SSL session is leaked

[jmp0x7c00]

the variable ssl_session_outside is a pointer that holds an untrusted address (outside enclave)

TaLoS/src/talos/patch/ssl_lib.c.patch

Line 1187 in 052a93d

+ ocall_malloc((void**)&ssl_session_outside, sizeof(*ssl_session_outside));

the enclave code copies SSL session to the untrusted target buffer by memcpy, which results in privacy leakage.

TaLoS/src/talos/patch/ssl_lib.c.patch

Line 1190 in 052a93d

+ memcpy(ssl_session_outside, ssl->session, sizeof(*ssl_session_outside));