Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BACKPORT] dhcpc: fix potential invalid memory reads #11

Merged
merged 1 commit into from
Jul 2, 2021
Merged

[BACKPORT] dhcpc: fix potential invalid memory reads #11

merged 1 commit into from
Jul 2, 2021

Conversation

davids5
Copy link
Member

@davids5 davids5 commented Jul 2, 2021

  • check for minimum packet length (44 bytes, which includes the fields we
    read next)
  • pass the correct remaining buffer length to dhcpc_parseoptions()
  • dhcpc_parseoptions(): ensure we never read past the end of the buffer

Summary

Impact

Testing

@bkueng @davids5
[BACKPORT] dhcpc: fix potential invalid memory reads
1260ce7 
- check for minimum packet length (44 bytes, which includes the fields we
  read next)
- pass the correct remaining buffer length to dhcpc_parseoptions()
- dhcpc_parseoptions(): ensure we never read past the end of the buffer
@davids5 davids5 mentioned this pull request Jul 2, 2021
Closed
@davids5 davids5 requested a review from bkueng July 2, 2021 12:12
@davids5 davids5 merged commit 979e274 into px4_firmware_nuttx-10.0.0+ Jul 2, 2021
davids5 added a commit that referenced this pull request Jul 21, 2021
@davids5 @bkueng
[BACKPORT] dhcpc: fix potential invalid memory reads (#11)
044c531 
- check for minimum packet length (44 bytes, which includes the fields we
  read next)
- pass the correct remaining buffer length to dhcpc_parseoptions()
- dhcpc_parseoptions(): ensure we never read past the end of the buffer

Co-authored-by: Beat Küng <[email protected]>
PX4BuildBot pushed a commit that referenced this pull request Dec 17, 2024
@Zhangshoukui @xiaoxiang781216
drivertest_uart: The string was not truncated because one more charac…
2e0b577 
…ter was read

    #0 0x43c7443a in strnlen nuttx/libs/libc/string/lib_strnlen.c:42
    #1 0x43c698aa in vsprintf_internal nuttx/libs/libc/stdio/lib_libvsprintf.c:933
    #2 0x43c6ca80 in lib_vsprintf nuttx/libs/libc/stdio/lib_libvsprintf.c:1383
    #3 0x4409c0bd in vsnprintf nuttx/libs/libc/stdio/lib_vsnprintf.c:72
    #4 0x47137cd0 in vcmocka_print_error apps/testing/cmocka/cmocka/src/cmocka.c:2097
    #5 0x47139573 in cmocka_print_error apps/testing/cmocka/cmocka/src/cmocka.c:2422
    #6 0x471376ff in string_equal_display_error apps/testing/cmocka/cmocka/src/cmocka.c:1410
    #7 0x471379a0 in _assert_string_equal apps/testing/cmocka/cmocka/src/cmocka.c:1952
    #8 0x4433d972 in read_default apps/testing/drivertest/drivertest_uart.c:242
    #9 0x4713c6cd in cmocka_run_one_test_or_fixture apps/testing/cmocka/cmocka/src/cmocka.c:3029
    #10 0x4713d487 in cmocka_run_one_tests apps/testing/cmocka/cmocka/src/cmocka.c:3143
    #11 0x4713f2ca in _cmocka_run_group_tests apps/testing/cmocka/cmocka/src/cmocka.c:3294
    #12 0x443444c6 in cmocka_driver_uart_main apps/testing/drivertest/drivertest_uart.c:358
    #13 0x4409a472 in nxtask_startup nuttx/libs/libc/sched/task_startup.c:72
    #14 0x43dc92e7 in nxtask_start nuttx/sched/task/task_start.c:116
    #15 0x43e31f00 in pre_start nuttx/arch/sim/src/sim/sim_initialstate.c:52

Signed-off-by: zhangshoukui <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bkueng bkueng Awaiting requested review from bkueng

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davids5 @bkueng