mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 15:13:56 +02:00
fix(teepot-tee-quote-verification-rs): memory leak
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
parent
9de56d3adb
commit
584223dc93
1 changed files with 14 additions and 16 deletions
|
@ -1,5 +1,5 @@
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
// Copyright (c) 2024 Matter Labs
|
// Copyright (c) 2024-2025 Matter Labs
|
||||||
|
|
||||||
// SPDX-License-Identifier: BSD-3-Clause
|
// SPDX-License-Identifier: BSD-3-Clause
|
||||||
/*
|
/*
|
||||||
|
@ -39,22 +39,14 @@
|
||||||
//! This is a safe wrapper for **sgx-dcap-quoteverify-sys**.
|
//! This is a safe wrapper for **sgx-dcap-quoteverify-sys**.
|
||||||
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use std::marker::PhantomData;
|
use std::{marker::PhantomData, mem, ops::Deref, slice};
|
||||||
use std::mem;
|
|
||||||
use std::ops::Deref;
|
|
||||||
use std::slice;
|
|
||||||
|
|
||||||
use intel_tee_quote_verification_sys as qvl_sys;
|
use intel_tee_quote_verification_sys as qvl_sys;
|
||||||
|
pub use qvl_sys::{
|
||||||
pub use qvl_sys::quote3_error_t;
|
quote3_error_t, sgx_ql_qe_report_info_t, sgx_ql_qv_result_t, sgx_ql_qv_supplemental_t,
|
||||||
pub use qvl_sys::sgx_ql_qe_report_info_t;
|
sgx_ql_qve_collateral_t, sgx_ql_request_policy_t, sgx_qv_path_type_t, tdx_ql_qve_collateral_t,
|
||||||
pub use qvl_sys::sgx_ql_qv_result_t;
|
tee_qv_free_collateral, tee_supp_data_descriptor_t,
|
||||||
pub use qvl_sys::sgx_ql_qv_supplemental_t;
|
};
|
||||||
pub use qvl_sys::sgx_ql_qve_collateral_t;
|
|
||||||
pub use qvl_sys::sgx_ql_request_policy_t;
|
|
||||||
pub use qvl_sys::sgx_qv_path_type_t;
|
|
||||||
pub use qvl_sys::tdx_ql_qve_collateral_t;
|
|
||||||
pub use qvl_sys::tee_supp_data_descriptor_t;
|
|
||||||
|
|
||||||
/// When the Quoting Verification Library is linked to a process, it needs to know the proper enclave loading policy.
|
/// When the Quoting Verification Library is linked to a process, it needs to know the proper enclave loading policy.
|
||||||
/// The library may be linked with a long lived process, such as a service, where it can load the enclaves and leave
|
/// The library may be linked with a long lived process, such as a service, where it can load the enclaves and leave
|
||||||
|
@ -447,7 +439,13 @@ pub fn tee_qv_get_collateral(quote: &[u8]) -> Result<Collateral, quote3_error_t>
|
||||||
);
|
);
|
||||||
// SAFETY: buf is not null, buf_len is not zero, and buf is aligned.
|
// SAFETY: buf is not null, buf_len is not zero, and buf is aligned.
|
||||||
let orig_collateral = &unsafe { *(buf as *const sgx_ql_qve_collateral_t) };
|
let orig_collateral = &unsafe { *(buf as *const sgx_ql_qve_collateral_t) };
|
||||||
Collateral::try_from(orig_collateral).map_err(|_| quote3_error_t::SGX_QL_ERROR_MAX)
|
let collateral =
|
||||||
|
Collateral::try_from(orig_collateral).map_err(|_| quote3_error_t::SGX_QL_ERROR_MAX);
|
||||||
|
|
||||||
|
match unsafe { tee_qv_free_collateral(buf) } {
|
||||||
|
quote3_error_t::SGX_QL_SUCCESS => collateral,
|
||||||
|
error_code => Err(error_code),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
error_code => Err(error_code),
|
error_code => Err(error_code),
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue