Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleanup rcl_get_secure_root() implementation. #762

Merged
merged 2 commits into from
Aug 25, 2020
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 24 additions & 19 deletions rcl/src/rcl/security.c
Original file line number Diff line number Diff line change
Expand Up @@ -132,36 +132,35 @@ char * rcl_get_secure_root(
const char * name,
const rcl_allocator_t * allocator)
{
bool ros_secure_enclave_override = true;
RCL_CHECK_ARGUMENT_FOR_NULL(name, NULL);
RCL_CHECK_ALLOCATOR_WITH_MSG(allocator, "allocator is invalid", return NULL);

// find out if either of the configuration environment variables are set
const char * env_buf = NULL;
if (NULL == name) {
return NULL;
}
const char * get_env_error_str = NULL;

// check if enclave override environment variable is empty
get_env_error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf);
const char * get_env_error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf);
if (NULL != get_env_error_str) {
RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", get_env_error_str);
return NULL;
}
if (!env_buf) {
ivanpauno marked this conversation as resolved.
Show resolved Hide resolved
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"rcutils_get_env failed: %s", get_env_error_str);
return NULL;
}
if (0 == strcmp("", env_buf)) {
ros_secure_enclave_override = false;

char * ros_secure_enclave_override_env = NULL;
if (0 != strcmp("", env_buf)) {
ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator);
if (NULL == ros_secure_enclave_override_env) {
RCL_SET_ERROR_MSG("failed to duplicate enclave override string");
return NULL;
}
}
char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator);

// check if keystore environment variable is empty
env_buf = NULL;
get_env_error_str = rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf);
if (NULL != get_env_error_str) {
RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", get_env_error_str);
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
return NULL;
}
if (!env_buf) {
ivanpauno marked this conversation as resolved.
Show resolved Hide resolved
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"rcutils_get_env failed: %s", get_env_error_str);
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
return NULL;
}
Expand All @@ -170,10 +169,15 @@ char * rcl_get_secure_root(
return NULL; // environment variable was empty
}
char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator);
if (NULL == ros_secure_keystore_env) {
RCL_SET_ERROR_MSG("failed to duplicate enclave override string");
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
return NULL;
}

// given usable environment variables, overwrite with next lookup
char * secure_root = NULL;
if (ros_secure_enclave_override) {
if (NULL != ros_secure_enclave_override_env) {
secure_root = exact_match_lookup(
ros_secure_enclave_override_env,
ros_secure_keystore_env,
Expand All @@ -200,6 +204,7 @@ char * rcl_get_secure_root(
allocator->deallocate(secure_root, allocator->state);
return NULL;
}
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
allocator->deallocate(ros_secure_keystore_env, allocator->state);
return secure_root;
}