From c561bfc9df119cb0602856e9acf57a32a87d83e8 Mon Sep 17 00:00:00 2001 From: Geovane Fedrecheski Date: Wed, 7 Feb 2024 10:59:34 +0100 Subject: [PATCH] fix(c): check for null pointers --- examples/lakers-c-native/main.c | 2 +- lakers-c/src/initiator.rs | 31 +++++++++++++++++++++++++++++++ lakers-c/src/lib.rs | 4 ++++ 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/examples/lakers-c-native/main.c b/examples/lakers-c-native/main.c index 0e2e405d..075518c1 100644 --- a/examples/lakers-c-native/main.c +++ b/examples/lakers-c-native/main.c @@ -173,7 +173,7 @@ int main(void) } #endif EdhocInitiatorProcessedM2C initiator_processed_m2; - initiator_verify_message_2(&initiator_processing_m2, &I, cred_i, fetched_cred_r, &initiator_processed_m2); + res = initiator_verify_message_2(&initiator_processing_m2, &I, cred_i, fetched_cred_r, &initiator_processed_m2); if (res != 0) { printf("Error verify msg2: %d\n", res); return 1; diff --git a/lakers-c/src/initiator.rs b/lakers-c/src/initiator.rs index 8aa7d27a..8a416d6a 100644 --- a/lakers-c/src/initiator.rs +++ b/lakers-c/src/initiator.rs @@ -66,6 +66,10 @@ pub unsafe extern "C" fn initiator_prepare_message_1( initiator_c_out: *mut EdhocInitiatorWaitM2C, message_1: *mut EdhocMessageBuffer, ) -> i8 { + if initiator_c_out.is_null() || message_1.is_null() { + return -1; + } + let state = core::ptr::read(&(*initiator_c).state); let c_i = if c_i.is_null() { @@ -105,6 +109,17 @@ pub unsafe extern "C" fn initiator_parse_message_2( valid_cred_r_out: *mut CredentialRPK, ead_2_c_out: *mut EADItemC, ) -> i8 { + // this is a parsing function, so all output parameters are mandatory + if initiator_c.is_null() + || message_2.is_null() + || initiator_c_out.is_null() + || c_r_out.is_null() + || valid_cred_r_out.is_null() + || ead_2_c_out.is_null() + { + return -1; + } + // manually take `state` because Rust cannot move out of a dereferenced raw pointer directly // raw pointers do not have ownership information, requiring manual handling of the data let state = core::ptr::read(&(*initiator_c).state); @@ -145,6 +160,10 @@ pub unsafe extern "C" fn initiator_verify_message_2( // output params initiator_c_out: *mut EdhocInitiatorProcessedM2C, ) -> i8 { + if initiator_c.is_null() || i.is_null() || initiator_c_out.is_null() { + return -1; + } + let state = core::ptr::read(&(*initiator_c).state).to_rust(); match i_verify_message_2(state, &mut default_crypto(), valid_cred_r, &(*i)) { @@ -167,6 +186,14 @@ pub unsafe extern "C" fn initiator_prepare_message_3( message_3: *mut EdhocMessageBuffer, prk_out_c: *mut [u8; SHA256_DIGEST_LEN], ) -> i8 { + if initiator_c.is_null() + || initiator_c_out.is_null() + || message_3.is_null() + || prk_out_c.is_null() + { + return -1; + } + let mut state = core::ptr::read(&(*initiator_c).state); let ead_3 = if ead_3_c.is_null() { @@ -199,6 +226,10 @@ pub unsafe extern "C" fn initiator_compute_ephemeral_secret( g_a: *const BytesP256ElemLen, secret_c_out: *mut BytesP256ElemLen, ) -> i8 { + if initiator_c.is_null() || g_a.is_null() || secret_c_out.is_null() { + return -1; + } + let state = core::ptr::read(&(*initiator_c).state); let secret = default_crypto().p256_ecdh(&state.x, &(*g_a)); diff --git a/lakers-c/src/lib.rs b/lakers-c/src/lib.rs index def1f95e..f1640c86 100644 --- a/lakers-c/src/lib.rs +++ b/lakers-c/src/lib.rs @@ -81,6 +81,10 @@ impl ProcessingM2C { /// note that it is a shallow copy (ead_2 is handled separately by the caller) pub unsafe fn copy_into_c(processing_m2: ProcessingM2, processing_m2_c: *mut ProcessingM2C) { + if processing_m2_c.is_null() { + panic!("processing_m2_c is null"); + } + (*processing_m2_c).mac_2 = processing_m2.mac_2; (*processing_m2_c).prk_2e = processing_m2.prk_2e; (*processing_m2_c).th_2 = processing_m2.th_2;