jmp0x7c00
jmp0x7c00
Hello, sir I found there maybe a security issue here and need your confirm. related source code: ``` EVP_PKEY *SSL_get_privatekey(SSL *s) { if (global_eid == 0) { initialize_library(); } log_enter_ecall(__func__);...
Hi,sir TaLos is an awesome project , I like it, but here a security issue , and could you help me confirm it? there is an ecall, that can be...
hi,sir, Town-Crier is an awesome project, I love it.but I think there maybe a security issue here , in file `Enclave/SSLClient.c` : ```C len = sizeof( buf ) - 1;...
in file `win/Enclave/Current_bloomberg.cpp`: ```C static int construct_query(char* symbol, char** buf) { int len; char query[1000]; query[0] = 0; strncat(query, "/quote/", sizeof query); strncat(query, symbol, sizeof query); strncat(query, ":US", sizeof query);...
Hi,sir, I think there is a security issue here,could you help me confirm it? in sqlite.c: ``` if( m!=0 ){ struct stat statbuf; // statbuf is not initializatized,which may exist...
When the connection fails, the request url is leaked. This does not satisfy the requirements of an anonymous network ``` SSL * s_connect(int sock, char * dest_url) { SSL *ssl;...
in `Enclave/TorSGX/control.c` line 3883: ``` tor_asprintf(&buf, "250-ServiceID=%s\r\n" "250-PrivateKey=%s:%s\r\n" "250 OK\r\n", service_id, key_new_alg, key_new_blob); // ====> PrivateKey is leaked ``` in file `Enclave/TorSGX/compat.c` line 624: ``` int tor_asprintf(char **strp, const char...
hi,sir I think there is a securty issue here: in file `Enclave/TorSGX/rendservice.c`: * Create private key for client ``` if (client->client_key) { char *client_key_out = NULL; if (crypto_pk_write_private_key_to_string(client->client_key, &client_key_out, &len)...
 # when I built libEvent_SGX: 