Added check to avoid for buffer overrun on nvmem.c

rsksmart · Sep 26, 2024 · aac524b · aac524b
1 parent 3004408
commit aac524b
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 8 deletions.
diff --git a/firmware/src/hal/include/hal/nvmem.h b/firmware/src/hal/include/hal/nvmem.h
@@ -73,8 +73,10 @@ void nvmem_init();
  * @param key a string key to uniquely identify the block
  * @param addr the base address of the block
  * @param size the size of the block in bytes
+ * 
+ * @return whether the block was successfully registered
  */
-void nvmem_register_block(char* key, void* addr, size_t size);
+bool nvmem_register_block(char* key, void* addr, size_t size);
 
 /**
  * @brief Loads registered blocks into memory

diff --git a/firmware/src/hal/sgx/src/trusted/nvmem.c b/firmware/src/hal/sgx/src/trusted/nvmem.c
@@ -58,11 +58,18 @@ void nvmem_init() {
     nvm_blocks_count = 0;
 }
 
-void nvmem_register_block(char* key, void* addr, size_t size) {
+bool nvmem_register_block(char* key, void* addr, size_t size) {
+    if (nvm_blocks_count >= MAX_NVM_BLOCKS) {
+        LOG("Error registering NVM block <%s>: too many blocks\n", key);
+        return false;
+    }
+
     nvm_blocks[nvm_blocks_count].key = key;
     nvm_blocks[nvm_blocks_count].addr = addr;
     nvm_blocks[nvm_blocks_count].size = size;
     nvm_blocks_count++;
+
+    return true;
 }
 
 static void clear_blocks() {

diff --git a/firmware/src/sgx/src/trusted/system.c b/firmware/src/sgx/src/trusted/system.c
@@ -206,12 +206,19 @@ bool system_init(unsigned char *msg_buffer, size_t msg_buffer_size) {
     }
 
     nvmem_init();
-    nvmem_register_block("bcstate",
-                         &N_bc_state_var,
-                         sizeof(N_bc_state_var));
-    nvmem_register_block("bcstate_updating",
-                         &N_bc_state_updating_backup_var,
-                         sizeof(N_bc_state_updating_backup_var));
+    if (!nvmem_register_block("bcstate",
+                              &N_bc_state_var,
+                              sizeof(N_bc_state_var))) {
+        LOG("Error registering bcstate block\n");
+        return false;
+    }
+    if (!nvmem_register_block("bcstate_updating",
+                              &N_bc_state_updating_backup_var,
+                              sizeof(N_bc_state_updating_backup_var))) {
+        LOG("Error registering bcstate_updating block\n");
+        return false;
+    }
+
     if (!nvmem_load()) {
         LOG("Error loading nvmem\n");
         return false;