Unsafe Type Casting in Cryptographic Request Handling Creates Potential Memory Corruption Vulnerability in wh_Client_Sha256Dma function in wh_client_crypto.c file

[Jpgig]

The code is performing a typecast from a uint8_t* (returned by _createCryptoRequest()) to a complex structure pointer whMessageCrypto_Sha256DmaRequest*:.

This might arise below security concerns:

Type Safety Violation: Casting from a simple byte pointer to a complex structure assumes that the memory layout matches the structure exactly. If _createCryptoRequest() doesn't allocate enough memory or properly initialize it according to the whMessageCrypto_Sha256DmaRequest structure, this could lead to memory corruption or undefined behavior.

Memory Alignment Issues: The structure contains uint64_t fields which typically require specific memory alignment. If the returned uint8_t* isn't properly aligned, it could cause crashes or data corruption on architectures that require strict alignment.

Potential for Buffer Overflow: If the allocated memory is smaller than the size of whMessageCrypto_Sha256DmaRequest, accessing fields like output could write beyond the allocated memory.

DMA Security Implications: Since this involves DMA (Direct Memory Access) operations as indicated by the structure comments, improper handling could lead to serious security issues like DMA attacks that bypass memory protection mechanisms.

Lack of Validation: There's no apparent validation that the returned pointer from _createCryptoRequest() actually points to a properly initialized whMessageCrypto_Sha256DmaRequest structure.