From d621bd78115df6de487d345086d5a7fadf5cba0a Mon Sep 17 00:00:00 2001 From: Zhongjie Shi Date: Tue, 5 Mar 2024 04:59:42 +0800 Subject: [PATCH] rust: add bound check for imr_index when replay (#108) --- common/rust/cctrusted_base/src/eventlog.rs | 8 +++++++- vmsdk/rust/cctrusted_vm/src/tdvm.rs | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/common/rust/cctrusted_base/src/eventlog.rs b/common/rust/cctrusted_base/src/eventlog.rs index bca6b9be..994086a9 100644 --- a/common/rust/cctrusted_base/src/eventlog.rs +++ b/common/rust/cctrusted_base/src/eventlog.rs @@ -509,7 +509,10 @@ impl EventLogs { 1: { 12: }, ] */ - pub fn replay(eventlogs: Vec) -> Result, anyhow::Error> { + pub fn replay( + eventlogs: Vec, + imr_idx_max: u32, + ) -> Result, anyhow::Error> { let mut replay_results: Vec = Vec::new(); for event_log in eventlogs { @@ -519,6 +522,9 @@ impl EventLogs { continue; } let imr_index = tcg_imr_event.imr_index; + if imr_index > imr_idx_max { + return Err(anyhow!("imr_index {} out of range", imr_index)); + } for digest in tcg_imr_event.digests { let algo_id = digest.algo_id; let hash = digest.hash; diff --git a/vmsdk/rust/cctrusted_vm/src/tdvm.rs b/vmsdk/rust/cctrusted_vm/src/tdvm.rs index 07dd0619..3dad6b61 100644 --- a/vmsdk/rust/cctrusted_vm/src/tdvm.rs +++ b/vmsdk/rust/cctrusted_vm/src/tdvm.rs @@ -469,7 +469,7 @@ impl CVM for TdxVM { &self, eventlogs: Vec, ) -> Result, anyhow::Error> { - EventLogs::replay(eventlogs) + EventLogs::replay(eventlogs, TdxRTMR::max_index().into()) } // CVM trait function: retrive CVM type