From f9e8b9535ee47b174ea338c908c289748ab75b2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A4mes=20M=C3=A9n=C3=A9trey?= <james@menetrey.org>
Date: Wed, 22 Nov 2023 03:48:14 +0100
Subject: [PATCH] Attestation: Free JSON from the Wasm module heap (#2803)

The JSON evidence is allocated on the module instance heap, but no API
was given to dispose of this memory buffer. The sample mentions using
the function free, which behaves differently depending on the
execution context.

This fix provides a new function called librats_dispose_evidence_json,
enabling freeing the JSON evidence directly from the Wasm app.
---
 core/iwasm/libraries/lib-rats/lib_rats_wrapper.c | 16 +++++++++++++---
 core/iwasm/libraries/lib-rats/lib_rats_wrapper.h |  3 +++
 samples/sgx-ra/wasm-app/main.c                   |  2 +-
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/core/iwasm/libraries/lib-rats/lib_rats_wrapper.c b/core/iwasm/libraries/lib-rats/lib_rats_wrapper.c
index 59d61f4c8..bdacc259c 100644
--- a/core/iwasm/libraries/lib-rats/lib_rats_wrapper.c
+++ b/core/iwasm/libraries/lib-rats/lib_rats_wrapper.c
@@ -17,7 +17,7 @@
 #include "lib_rats_common.h"
 
 static int
-librats_collect_wrapper(wasm_exec_env_t exec_env, char **evidence_json,
+librats_collect_wrapper(wasm_exec_env_t exec_env, uint32_t *evidence_json,
                         const char *buffer, uint32_t buffer_size)
 {
     wasm_module_inst_t module_inst = get_module_inst(exec_env);
@@ -47,7 +47,7 @@ librats_collect_wrapper(wasm_exec_env_t exec_env, char **evidence_json,
         return (int)RATS_ATTESTER_ERR_NO_MEM;
     }
     bh_memcpy_s(str_ret, json_size, json, json_size);
-    *((int *)evidence_json) = str_ret_offset;
+    *evidence_json = str_ret_offset;
     free(json);
 
     return 0;
@@ -96,6 +96,15 @@ librats_parse_evidence_wrapper(wasm_exec_env_t exec_env,
     return 0;
 }
 
+static void
+librats_dispose_evidence_json_wrapper(wasm_exec_env_t exec_env,
+                                      uint32_t evidence_json)
+{
+    wasm_module_inst_t module_inst = get_module_inst(exec_env);
+
+    module_free(evidence_json);
+}
+
 /* clang-format off */
 #define REG_NATIVE_FUNC(func_name, signature) \
     { #func_name, func_name##_wrapper, signature, NULL }
@@ -104,7 +113,8 @@ librats_parse_evidence_wrapper(wasm_exec_env_t exec_env,
 static NativeSymbol native_symbols_lib_rats[] = {
     REG_NATIVE_FUNC(librats_collect, "(**~)i"),
     REG_NATIVE_FUNC(librats_verify, "(*~*~)i"),
-    REG_NATIVE_FUNC(librats_parse_evidence, "(*~*~)i")
+    REG_NATIVE_FUNC(librats_parse_evidence, "(*~*~)i"),
+    REG_NATIVE_FUNC(librats_dispose_evidence_json, "(i)")
 };
 
 uint32_t
diff --git a/core/iwasm/libraries/lib-rats/lib_rats_wrapper.h b/core/iwasm/libraries/lib-rats/lib_rats_wrapper.h
index e334983e9..928645108 100644
--- a/core/iwasm/libraries/lib-rats/lib_rats_wrapper.h
+++ b/core/iwasm/libraries/lib-rats/lib_rats_wrapper.h
@@ -41,6 +41,9 @@ librats_parse_evidence(const char *evidence_json, uint32_t json_size,
                            evidence_json ? strlen(evidence_json) + 1 : 0, \
                            evidence, sizeof(rats_sgx_evidence_t))
 
+void
+librats_dispose_evidence_json(char *evidence_json);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/samples/sgx-ra/wasm-app/main.c b/samples/sgx-ra/wasm-app/main.c
index 89c4144aa..6f506e06a 100644
--- a/samples/sgx-ra/wasm-app/main.c
+++ b/samples/sgx-ra/wasm-app/main.c
@@ -106,7 +106,7 @@ main(int argc, char **argv)
 
 err:
     if (evidence_json) {
-        free(evidence_json);
+        librats_dispose_evidence_json(evidence_json);
     }
 
     if (evidence) {