Bug: crash in `handle_output` for AES connections when `data_len` is zero

Question

Bug: crash in `handle_output` for AES connections when `data_len` is zero

Opened this issue 3 years ago · 0 comments

For some reason, calling an output of an AES connection passing empty data (i.e., setting data_len to zero) makes the TA crash.

What I would like to do is something like this:

SM_INPUT(button_pressed, data, data_len) {
    DMSG("Remote button has been pressed\n");

    // this is an AES connection
    OUTPUT(increment_presses, NULL, 0);
}

But this does not work. A workaround to this bug would be to pass fake data to the output like this:

SM_INPUT(button_pressed, data, data_len) {
    DMSG("Remote button has been pressed\n");

    // temporary: get around a bug
    unsigned char fake_data[2] = {1,2};

    // toggle LED
    OUTPUT(increment_presses, fake_data, 2);
}

However this is not really optimal. I think you should review the AES encryption part in the case where data is NULL and data_len is zero.

Also, you should add a check in handle_output to verify that if data is NULL then data_len must be zero. Otherwise you might have some other crashes in other parts of the code.