qgs: protect against format strings in QL log messages

berrange · berrange · commit fb78693dd587 · 2024-10-04T16:41:36.000+01:00
The sgx_proc_log_report() method takes a format string and
var-args. It is unsafe to accept a non-const string from
the QL library and pass it to sgx_proc_log_report(), as the
log message may contain format strings from user data.

Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
@@ -50,10 +50,10 @@ typedef quote3_error_t (*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_
 
 void sgx_ql_logging_callback(sgx_ql_log_level_t level, const char *message) {
     if (level == SGX_QL_LOG_ERROR) {
-        sgx_proc_log_report(1, message);
+        sgx_proc_log_report(1, "%s", message);
 
     } else if (level == SGX_QL_LOG_INFO) {
-        sgx_proc_log_report(3, message);
+        sgx_proc_log_report(3, "%s", message);
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -50,10 +50,10 @@ typedef quote3_error_t (*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_`
`50`	`50`
`51`	`51`	`void sgx_ql_logging_callback(sgx_ql_log_level_t level, const char *message) {`
`52`	`52`	`if (level == SGX_QL_LOG_ERROR) {`
`53`		`- sgx_proc_log_report(1, message);`
	`53`	`+ sgx_proc_log_report(1, "%s", message);`
`54`	`54`
`55`	`55`	`} else if (level == SGX_QL_LOG_INFO) {`
`56`		`- sgx_proc_log_report(3, message);`
	`56`	`+ sgx_proc_log_report(3, "%s", message);`
`57`	`57`	`}`
`58`	`58`	`}`
`59`	`59`