Release/1.9.2#362
Merged
Merged
Conversation
#355) * RDKEMW-15199:[SECVULN] Command injection via /opt/.telemetry/dca_temp_file.conf Signed-off-by: PriyaDharshini_Kathiravan <priyakathiravan05@gmail.com> * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Add sanitize_string function to t2parser * Add sanitize string support for reportprofiles --------- Signed-off-by: PriyaDharshini_Kathiravan <priyakathiravan05@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Shibu Kakkoth Vayalambron <shibu.kakkoth@gmail.com>
…TTP pool (#360) Reason for change: On HROT platforms using the SE051 secure element (XB10/XER10/SXB10), the e4sss OpenSSL ENGINE accumulates per-session hardware state (APDU session objects, secure channel buffers) across mTLS operations. Unlike SE050 (XB8), the SE051 ENGINE allocates larger per-session state that is not released by curl's connection cache management, OPENSSL_thread_stop, or ERR_clear_error() alone. This causes a progressive memory leak (~5MB baseline increase + ~5MB growth over 10+ days) in the telemetry process. 1) set CURLOPT_FORBID_REUSE=1 so curl closes the TCP+TLS connection after each request. This triggers the natural OpenSSL cleanup path: SSL_CTX_free -> EC_KEY_free -> ENGINE_finish, releasing the hardware session state. 2)Add ERR_clear_error() in both GET and POST xPKI retry loops to drain the OpenSSL error queue between retries, preventing ENGINE-internal error state accumulation. Test Procedure: please refered from the ticket Risks: High Signed-off-by: Thamim Razith <tabbas651@cable.comcast.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.