Skip to content

Commit

Permalink
tee-supplicant: Enforce paths bound limits
Browse files Browse the repository at this point in the history
Verify "ta-path" command line argument length and if snprintf()
concated path is too long, then print an error message and
terminate startup.

Signed-off-by: Tanel Dettenborn <[email protected]>
  • Loading branch information
Tanel Dettenborn committed Dec 6, 2023
1 parent a8381cf commit e220d04
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions tee-supplicant/src/tee_supplicant.c
Original file line number Diff line number Diff line change
Expand Up @@ -706,6 +706,7 @@ static void set_ta_path(void)
char *new_path = NULL;
size_t n = 0;
const char *path = supplicant_params.ta_load_path;
int path_len = -1;

if (!path)
path = TEEC_LOAD_PATH;
Expand Down Expand Up @@ -733,10 +734,17 @@ static void set_ta_path(void)
if (!supplicant_params.ta_load_path) {
char full_path[PATH_MAX] = { 0 };

snprintf(full_path, PATH_MAX, "%s/%s", new_path,
supplicant_params.ta_dir);
path_len = snprintf(full_path, PATH_MAX, "%s/%s", new_path,
supplicant_params.ta_dir);
if (path_len < 0 || path_len >= PATH_MAX)
goto err_path;

ta_path[n++] = strdup(full_path);
} else {
path_len = strnlen(new_path, PATH_MAX);
if (path_len >= PATH_MAX)
goto err_path;

ta_path[n++] = strdup(new_path);
}

Expand All @@ -749,6 +757,10 @@ static void set_ta_path(void)
err:
EMSG("out of memory");
exit(EXIT_FAILURE);

err_path:
EMSG("Path exceeds maximum path length");
exit(EXIT_FAILURE);
}

/*
Expand Down

0 comments on commit e220d04

Please sign in to comment.