637202): >/lgtm Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
BRMcLaren commented 4 years ago

/retest

oe-ci-robot commented 4 years ago

@mingweishih: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pr-oeedger8r-cpp-windows-2016 9fbd332b1aeca41db9eeece8786fe4af315e6f8b link /test pr-oeedger8r-cpp-windows-2016
pr-oeedger8r-cpp-windows-2019 9fbd332b1aeca41db9eeece8786fe4af315e6f8b link /test pr-oeedger8r-cpp-windows-2019
pr-oeedger8r-cpp-rhel8-clang-8 9fbd332b1aeca41db9eeece8786fe4af315e6f8b link /test pr-oeedger8r-cpp-rhel8-clang-8

Full PR test history. Your PR dashboard. Please help us cut down on flakes by opening an issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
BRMcLaren commented 4 years ago

/override pr-oeedger8r-cpp-rhel8-clang-8-reldebinfo /override pr-oeedger8r-cpp-rhel8-clang-8-release /override pr-oeedger8r-cpp-rhel8-clang-8-debug

It's a DNS issue, I am working on scaling the prow backend up and it's causing failures. Overriding as we have tested the rhel use case on the original backend

oe-ci-robot commented 4 years ago

@BRMcLaren: Overrode contexts on behalf of BRMcLaren: pr-oeedger8r-cpp-rhel8-clang-8-debug, pr-oeedger8r-cpp-rhel8-clang-8-reldebinfo, pr-oeedger8r-cpp-rhel8-clang-8-release

In response to [this](https://github.com/openenclave/oeedger8r-cpp/pull/52#issuecomment-705645016): >/override pr-oeedger8r-cpp-rhel8-clang-8-reldebinfo >/override pr-oeedger8r-cpp-rhel8-clang-8-release >/override pr-oeedger8r-cpp-rhel8-clang-8-debug > >It's a DNS issue, I am working on scaling the prow backend up and it's causing failures. Overriding as we have tested the rhel use case on the original backend Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.