- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Intel has released a technical advisory about the fixes for Spectre. However, I would like to get more insight on how to handle user_check. So from the "Intel® Software Guard Extensions (SGX) SW Development Guidance for Potential Bounds Check Bypass (CVE-2017-5753) Side Channel Exploits" whitepaper, Intel mentioned that we have to protect user_check inputs with the following pattern:
uint32_t enclave_function(const uint8_t* user_check_input, uint32_t user_check_size) { ... // // make sure input buffer is outside enclave // int SGXAPI sgx_is_outside_enclave(const void *addr, size_t size); if (!sgx_is_outside_enclave(user_check_input, user_check_size)) { // error code ... } else { _mm_lfence(); ... } ... }
However, how do I protect the structure that I passed with user_check when it has multiple pointers inside?
Thanks!
Kind Regards,
Elephant
Link Copied
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the buffer is a structure of multiple pointers to other buffers, you will probably have to add one call to sgx_is_outside_enclave per pointer before you reference it.

Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page