1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include "tee_defines.h"
13 #include "tee_fs.h"
14 #include "tee_log.h"
15 #include "securec.h"
16 #include "string.h"
17 #include "tee_ss_agent_api.h"
18 #include "tee_inner_uuid.h"
19
20 #ifndef FILE_NAME_MAX_BUF
21 #define FILE_NAME_MAX_BUF 256
22 #endif
23
check_file_name(const char * name)24 TEE_Result check_file_name(const char *name)
25 {
26 if (name == NULL) {
27 tloge("Input parameter is null\n");
28 return TEE_ERROR_BAD_PARAMETERS;
29 }
30
31 if (strnlen(name, HASH_NAME_BUFF_LEN) == HASH_NAME_BUFF_LEN) {
32 tloge("File name is too long\n");
33 return TEE_ERROR_BAD_PARAMETERS;
34 }
35
36 /*
37 * If TA or storage task pass sec_storage/../data/xxx, this will write to data dir.
38 * file name must not have ".." str, to against sec_storage/../data attack
39 */
40 if (strstr(name, FILE_NAME_INVALID_STR)) {
41 tloge("Invalid file name(file name contain ..) :%s\n", name);
42 return TEE_ERROR_BAD_PARAMETERS;
43 }
44
45 return TEE_SUCCESS;
46 }
47
48 #define FILE_DIR_FLAG "/"
49 #define CUR_FILE_DIR_FLAG "./"
50 #define USERID0_DIR_FLAG "0/"
51 #define MULTI_USERID 10
check_name_by_storageid_for_ce(const char * obj_id,char * pos)52 static TEE_Result check_name_by_storageid_for_ce(const char *obj_id, char *pos)
53 {
54 if (pos == NULL) {
55 tloge("invalid paramerers");
56 return TEE_ERROR_BAD_PARAMETERS;
57 }
58
59 char *ptr = NULL;
60
61 if (strstr(pos, FILE_DIR_FLAG) == NULL) {
62 tloge("For CE storage, the file name must meet the rule 'userid/xxx'");
63 return TEE_ERROR_STORAGE_PATH_WRONG;
64 }
65
66 if (strncmp(pos, USERID0_DIR_FLAG, strlen(USERID0_DIR_FLAG)) != 0 || strlen(pos) <= strlen(USERID0_DIR_FLAG)) {
67 (void)strtok_r(pos, FILE_DIR_FLAG, &ptr);
68 if (strlen(ptr) == 0 || !(atoi(pos) >= MULTI_USERID)) {
69 tloge("The file name does not match the CE storage ID, obj_id:%s", obj_id);
70 return TEE_ERROR_STORAGE_PATH_WRONG;
71 }
72 }
73
74 return TEE_SUCCESS;
75 }
76
check_name_by_storageid(const char * obj_id,uint32_t obj_len,uint32_t storage_id)77 TEE_Result check_name_by_storageid(const char *obj_id, uint32_t obj_len, uint32_t storage_id)
78 {
79 char temp[FILE_NAME_MAX_BUF] = { '\0' };
80 char *pos = temp;
81 int rc;
82
83 if (obj_id == NULL)
84 return TEE_ERROR_BAD_PARAMETERS;
85
86 rc = memcpy_s(pos, FILE_NAME_MAX_BUF, obj_id, obj_len);
87 if (rc != EOK) {
88 tloge("copy failed");
89 return TEE_ERROR_SECURITY;
90 }
91
92 if (strncmp(pos, FILE_DIR_FLAG, strlen(FILE_DIR_FLAG)) == 0)
93 pos += strlen(FILE_DIR_FLAG);
94 else if (strncmp(pos, CUR_FILE_DIR_FLAG, strlen(CUR_FILE_DIR_FLAG)) == 0)
95 pos += strlen(CUR_FILE_DIR_FLAG);
96
97 if (storage_id == TEE_OBJECT_STORAGE_PRIVATE) {
98 if (pos == strstr(pos, SFS_PERSO) || pos == strstr(pos, SFS_PRIVATE) ||
99 pos == strstr(pos, SFS_PARTITION_TRANSIENT_PERSO) || pos == strstr(pos, SFS_PARTITION_TRANSIENT_PRIVATE)) {
100 tloge("The file name does not match the storage ID, obj_id:%s", pos);
101 return TEE_ERROR_STORAGE_PATH_WRONG;
102 }
103 } else if (storage_id == TEE_OBJECT_STORAGE_CE) {
104 return check_name_by_storageid_for_ce(obj_id, pos);
105 }
106
107 return TEE_SUCCESS;
108 }
109