The result of malloc is not checked, which risks privacy leakage.

[jmp0x7c00]

data_to_store may be NULL but its value is not checked:

Fidelius/web_enclave/isv_enclave/isv_enclave.cpp

Line 1034 in ab0d846

uint8_t* data_to_store = (uint8_t*)malloc(len+1);

the content of data_to_store will be sealed, so it is sensitive:

Fidelius/web_enclave/isv_enclave/isv_enclave.cpp

Line 1044 in ab0d846

sgx_status_t ret = sgx_seal_data(

if data_to_store is NULL, the data it stores will be leaked by memcpy:

Fidelius/web_enclave/isv_enclave/isv_enclave.cpp

Line 1035 in ab0d846

memcpy(data_to_store, data_to_s.c_str(), len+1);