fix(rss): fix msg deserialization bugs in comms

-fix1: size of struct instead of pointer during reply_size check -fix2: update the out_vec length with the actual length from reply message (e.g. in case of an output buffer, the returned output data length remained the size of the buffer and was not updated with the size of the actual data in it) Change-Id: Ibed5520ca1fb05df358de4bdf85ace219183866c Signed-off-by: David Vincze <david.vincze@arm.com>
2025-04-17 18:14:24 +00:00 · 2023-03-06 15:02:08 +01:00 · 2023-03-06 15:02:08 +01:00 · dda052851a
commit dda052851a
parent 5673160717
1 changed files with 11 additions and 5 deletions
--- a/drivers/arm/rss/rss_comms_protocol_embed.c
+++ b/drivers/arm/rss/rss_comms_protocol_embed.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 *
@ -54,7 +54,9 @@ psa_status_t rss_protocol_embed_serialize_msg(psa_handle_t handle,
 		if (in_vec[i].len > sizeof(msg->trailer) - payload_size) {
 			return PSA_ERROR_INVALID_ARGUMENT;
 		}
-		memcpy(msg->trailer + payload_size, in_vec[i].base, in_vec[i].len);
+		memcpy(msg->trailer + payload_size,
+		       in_vec[i].base,
+		       in_vec[i].len);
 		payload_size += in_vec[i].len;
 	}

@ -77,12 +79,16 @@ psa_status_t rss_protocol_embed_deserialize_reply(psa_outvec *out_vec,
 	assert(return_val != NULL);

 	for (i = 0U; i < out_len; ++i) {
-		if (sizeof(reply) - sizeof(reply->trailer) + payload_offset > reply_size) {
+		if ((sizeof(*reply) - sizeof(reply->trailer) + payload_offset)
+		    > reply_size) {
 			return PSA_ERROR_INVALID_ARGUMENT;
 		}

-		memcpy(out_vec[i].base, reply->trailer + payload_offset, out_vec[i].len);
-		payload_offset += out_vec[i].len;
+		memcpy(out_vec[i].base,
+		       reply->trailer + payload_offset,
+		       reply->out_size[i]);
+		out_vec[i].len = reply->out_size[i];
+		payload_offset += reply->out_size[i];
 	}

 	*return_val = reply->return_val;