Skip to content

Fix nasa/cFS#952, Clamp encoded output size to CFE_MISSION_SB_MAX_SB_MSG_SIZE#220

Open
heathdutton wants to merge 1 commit into
nasa:mainfrom
heathdutton:fix-952-clamp-encoded-output-size
Open

Fix nasa/cFS#952, Clamp encoded output size to CFE_MISSION_SB_MAX_SB_MSG_SIZE#220
heathdutton wants to merge 1 commit into
nasa:mainfrom
heathdutton:fix-952-clamp-encoded-output-size

Conversation

@heathdutton

Copy link
Copy Markdown

Describe the contribution

Testing performed
Compiled under the project's CMake flags with -Werror (no new warnings) and clang-format --dry-run --Werror against the repo .clang-format (clean). apps/to_lab has no UT scaffolding, so no test update was possible.

Expected behavior changes
Well-formed telemetry unaffected. A malformed message with an inflated Length field is now transmitted at the clamped size instead of reading adjacent heap memory. No API change.

System(s) tested on

  • Local: macOS/AppleClang single-file compile
  • Full Linux build/run/coverage runs in CI on this PR

Additional context
Partial remediation. Full elimination of the over-read requires SB-layer size tracking, which is the scope of nasa/cFS#953. The EDS variant to_lab_eds_encode.c has a related code path already bounded by NetworkBuffer and is left for a separate change to keep scope tight.

Contributor Info
Heath Dutton, Personal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[SECURITY] Heap over-read via untrusted CCSDS length in TO_LAB sendto

1 participant