lib: updatehub: Improve security #24154
Merged
+96
−57
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d3zd3z
reviewed
Apr 8, 2020
nandojve
force-pushed
the
topic/zepsec-28
branch
from
b574278 to
f97d8be
Compare
Done! Could delete msg. |
stephanosio
reviewed
Apr 9, 2020
stephanosio
reviewed
Apr 9, 2020
nandojve
force-pushed
the
topic/zepsec-28
branch
from
f97d8be to
96f7696
Compare
d3zd3z
requested changes
Apr 10, 2020
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
nandojve
force-pushed
the
topic/zepsec-28
branch
2 times, most recently
from
cba58f0 to
db2914c
Compare
|
We decide postpone SLAB right now and focus on fix the security issues first. The SLAB solution will be added with other improvements soon. For us, decrease the memory footprint is a requirement to allow use of UpdateHub over BLE and IEEE 802.15.4. |
nandojve
force-pushed
the
topic/zepsec-28
branch
from
db2914c to
e77e1f8
Compare
otavio
approved these changes
Apr 16, 2020
|
All checks are passing now. Tip: The bot edits this comment instead of posting a new one, so you can check the comment's history to see earlier messages. |
Use bin2hex instead inline conversion. Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Improve buffer overflow security on probe_cb. This ensures that socket buffer have fixed lenght and content received by COAP fills properly on metadata buffer. After that, ensures that metadata content is a valid string with length lower than metadata size. Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
nandojve
force-pushed
the
topic/zepsec-28
branch
from
e77e1f8 to
bc1493a
Compare
d3zd3z
approved these changes
Apr 16, 2020
stephanosio
approved these changes
Apr 17, 2020
jukkar
approved these changes
Apr 17, 2020
This was referenced Apr 17, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are some issues related to security on UpdateHub and this address the following fixes:
Remove all heap allocations and update stacks sizesFixes #24212