Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dcap-ql: Fix length validation logic for quote signatures #677

Closed
wants to merge 2 commits into from
Closed

dcap-ql: Fix length validation logic for quote signatures #677

wants to merge 2 commits into from

Conversation

mzohreva
Copy link
Contributor

@mzohreva mzohreva commented Jan 6, 2025

This should fix #676.

Taowyoo
Taowyoo previously approved these changes Jan 6, 2025
View reviewed changes
jethrogb
jethrogb requested changes Jan 7, 2025
View reviewed changes
Copy link
Member

@jethrogb jethrogb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trailing input data should not be silently ignored.

@Taowyoo Taowyoo self-requested a review January 11, 2025 01:21
jason-liang-vault
jason-liang-vault reviewed Jan 16, 2025
View reviewed changes
intel-sgx/dcap-ql/src/quote.rs
// `get_quote` C APIs allowing larger than necessary buffer to be
// allocated to hold the quote.
data = data.take_prefix(cmp::min(data.len(), sig_len))?;

Copy link

@jason-liang-vault jason-liang-vault Jan 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably can have a warning log here if data.len() > sig_len?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a better idea, see the new commit.

jethrogb
jethrogb reviewed Jan 18, 2025
View reviewed changes
intel-sgx/dcap-ql/src/quote.rs
/// Parses the `Quote` encoded in `quote`, verifies the signature within the
/// quote, and returns the parsed quote along with any trailing data that
/// was not part of the signature. It's up to the caller to decide what to
/// do with the trailing bytes.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This voluntary behavior is not acceptable - the API should such that it's difficult to misuse.

@mzohreva mzohreva closed this Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jason-liang-vault jason-liang-vault jason-liang-vault left review comments

@jethrogb jethrogb jethrogb requested changes

@raoulstrackx raoulstrackx Awaiting requested review from raoulstrackx

@Taowyoo Taowyoo Awaiting requested review from Taowyoo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

dcap-ql: should accept extra trailing data in quote
4 participants
@mzohreva @jethrogb @Taowyoo @jason-liang-vault