Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RST-IVV-177: ICDH Build 2: cFS Tool “elf2cfetbl” Experiences a Buffer Overflow when the Section Header Description Exceeds 60 Characters #104

Open
n-yanchik opened this issue Feb 23, 2022 · 2 comments
Open

RST-IVV-177: ICDH Build 2: cFS Tool “elf2cfetbl” Experiences a Buffer Overflow when the Section Header Description Exceeds 60 Characters #104

n-yanchik opened this issue Feb 23, 2022 · 2 comments

Comments

@n-yanchik
Copy link

n-yanchik commented Feb 23, 2022
edited
Loading

This issue was observed in IV&V's analysis of the Roman Space Telescope's WFI Instrument ICDH FSW Build 2.0 software release. See attachment for code reference.
cFS TIMs.pdf

This was veing tracked in the WFI FSW Jira system under: https://etdjira.gsfc.nasa.gov/browse/WFI-695

RST-IVV-177: ICDH Build 2: cFS Tool “elf2cfetbl” Experiences a Buffer Overflow when the Section Header Description Exceeds 60 Characters

IVV Severity: 4
Issue Category: Code
Issue Type: Incorrect Code
Count: 1

Description:
When reading the section header using the function GetSectionHeader() on line 1667 of file elf2cfetbl.c [Ref. 1], the array of “VerboseStr”, which is of size 60, will experience a buffer overflow when “i”, the iteration integer used in the while loop on the same line, exceeds the value of 60. This can occur because the maximum characters allowed for the section header is 128 as defined by the macro MAX_SECTION_HDR_NAME_LEN on line 44 in the same file. On line 1674, “VerboseStr” is expected to have length MAX_SECTION_HDR_NAME_LEN - 1, which is 127. So, if the “SrcFileDesc” points to a section header with longer than 60 characters, on line 1667, the iterator "i"
will exceed 60.

Note: The elf2cfetbl utility is a ground tool that provides a method of converting an object file containing the desired contents of a cFE application's Table Image into a binary file that is compatible with the cFE Table Services for loading the image.

Recommended Actions:
Declare the “VerboseStr” in function GetSectionHeader() to be an array of characters for at least MAX_SECTION_HDR_NAME_LEN, 128.

Impact:
A buffer overflow can result in unpredictable/undesired behavior during the execution of the elf2cfetbl utility. With the current code, the user would need to change the section header description to be shorter than 60 characters and re-run the elf2cfetbl tool if the header were greater than 60 characters long. This creates inconvenience for operators or other project personnel.
@skliper skliper transferred this issue from nasa/cFS Feb 23, 2022
@skliper
Copy link
Contributor

skliper commented Feb 23, 2022

@n-yanchik Is this needed for Draco?

@n-yanchik
Copy link
Author

n-yanchik commented Feb 23, 2022 via email
edited by skliper
Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skliper @n-yanchik