Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[backport v2.3] lib: updatehub: Fix possible deref an uninitialized ptr #27889

Conversation

nandojve
Copy link
Member

There are several references to objects[1] at updatehub_probe function. The structures are decoded from json, and have a maximum length of 2. However, if the returned json only has a single element in this array, this objects[1] value will be uninitialized. Because the structure contains pointers, these will be uninitialized, causing the code to reference uninitialized memory as pointers.

Add zeroing memory before passing it to the JSON API and do check if objects_len field is two.

This backport apply:
#27865

and fixes:
#27718

Signed-off-by: Gerson Fernando Budke gerson.budke@ossystems.com.br

CC @otavio

There are several references to objects[1] at updatehub_probe function.
The structures are decoded from json, and have a maximum length of 2.
However, if the returned json only has a single element in this array,
this objects[1] value will be uninitialized. Because the structure
contains pointers, these will be uninitialized, causing the code to
reference uninitialized memory as pointers.

Add zeroing memory before passing it to the JSON API and do check if
objects_len field is two.

Fixes zephyrproject-rtos#27718.

Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
@nandojve nandojve added the backport v2.3-branch Request backport to the v2.3-branch label Aug 30, 2020
When running shell commands updatehub alloc data from shell stack.
Increase shell room stack to avoid shell issues.  Memory tuning
should be performed accord with available resources.

Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
@nandojve
Copy link
Member Author

Increase shell stack 05f167d

@nandojve
Copy link
Member Author

disk usage at finish: Error: The command exited with status 1

@nashif nashif added this to To do in Backports Sep 1, 2020
@github-actions
Copy link

github-actions bot commented Nov 1, 2020

This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time.

@github-actions github-actions bot added the Stale label Nov 1, 2020
@d3zd3z
Copy link
Collaborator

d3zd3z commented Nov 4, 2020

This should be fixed in a point release of 2.3.

@d3zd3z d3zd3z removed the Stale label Nov 4, 2020
@nashif nashif merged commit aa9248f into zephyrproject-rtos:v2.3-branch Nov 17, 2020
1 check passed
Backports automation moved this from To do to Done Nov 17, 2020
@nandojve nandojve deleted the topic/v2.3-branch-probe-security branch November 17, 2020 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: Networking area: Samples Samples backport v2.3-branch Request backport to the v2.3-branch
Projects
Backports
  
Done
Development

Successfully merging this pull request may close these issues.

None yet

4 participants