Skip to content

Commit 0711b3c

Browse files
TonyCode2012TonyCode2012
authored
Fix stack overflow bug (crustio#232)
1 parent fbf6758 commit 0711b3c

File tree

9 files changed

+415
-76
lines changed

9 files changed

+415
-76
lines changed

src/enclave/identity/Identity.cpp

Lines changed: 104 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -748,7 +748,7 @@ void id_get_metadata(json::JSON &meta_json, bool locked /*=true*/)
748748
meta_json = json::JSON();
749749
goto cleanup;
750750
}
751-
meta_json = json::JSON::Load(std::string(reinterpret_cast<char*>(p_data + strlen(TEE_PRIVATE_TAG)), data_len));
751+
meta_json = json::JSON::Load(p_data + strlen(TEE_PRIVATE_TAG), data_len);
752752
if (meta_json.size() == 0)
753753
{
754754
goto cleanup;
@@ -905,28 +905,116 @@ crust_status_t id_store_metadata()
905905
crust_status_t crust_status = CRUST_SUCCESS;
906906
std::string hex_id_key_str = hexstring_safe(&id_key_pair, sizeof(id_key_pair));
907907

908+
// Calculate metadata volumn
909+
size_t meta_len = 0;
910+
for (auto it : wl->srd_path2hashs_m)
911+
{
912+
meta_len += it.second.size() * (64 + 3);
913+
}
914+
meta_len += wl->srd_path2hashs_m.size() * (128 + 4);
915+
meta_len += strlen(TEE_PRIVATE_TAG) + 5
916+
+ strlen(ID_WORKLOAD) + 5
917+
+ strlen(ID_KEY_PAIR) + 5
918+
+ strlen(ID_REPORT_SLOT) + 5
919+
+ strlen(ID_CHAIN_ACCOUNT_ID) + 5
920+
+ strlen(ID_FILE) + 5;
921+
size_t file_item_len = strlen(FILE_HASH) + 3 + 64 + 3
922+
+ strlen(FILE_OLD_HASH) + 3 + 64 + 3
923+
+ strlen(FILE_SIZE) + 3 + 14 + 1
924+
+ strlen(FILE_OLD_SIZE) + 3 + 14 + 1
925+
+ strlen(FILE_BLOCK_NUM) + 3 + 14 + 4
926+
+ strlen(FILE_STATUS) + 16 + 4
927+
+ 2;
928+
meta_len += wl->checked_files.size() * file_item_len;
929+
uint8_t *meta_buf = (uint8_t *)enc_malloc(meta_len);
930+
if (meta_buf == NULL)
931+
{
932+
return CRUST_MALLOC_FAILED;
933+
}
934+
memset(meta_buf, 0, meta_len);
935+
size_t offset = 0;
936+
908937
// ----- Store metadata ----- //
909-
std::string meta_str(TEE_PRIVATE_TAG);
910-
meta_str.append("{");
938+
memcpy(meta_buf, TEE_PRIVATE_TAG, strlen(TEE_PRIVATE_TAG));
939+
offset += strlen(TEE_PRIVATE_TAG);
940+
memcpy(meta_buf + offset, "{", 1);
941+
offset += 1;
911942
// Append srd
912-
meta_str.append("\"").append(ID_WORKLOAD).append("\":");
913-
wl->serialize_srd(meta_str);
914-
meta_str.append(",");
943+
std::string wl_title;
944+
wl_title.append("\"").append(ID_WORKLOAD).append("\":{");
945+
memcpy(meta_buf + offset, wl_title.c_str(), wl_title.size());
946+
offset += wl_title.size();
947+
size_t i = 0;
948+
for (auto it = wl->srd_path2hashs_m.begin(); it != wl->srd_path2hashs_m.end(); it++, i++)
949+
{
950+
std::string path_title;
951+
path_title.append("\"").append(it->first).append("\":[");
952+
memcpy(meta_buf + offset, path_title.c_str(), path_title.size());
953+
offset += path_title.size();
954+
for (size_t j = 0; j < it->second.size(); j++)
955+
{
956+
std::string hash_str;
957+
hash_str.append("\"").append(hexstring_safe(it->second[j], HASH_LENGTH)).append("\"");
958+
memcpy(meta_buf + offset, hash_str.c_str(), hash_str.size());
959+
offset += hash_str.size();
960+
if (j != it->second.size() - 1)
961+
{
962+
memcpy(meta_buf + offset, ",", 1);
963+
offset += 1;
964+
}
965+
}
966+
memcpy(meta_buf + offset, "]", 1);
967+
offset += 1;
968+
if (i != wl->srd_path2hashs_m.size() - 1)
969+
{
970+
memcpy(meta_buf + offset, ",", 1);
971+
offset += 1;
972+
}
973+
}
974+
memcpy(meta_buf + offset, "},", 2);
975+
offset += 2;
915976
// Append id key pair
916-
meta_str.append("\"").append(ID_KEY_PAIR).append("\":")
977+
std::string key_pair_str;
978+
key_pair_str.append("\"").append(ID_KEY_PAIR).append("\":")
917979
.append("\"").append(hex_id_key_str).append("\",");
980+
memcpy(meta_buf + offset, key_pair_str.c_str(), key_pair_str.size());
981+
offset += key_pair_str.size();
918982
// Append report slot
919-
meta_str.append("\"").append(ID_REPORT_SLOT).append("\":")
983+
std::string report_slot_str;
984+
report_slot_str.append("\"").append(ID_REPORT_SLOT).append("\":")
920985
.append("\"").append(std::to_string(report_slot)).append("\",");
986+
memcpy(meta_buf + offset, report_slot_str.c_str(), report_slot_str.size());
987+
offset += report_slot_str.size();
921988
// Append chain account id
922-
meta_str.append("\"").append(ID_CHAIN_ACCOUNT_ID).append("\":")
989+
std::string account_id_str;
990+
account_id_str.append("\"").append(ID_CHAIN_ACCOUNT_ID).append("\":")
923991
.append("\"").append(g_chain_account_id).append("\",");
992+
memcpy(meta_buf + offset, account_id_str.c_str(), account_id_str.size());
993+
offset += account_id_str.size();
924994
// Append files
925-
meta_str.append("\"").append(ID_FILE).append("\":");
926-
wl->serialize_file(meta_str);
927-
meta_str.append("}");
995+
std::string file_title;
996+
file_title.append("\"").append(ID_FILE).append("\":[");
997+
memcpy(meta_buf + offset, file_title.c_str(), file_title.size());
998+
offset += file_title.size();
999+
for (size_t i = 0; i < wl->checked_files.size(); i++)
1000+
{
1001+
std::string file_str = wl->checked_files[i].dump();
1002+
remove_char(file_str, '\n');
1003+
remove_char(file_str, '\\');
1004+
remove_char(file_str, ' ');
1005+
memcpy(meta_buf + offset, file_str.c_str(), file_str.size());
1006+
offset += file_str.size();
1007+
if (i != wl->checked_files.size() - 1)
1008+
{
1009+
memcpy(meta_buf + offset, ",", 1);
1010+
offset += 1;
1011+
}
1012+
}
1013+
memcpy(meta_buf + offset, "]}", 2);
1014+
offset += 2;
9281015

929-
crust_status = persist_set(ID_METADATA, reinterpret_cast<const uint8_t *>(meta_str.c_str()), meta_str.size());
1016+
crust_status = persist_set(ID_METADATA, meta_buf, offset);
1017+
free(meta_buf);
9301018

9311019
sgx_thread_mutex_unlock(&g_metadata_mutex);
9321020

@@ -968,14 +1056,13 @@ crust_status_t id_restore_metadata()
9681056
log_warn("Wait for srd info, code:%lx\n", crust_status);
9691057
}
9701058
// Restore meaningful files
971-
wl->checked_files.clear();
9721059
if (meta_json.hasKey(ID_FILE)
9731060
&& meta_json[ID_FILE].JSONType() == json::JSON::Class::Array)
9741061
{
975-
json::JSON m_files = meta_json[ID_FILE];
976-
for (int i = 0; i < m_files.size(); i++)
1062+
wl->checked_files.resize(meta_json[ID_FILE].size());
1063+
for (int i = 0; i < meta_json[ID_FILE].size(); i++)
9771064
{
978-
wl->checked_files.push_back(m_files[i]);
1065+
wl->checked_files[i] = meta_json[ID_FILE][i];
9791066
}
9801067
}
9811068
// Restore id key pair

src/enclave/report/Report.cpp

Lines changed: 7 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,6 @@ crust_status_t get_signed_work_report(const char *block_hash, size_t block_heigh
7373
}
7474
id_set_report_slot((block_height - 1)/ERA_LENGTH + 1);
7575

76-
7776
Workload *wl = Workload::get_instance();
7877
// The first report after restart will not be processed
7978
if (id_just_after_restart())
@@ -95,41 +94,11 @@ crust_status_t get_signed_work_report(const char *block_hash, size_t block_heigh
9594
sgx_status_t sgx_status;
9695
// ----- Get srd info ----- //
9796
sgx_thread_mutex_lock(&g_srd_mutex);
98-
size_t srd_workload;
99-
sgx_sha256_hash_t srd_root;
100-
// Get hashs for hashing
101-
size_t g_hashs_num = 0;
97+
size_t srd_workload = 0;
10298
for (auto it : wl->srd_path2hashs_m)
10399
{
104-
g_hashs_num += it.second.size();
105-
}
106-
uint8_t *hashs = (uint8_t *)enc_malloc(g_hashs_num * HASH_LENGTH);
107-
if (hashs == NULL)
108-
{
109-
log_err("Malloc memory failed!\n");
110-
return CRUST_MALLOC_FAILED;
100+
srd_workload += it.second.size() * 1024 * 1024 * 1024;
111101
}
112-
size_t hashs_len = 0;
113-
for (auto it : wl->srd_path2hashs_m)
114-
{
115-
for (auto g_hash : it.second)
116-
{
117-
memcpy(hashs + hashs_len, g_hash, HASH_LENGTH);
118-
hashs_len += HASH_LENGTH;
119-
}
120-
}
121-
// Generate srd information
122-
if (hashs_len == 0)
123-
{
124-
srd_workload = 0;
125-
memset(srd_root, 0, HASH_LENGTH);
126-
}
127-
else
128-
{
129-
srd_workload = (hashs_len / HASH_LENGTH) * 1024 * 1024 * 1024;
130-
sgx_sha256_msg(hashs, (uint32_t)hashs_len, &srd_root);
131-
}
132-
free(hashs);
133102
sgx_thread_mutex_unlock(&g_srd_mutex);
134103

135104
// ----- Get files info ----- //
@@ -142,14 +111,14 @@ crust_status_t get_signed_work_report(const char *block_hash, size_t block_heigh
142111
continue;
143112
}
144113

114+
if (old_files.size() != 1)
115+
{
116+
old_files.append(",");
117+
}
145118
old_files.append("{\"").append(FILE_HASH).append("\":")
146119
.append("\"").append(wl->checked_files[i][FILE_OLD_HASH].ToString()).append("\",");
147120
old_files.append("\"").append(FILE_SIZE).append("\":")
148121
.append(std::to_string(wl->checked_files[i][FILE_OLD_SIZE].ToInt())).append("}");
149-
if (i != wl->checked_files.size() - 1)
150-
{
151-
old_files.append(",");
152-
}
153122
}
154123
sgx_thread_mutex_unlock(&g_checked_files_mutex);
155124
old_files.append("]");
@@ -225,7 +194,7 @@ crust_status_t get_signed_work_report(const char *block_hash, size_t block_heigh
225194
wr_str.append("\"").append(WORKREPORT_SIG).append("\":")
226195
.append("\"").append(hexstring_safe(&sgx_sig, sizeof(sgx_ec256_signature_t))).append("\"");
227196
wr_str.append("}");
228-
store_large_data(wr_str, ocall_store_workreport, wl->ocall_wr_mutex);
197+
store_large_data(reinterpret_cast<const uint8_t *>(wr_str.c_str()), wr_str.size(), ocall_store_workreport, wl->ocall_wr_mutex);
229198

230199
// Reset meaningful data
231200
wl->set_report_flag(true);

0 commit comments

Comments
 (0)