Skip to content

Commit

Permalink
Add some nil checking to validate.go
Browse files Browse the repository at this point in the history 
Calling validate.SnpAttestation with an incomplete attesstation report
will lead to nil dereferences instead of meaningful errors without this.
  • Loading branch information
@deeglaze
deeglaze committed Mar 4, 2024
1 parent 68972f3 commit c50f298
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions validate/validate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,10 +612,21 @@ func validateKeys(report *spb.Report, options *Options) error {
}

func validateKeyKind(report *spb.Attestation) (*x509.Certificate, error) {
if report == nil {
return nil, fmt.Errorf("attestation cannot be nil")
}
if report.GetReport() == nil {
return nil, fmt.Errorf("attestation report cannot be nil")
}
if report.GetCertificateChain() == nil {
return nil, fmt.Errorf("attestation certificate chain cannot be nil")
}

info, err := abi.ParseSignerInfo(report.GetReport().GetSignerInfo())
if err != nil {
return nil, err
}

switch info.SigningKey {
case abi.VcekReportSigner:
if len(report.GetCertificateChain().VcekCert) != 0 {
Expand Down

0 comments on commit c50f298

Please sign in to comment.