CCF icon indicating copy to clipboard operation
CCF copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Error checking in `set_claims_digest`

Open MahatiC opened this issue 2 years ago • 1 comments

set_claims_digest expects a SHA-256 hash as input, but there is no error check on the size. It accepts value of any size.

MahatiC avatar Sep 30 '22 16:09 MahatiC

@MahatiC I do wonder why that is, a superficial look at the code suggests we are in fact checking the size: https://github.com/microsoft/CCF/blob/main/src/js/wrap.cpp#L855

achamayou avatar Sep 30 '22 17:09 achamayou

@achamayou When test_historical_receipts_with_claims test in e2e_logging.py is enabled (#4370), and I manually modify logging.js to pass a non-SHA256 as input for set_claims_digest, it does trigger the exception.

MahatiC avatar Oct 18 '22 13:10 MahatiC