TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_examples.git / 80344571a86de1ecb76abc32a032ce9374d35f3d^! / .
commit80344571a86de1ecb76abc32a032ce9374d35f3d[log] [tgz]
authorRahul Dhobi <rdhobi@slscorp.com>Tue Aug 07 11:37:07 2018 +0530
committerIgor Opaniuk <igor.opaniuk@linaro.org>Mon Aug 20 13:41:26 2018 +0300
tree1b18833a934c63ee481f885402f77af790005813
parent9396d279b0c112a0bb2b83cc53ee95fac6ef626c [diff]
secure_storage: do not store object ID in shared memory

The object_id in create/open/rename functions is not allowed to reside in the
shared memory according to [1].

Fixes: https://github.com/linaro-swg/optee_examples/issues/29
Link: [1] https://github.com/OP-TEE/optee_os/commit/e091b079
Link: [2] https://github.com/OP-TEE/optee_test/commit/9811a80d

Signed-off-by: Rahul Dhobi <rdhobi@slscorp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

diff --git a/secure_storage/ta/secure_storage_ta.c b/secure_storage/ta/secure_storage_ta.c
index b038a9d..d120e47 100644
--- a/secure_storage/ta/secure_storage_ta.c
+++ b/secure_storage/ta/secure_storage_ta.c

@@ -47,8 +47,12 @@
 	if (param_types != exp_param_types)
 		return TEE_ERROR_BAD_PARAMETERS;
 
-	obj_id = (char *)params[0].memref.buffer;
 	obj_id_sz = params[0].memref.size;
+	obj_id = TEE_Malloc(obj_id_sz, 0);
+	if (!obj_id)
+		return TEE_ERROR_OUT_OF_MEMORY;
+
+	TEE_MemMove(obj_id, params[0].memref.buffer, obj_id_sz);
 
 	/*
 	 * Check object exists and delete it
@@ -60,10 +64,12 @@
 					&object);
 	if (res != TEE_SUCCESS) {
 		EMSG("Failed to open persistent object, res=0x%08x", res);
+		TEE_Free(obj_id);
 		return res;
 	}
 
 	TEE_CloseAndDeletePersistentObject1(object);
+	TEE_Free(obj_id);
 
 	return res;
 }
@@ -89,8 +95,12 @@
 	if (param_types != exp_param_types)
 		return TEE_ERROR_BAD_PARAMETERS;
 
-	obj_id = (char *)params[0].memref.buffer;
 	obj_id_sz = params[0].memref.size;
+	obj_id = TEE_Malloc(obj_id_sz, 0);
+	if (!obj_id)
+		return TEE_ERROR_OUT_OF_MEMORY;
+
+	TEE_MemMove(obj_id, params[0].memref.buffer, obj_id_sz);
 
 	data = (char *)params[1].memref.buffer;
 	data_sz = params[1].memref.size;
@@ -111,6 +121,7 @@
 					&object);
 	if (res != TEE_SUCCESS) {
 		EMSG("TEE_CreatePersistentObject failed 0x%08x", res);
+		TEE_Free(obj_id);
 		return res;
 	}
 
@@ -121,6 +132,7 @@
 	} else {
 		TEE_CloseObject(object);
 	}
+	TEE_Free(obj_id);
 	return res;
 }
 
@@ -146,8 +158,12 @@
 	if (param_types != exp_param_types)
 		return TEE_ERROR_BAD_PARAMETERS;
 
-	obj_id = (char *)params[0].memref.buffer;
 	obj_id_sz = params[0].memref.size;
+	obj_id = TEE_Malloc(obj_id_sz, 0);
+	if (!obj_id)
+		return TEE_ERROR_OUT_OF_MEMORY;
+
+	TEE_MemMove(obj_id, params[0].memref.buffer, obj_id_sz);
 
 	data = (char *)params[1].memref.buffer;
 	data_sz = params[1].memref.size;
@@ -163,6 +179,7 @@
 					&object);
 	if (res != TEE_SUCCESS) {
 		EMSG("Failed to open persistent object, res=0x%08x", res);
+		TEE_Free(obj_id);
 		return res;
 	}
 
@@ -194,6 +211,7 @@
 	params[1].memref.size = read_bytes;
 exit:
 	TEE_CloseObject(object);
+	TEE_Free(obj_id);
 	return res;
 }