Open
Conversation
Automated fixes applied by KCode Audit Engine: - source/idf/BtXBoxOneWireless.cpp | 1 + - source/idf/CanIndustrialProducts.cpp | 1 + - source/idf/EthernetDevice.cpp | 5 +++-- - source/idf/EthernetWingMan.cpp | 1 + - source/idf/HidDecoder.cpp | 1 + - source/idf/SerialThrustMasterBase.cpp | 1 + - source/idf/UsbChProPedals.cpp | 1 + - source/idf/UsbDacoThc.cpp | 1 + - source/idf/UsbDualShock3.cpp | 1 + - source/idf/UsbDualShock4.cpp | 1 + - ... and 16 more Signed-off-by: Astrolexis.space — Kulvex Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security & Code Quality Audit
Auditor: Astrolexis.space — Kulvex Code
Findings: 31 confirmed (1 false positive filtered)
Scan time: 18s
Summary
A comprehensive security and code-quality audit of the IDF project identified 31 actionable findings across 220 scanned files. The most prevalent vulnerability pattern is unvalidated fixed-index buffer access—accounting for 28 of the 31 findings—where HID, USB, CAN, and Ethernet packet decoders access array elements without prior bounds checks, exposing the system to out-of-bounds reads from attacker-controlled inputs. Additional issues include unsafe pointer arithmetic (reminiscent of the NASA IDF bug), unreachable code, and missing resource cleanup on error paths. All 31 findings have been remediated with minimal, targeted changes that enforce input validation, improve memory safety, and enhance error resilience.
Findings & Fixes
1. [HIGH] Buffer access with fixed index, no size validation — source/idf/BtXBoxOneWireless.cpp:16
Bug: The
decode()function unconditionally accessesdata[13]without verifyingdata.size() ≥ 14, and the same pattern recurs 21× in the file. Sincedataoriginates from Bluetooth HID packets (Xbox One Wireless), malformed packets can trigger out-of-bounds reads.Impact: An attacker could craft malicious HID reports with length <14 to leak stack/heap memory contents via
data[13], potentially exposing sensitive state or enabling side-channel attacks.Fix: Added
if (data.size() < 14) return;before line 11 (i.e., before the first fixed-index access), ensuring early exit on undersized packets.2. [HIGH] Buffer access with fixed index, no size validation — source/idf/CanIndustrialProducts.cpp:53
Bug:
decode()accesses indices up todata[7]unconditionally, with 13 additional similar accesses in the file. CAN messages are attacker-controlled, so undersized payloads cause out-of-bounds reads.Impact: Malicious CAN frames with length <8 may leak adjacent memory or cause crashes; in safety-critical industrial contexts, this could affect actuator control logic.
Fix: Inserted
if (data.size() < 8) return;at the start ofdecode()before line 52.3. [HIGH] Suspicious pointer arithmetic: (&var)[N] — source/idf/EthernetDevice.cpp:160
Bug:
(&buffer)[bytesTotal]is used wherebufferisconst void *; this indexes beyond the pointer variable itself (on the stack), not into the actual buffer contents—a classic NASA IDF–style bug.Impact: An attacker controlling
bytesTotalcould read arbitrary stack memory (e.g., return addresses, saved registers), enabling information disclosure or ROP gadget discovery.Fix: Replaced
(&buffer)[bytesTotal]withstatic_cast<const char*>(buffer) + bytesTotalto correctly advance into the buffer.4. [MEDIUM] Statement after return/throw/continue (unreachable code) — source/idf/EthernetDevice.cpp:143
Bug:
lastPacketArrived = std::time(nullptr);on line 145 is unreachable, appearing immediately after areturnin the same block.Impact: Timestamping of packet arrival is silently skipped, potentially affecting logging, diagnostics, or timeout logic—though not directly exploitable.
Fix: Moved the assignment before the
return, ensuringlastPacketArrivedis updated on all code paths.5. [MEDIUM] File descriptor opened without closing on error path — source/idf/EthernetDevice.cpp:30
Bug:
socketHandleis created viasocket()on line 30, but ifsocket()fails, the function throws on line 35 without closing the descriptor first.Impact: Repeated socket failures (e.g., due to resource exhaustion or DoS) cause descriptor leaks, eventually exhausting the process’s file descriptor table and leading to
EMFILEerrors.Fix: Added
close(socketHandle);before the throw on line 35.6. [HIGH] Buffer access with fixed index, no size validation — source/idf/EthernetExtreme3dPro.cpp:10
Bug:
decode()accessesdata[4]anddata[6]unconditionally; USB HID packets may be shorter than 7 bytes.Impact: Undersized HID reports cause out-of-bounds reads, potentially leaking HID descriptor metadata or previous packet state.
**