leak information due to uninitializatized memory #8
Description
Hi,sir,
I think there is a security issue here,could you help me confirm it?
in sqlite.c:
if( m!=0 ){
struct stat statbuf; // statbuf is not initializatized,which may exist some sensitive data
if( osFstat(fd, &statbuf)==0 // when osFstat is invoked , the ocall ocall_stat will be invoked later
&& statbuf.st_size==0
&& (statbuf.st_mode&0777)!=m
){
osFchmod(fd, m);
}
}
in edl:
int ocall_stat([in, string] const char *path, [in, out, size=size] struct stat *buf, size_t size); , because buf is in, the original data in buf will be copied out of the Enclave , which leads to an information leakage.
solution:
memset statbuf to zero before invoke osFstat or remove in flag in edl