Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tee_svc_cryp.c lacks accessibility checks on user-supplied TEE_Attributes #161

Closed
jforissier opened this issue Dec 12, 2014 · 0 comments · Fixed by #167
Closed

tee_svc_cryp.c lacks accessibility checks on user-supplied TEE_Attributes #161

jforissier opened this issue Dec 12, 2014 · 0 comments · Fixed by #167

Comments

@jforissier
Copy link
Contributor

The crypto services does not always properly check the parameters of type TEE_Attribute. For instance:

TEE_Result tee_svc_cryp_derive_key(uint32_t state, const TEE_Attribute *params,
                                   uint32_t param_count, uint32_t derived_key)
{
}

The memory range [params, params + param_count*sizeof(TEE_Attribute)] needs to be validated with tee_mmu_check_access_rights(). And, any attribute of type 'reference' within those parameters should be validated before access too.
jforissier added a commit to jforissier/optee_os that referenced this issue Dec 19, 2014
@jforissier
crypto API: make sure TEE_Attribute parameters are readable
fb19c84 
Fixes OP-TEE#161.

Services that take a TEE_Attribute array for input must check that the
memory is readable before using it. This is accomplished by
check_attr_read_access(), which is either called directly by the system
service or by tee_svc_cryp_check_attr(). Buffers pointed to by 'reference'
attributes are also validated.
Then, it is no longer necessary to check accessibility in other
functions such as tee_svc_cryp_obj_store_attr_raw().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
@jforissier jforissier mentioned this issue Dec 19, 2014
Merged
jforissier added a commit to jforissier/optee_os that referenced this issue Feb 12, 2015
@jforissier
crypto API: make sure TEE_Attribute parameters are readable
0ac7e7b 
Fixes OP-TEE#161.

Services that take a TEE_Attribute array for input must check that the
memory is readable before using it. This is accomplished by
check_attr_read_access(), which is either called directly by the system
service or by tee_svc_cryp_check_attr(). Buffers pointed to by 'reference'
attributes are also validated.
Then, it is no longer necessary to check accessibility in other
functions such as tee_svc_cryp_obj_store_attr_raw().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
jforissier added a commit to jforissier/optee_os that referenced this issue Feb 12, 2015
@jforissier
crypto API: make sure TEE_Attribute parameters are readable
c2e1a05 
Fixes OP-TEE#161.

Services that take a TEE_Attribute array for input must check that the
memory is readable before using it. This is accomplished by
check_attr_read_access(), which is either called directly by the system
service or by tee_svc_cryp_check_attr(). Buffers pointed to by 'reference'
attributes are also validated.
Then, it is no longer necessary to check accessibility in other
functions such as tee_svc_cryp_obj_store_attr_raw().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
@ghost ghost closed this as completed in #167 Feb 12, 2015
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crypto API: make sure TEE_Attribute parameters are readable jforissier/optee_os
1 participant
@jforissier