TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-extras / dc44649ecf24ed55894e2b205690a93e013cf684^! / . / partitions / dice_protection_environment / dpe_cmd_decode.c
commitdc44649ecf24ed55894e2b205690a93e013cf684[log] [tgz]
authorMaulik Patel <maulik.patel@arm.com>Mon Mar 18 14:52:15 2024 +0000
committerMaulik Patel <maulik.patel@arm.com>Fri Apr 05 12:42:10 2024 +0100
tree450cdd7008703470b34bb33b524b5f674b7adf67
parent8c0c648c1c6ab1e216fd8ef0e8dc3e7cc334723e [diff] [blame]
DPE: Update DestroyContext decode handling

For DestroyContext commands, initialise optional
argument to default value and return INVALID_ARGUMENT
if any extra unsupported parameters are passed
as input arguments.

Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: If94b39bbfcd0d21270444b9260cb397528696557

diff --git a/partitions/dice_protection_environment/dpe_cmd_decode.c b/partitions/dice_protection_environment/dpe_cmd_decode.c
index b5c7dad..dca935b 100644
--- a/partitions/dice_protection_environment/dpe_cmd_decode.c
+++ b/partitions/dice_protection_environment/dpe_cmd_decode.c

@@ -319,19 +319,37 @@
     UsefulBufC out;
     int context_handle;
     bool destroy_recursively;
+    QCBORItem item;
+    uint16_t num_of_input_arguments, num_of_valid_arguments = 0;
+
+    /* Initialise optional parameters with their default value in case
+     * they are not encoded in the input command
+     */
+    destroy_recursively = false;
 
     /* Decode Destroy context command */
-    QCBORDecode_EnterMap(decode_ctx, NULL);
+    QCBORDecode_EnterMap(decode_ctx, &item);
+    qcbor_err = QCBORDecode_GetError(decode_ctx);
+    if ((qcbor_err != QCBOR_SUCCESS) ||
+        (item.uDataType != QCBOR_TYPE_MAP)) {
+            /* We expect a map of Derive Context command arguments here */
+            return DPE_INVALID_COMMAND;
+    }
+    /* Save the number of items found in the map */
+    num_of_input_arguments = item.val.uCount;
 
     QCBORDecode_GetByteStringInMapN(decode_ctx, DPE_DESTROY_CONTEXT_HANDLE,
                                     &out);
-    if (out.len != sizeof(context_handle)) {
+    qcbor_err = QCBORDecode_GetError(decode_ctx);
+    if ((qcbor_err != QCBOR_SUCCESS) || (out.len != sizeof(context_handle))) {
         return DPE_INVALID_COMMAND;
     }
     memcpy(&context_handle, out.ptr, out.len);
+    COUNT_ARGS(num_of_valid_arguments);
 
     QCBORDecode_GetBoolInMapN(decode_ctx, DPE_DESTROY_CONTEXT_RECURSIVELY,
                               &destroy_recursively);
+    CHECK_AND_COUNT_OPTIONAL_ARGUMENT(decode_ctx);
 
     QCBORDecode_ExitMap(decode_ctx);
 
@@ -344,6 +362,11 @@
         return DPE_INVALID_COMMAND;
     }
 
+    if (num_of_input_arguments > num_of_valid_arguments) {
+        /* Extra unsupported arguments encoded in command map */
+        return DPE_INVALID_ARGUMENT;
+    }
+
     dpe_err = destroy_context_request(context_handle, destroy_recursively);
     if (dpe_err != DPE_NO_ERROR) {
         return dpe_err;