Segfault and PANIC inside LKL Enclave
Arslan8 opened this issue · 2 comments
Arslan8 commented
Hi,
While doing genration based fuzzing on existing SGX programs, we found that SGX-LKL encalve does not do proper checking on the following fields:
- #0 0x00007fe0005c93d2 in lkl_virtio_console_add (console=0x0)
- args->shm->enc_dev_config
- args->shm->timer_dev_mem
- args->shm->virtio_blk_dev_mem
- args->shm->virtio_blk_dev_names
- args->shm->env
- args->shm->virtio_swiotlb
The fuzzer works on the principle that arguments to enclave are coming from untrusted runtime and should be checked accordingly.
bodzhang commented
This issue has security implication. Proposed to assign P1.
douglasmaciver commented
@Arslan8 Kudos to you and those involved. This is good work. Please keep it up.