Skip to content

Cleanup rcl_get_secure_root() implementation. #762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hidmic merged 2 commits into from
Aug 25, 2020
Merged

Cleanup rcl_get_secure_root() implementation. #762

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f9aa4e9
Cleanup rcl_get_secure_root() implementation.
hidmic Aug 25, 2020
cf7877e
Address peer review comments.
hidmic Aug 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 24 additions & 19 deletions rcl/src/rcl/security.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,36 +132,35 @@ char * rcl_get_secure_root(
const char * name,
const rcl_allocator_t * allocator)
{
bool ros_secure_enclave_override = true;
RCL_CHECK_ARGUMENT_FOR_NULL(name, NULL);
RCL_CHECK_ALLOCATOR_WITH_MSG(allocator, "allocator is invalid", return NULL);

// find out if either of the configuration environment variables are set
const char * env_buf = NULL;
if (NULL == name) {
return NULL;
}
const char * get_env_error_str = NULL;

// check if enclave override environment variable is empty
get_env_error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf);
const char * get_env_error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf);
if (NULL != get_env_error_str) {
RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", get_env_error_str);
return NULL;
}
if (!env_buf) {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"rcutils_get_env failed: %s", get_env_error_str);
return NULL;
}
if (0 == strcmp("", env_buf)) {
ros_secure_enclave_override = false;

char * ros_secure_enclave_override_env = NULL;
if (0 != strcmp("", env_buf)) {
ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator);
if (NULL == ros_secure_enclave_override_env) {
RCL_SET_ERROR_MSG("failed to duplicate enclave override string");
return NULL;
}
}
char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator);

// check if keystore environment variable is empty
env_buf = NULL;
get_env_error_str = rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf);
if (NULL != get_env_error_str) {
RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", get_env_error_str);
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
return NULL;
}
if (!env_buf) {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"rcutils_get_env failed: %s", get_env_error_str);
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
return NULL;
}
Expand All @@ -170,10 +169,15 @@ char * rcl_get_secure_root(
return NULL; // environment variable was empty
}
char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator);
if (NULL == ros_secure_keystore_env) {
RCL_SET_ERROR_MSG("failed to duplicate enclave override string");
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
return NULL;
}

// given usable environment variables, overwrite with next lookup
char * secure_root = NULL;
if (ros_secure_enclave_override) {
if (NULL != ros_secure_enclave_override_env) {
secure_root = exact_match_lookup(
ros_secure_enclave_override_env,
ros_secure_keystore_env,
Expand All @@ -200,6 +204,7 @@ char * rcl_get_secure_root(
allocator->deallocate(secure_root, allocator->state);
return NULL;
}
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
allocator->deallocate(ros_secure_keystore_env, allocator->state);
return secure_root;
}