[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers
|
From: |
Dorjoy Chowdhury |
|
Subject: |
Re: [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers |
|
Date: |
Tue, 5 Nov 2024 19:56:28 +0600 |
On Tue, Nov 5, 2024 at 6:51 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> On Tue, Nov 5, 2024 at 12:44 PM Peter Maydell <peter.maydell@linaro.org>
> wrote:
> > Hi; Coverity raises a couple of potential issues with the
> > read_eif_file() function in this commit, which are both
> > "Coverity assumes the file we're reading is untrusted and is
> > unsure that we're correctly sanitizing data from it before use".
> > Could somebody who understands the use case here check whether
> > these need addressing?
>
> Both are reasonable to fix, even if the use case would not make them
> security sensitive. I'll prepare and send a patch.
>
Agree that it makes sense to fix. Thanks Paolo for looking into it. I
can review when the patch is ready.
BTW I see there is some formatting issue in the documentation of
nitro-enclave in the QEMU website:
https://www.qemu.org/docs/master/system/i386/nitro-enclave.html
I think it's a simple fix where we need to put two colons (::) in a
line before the QEMU commands lines. Maybe it would make sense to
include it in the patches as well.
Regards,
Dorjoy