information leakage before seal in enclave code
jmp0x7c00 opened this issue · 0 comments
jmp0x7c00 commented
hi,sir
I think there is an information leakage here, could you help me confirm it?
in file web_enclave/isv_enclave/isv_enclave.cpp:
void js_save_items(CScriptVar *v, void *userdata)
{
std::string data_to_s = v->getParameter("data")->getString();
uint32_t len = data_to_s.length();
uint8_t* data_to_store = (uint8_t*)malloc(len+1);
memcpy(data_to_store, data_to_s.c_str(), len+1);
printf_enc("sealing data: %s\n", data_to_store); // =====>leak
uint32_t sealed_size = sgx_calc_sealed_data_size(4+origin.length(), len+1);
sgx_sealed_data_t* sealed_data = (sgx_sealed_data_t*) malloc(sealed_size);
uint8_t* ad = (uint8_t*)malloc(4+origin.length());
memcpy(ad, &revNum, 4);
memcpy(&ad[4], origin.c_str(), origin.length());
sgx_status_t ret = sgx_seal_data(
4+origin.length(),
ad,
len+1,
data_to_store,
sealed_size,
sealed_data);
the data_to_store is printed to terminal directly by invoking printf_enc()