fix(c): check for null pointers

geonnave · Feb 7, 2024 · c561bfc · c561bfc
1 parent 626af3d
commit c561bfc
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/examples/lakers-c-native/main.c b/examples/lakers-c-native/main.c
@@ -173,7 +173,7 @@ int main(void)
     }
 #endif
     EdhocInitiatorProcessedM2C initiator_processed_m2;
-    initiator_verify_message_2(&initiator_processing_m2, &I, cred_i, fetched_cred_r, &initiator_processed_m2);
+    res = initiator_verify_message_2(&initiator_processing_m2, &I, cred_i, fetched_cred_r, &initiator_processed_m2);
     if (res != 0) {
         printf("Error verify msg2: %d\n", res);
         return 1;

diff --git a/lakers-c/src/initiator.rs b/lakers-c/src/initiator.rs
@@ -66,6 +66,10 @@ pub unsafe extern "C" fn initiator_prepare_message_1(
     initiator_c_out: *mut EdhocInitiatorWaitM2C,
     message_1: *mut EdhocMessageBuffer,
 ) -> i8 {
+    if initiator_c_out.is_null() || message_1.is_null() {
+        return -1;
+    }
+
     let state = core::ptr::read(&(*initiator_c).state);
 
     let c_i = if c_i.is_null() {
@@ -105,6 +109,17 @@ pub unsafe extern "C" fn initiator_parse_message_2(
     valid_cred_r_out: *mut CredentialRPK,
     ead_2_c_out: *mut EADItemC,
 ) -> i8 {
+    // this is a parsing function, so all output parameters are mandatory
+    if initiator_c.is_null()
+        || message_2.is_null()
+        || initiator_c_out.is_null()
+        || c_r_out.is_null()
+        || valid_cred_r_out.is_null()
+        || ead_2_c_out.is_null()
+    {
+        return -1;
+    }
+
     // manually take `state` because Rust cannot move out of a dereferenced raw pointer directly
     // raw pointers do not have ownership information, requiring manual handling of the data
     let state = core::ptr::read(&(*initiator_c).state);
@@ -145,6 +160,10 @@ pub unsafe extern "C" fn initiator_verify_message_2(
     // output params
     initiator_c_out: *mut EdhocInitiatorProcessedM2C,
 ) -> i8 {
+    if initiator_c.is_null() || i.is_null() || initiator_c_out.is_null() {
+        return -1;
+    }
+
     let state = core::ptr::read(&(*initiator_c).state).to_rust();
 
     match i_verify_message_2(state, &mut default_crypto(), valid_cred_r, &(*i)) {
@@ -167,6 +186,14 @@ pub unsafe extern "C" fn initiator_prepare_message_3(
     message_3: *mut EdhocMessageBuffer,
     prk_out_c: *mut [u8; SHA256_DIGEST_LEN],
 ) -> i8 {
+    if initiator_c.is_null()
+        || initiator_c_out.is_null()
+        || message_3.is_null()
+        || prk_out_c.is_null()
+    {
+        return -1;
+    }
+
     let mut state = core::ptr::read(&(*initiator_c).state);
 
     let ead_3 = if ead_3_c.is_null() {
@@ -199,6 +226,10 @@ pub unsafe extern "C" fn initiator_compute_ephemeral_secret(
     g_a: *const BytesP256ElemLen,
     secret_c_out: *mut BytesP256ElemLen,
 ) -> i8 {
+    if initiator_c.is_null() || g_a.is_null() || secret_c_out.is_null() {
+        return -1;
+    }
+
     let state = core::ptr::read(&(*initiator_c).state);
 
     let secret = default_crypto().p256_ecdh(&state.x, &(*g_a));

diff --git a/lakers-c/src/lib.rs b/lakers-c/src/lib.rs
@@ -81,6 +81,10 @@ impl ProcessingM2C {
 
     /// note that it is a shallow copy (ead_2 is handled separately by the caller)
     pub unsafe fn copy_into_c(processing_m2: ProcessingM2, processing_m2_c: *mut ProcessingM2C) {
+        if processing_m2_c.is_null() {
+            panic!("processing_m2_c is null");
+        }
+
         (*processing_m2_c).mac_2 = processing_m2.mac_2;
         (*processing_m2_c).prk_2e = processing_m2.prk_2e;
         (*processing_m2_c).th_2 = processing_m2.th_2;