fix(security): address path traversal, buffer overflow and logic vulnerabilities#13
Closed
RinZ27 wants to merge 2 commits intoembeddedos-org:masterfrom
Closed
fix(security): address path traversal, buffer overflow and logic vulnerabilities#13RinZ27 wants to merge 2 commits intoembeddedos-org:masterfrom
RinZ27 wants to merge 2 commits intoembeddedos-org:masterfrom
Conversation
RinZ27
requested review from
hshanmug12,
maheshmunnangi and
srpatcha
as code owners
RinZ27
force-pushed
the
fix/security-and-logic-improvements
branch
2 times, most recently
from
6ce30d1 to
402b409
Compare
RinZ27
force-pushed
the
fix/security-and-logic-improvements
branch
from
402b409 to
5b56a93
Compare
srpatcha
pushed a commit
that referenced
this pull request
Apr 14, 2026
Includes all changes from PR #13 (by RinZ27) plus: - Added error checking (errcheck) across 16 files - Removed unused field broker.running - Removed unused func computeChallengeResponse
Member
Member
Author
srpatcha
added a commit
that referenced
this pull request
Apr 17, 2026
…#14) * fix(security): address path traversal, buffer overflow and logic vulnerabilities * chore(ci): fix linting and cross-platform path issues in tests * fix(security): address vulnerabilities + fix all errcheck lint errors Includes all changes from PR #13 (by RinZ27) plus: - Added error checking (errcheck) across 16 files - Removed unused field broker.running - Removed unused func computeChallengeResponse --------- Co-authored-by: RinZ27 <222222878+RinZ27@users.noreply.github.com> Co-authored-by: Srikanth Patchava <Srikanth.Patchava@brooksautomation.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addressing several security vulnerabilities and technical debt identified during a recent audit. The focus is on improving the robustness of path handling, ensuring memory safety in the C SDK, and resolving various logic/syntax errors across the Go codebase.
Type of Change
Changes
filepath.Cleaninconfigandtcppackages to prevent potential path traversal.0644to0600to restrict access to the file owner.protocol/frame.goto prevent integer overflow during frame encoding and decoding.strncpycalls.interface{}in the CLI tool, opting for direct pretty-printing of JSON payloads.core,security, andtransportpackages.#include <stdlib.h>ineipc_client.cto fix build failures related torand().Testing
go test ./...)Pre-Submission Checklist
Related Issues
N/A
Additional Notes
These changes significantly improve the security posture of the IPC framework without altering the core business logic. Stability was a major priority, especially in fixing the broken source files encountered in the
coreandauthmodules.