search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
177 stars 31 forks source link

RVD#2963: fixed size global buffer, /sw/misc/satcom/udp2tcp.c:52, ... #2963

Closed rvd-bot closed 3 years ago

rvd-bot commented 4 years ago 
id: 2963
title: 'RVD#2963: fixed size global buffer, /sw/misc/satcom/udp2tcp.c:52, ...'
type: bug
description: "Extra care should be taken to ensure that character arrays that are\n\
  \    allocated on the stack are used safely.  They are prime targets for\n    buffer\
  \ overflow attacks. @ /opt/paparazzi_ws/paparazzi/sw/misc/satcom/udp2tcp.c52, \n\
  /opt/paparazzi_ws/paparazzi/sw/misc/satcom/tcp2ivy.c169, \n/opt/paparazzi_ws/paparazzi/sw/misc/satcom/tcp2ivy_generic.c98,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/misc/satcom/email2udp.c172, \n/opt/paparazzi_ws/paparazzi/sw/misc/turbine/turb_simu.c88,93,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/lib/python/pprz_math/pprz_geodetic_int.i13,42,71,100,116,131,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/lib/python/pprz_math/pprz_geodetic_float.i52,111,150,189,210,250,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/lib/python/pprz_math/pprz_algebra_int.i45,80,140,190,253,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/lib/python/pprz_math/pprz_algebra_float.i48,83,126,181,250,276,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/lib/python/pprz_math/pprz_geodetic_double.i54,113,152,191,212,242,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/lib/python/pprz_math/pprz_algebra_double.i42,78,118,153,182,227,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/datalink/missionlib/blocks.c51,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/sensors/airspeed_uADC.c68, \n\
  /opt/paparazzi_ws/paparazzi/sw/airborne/modules/sensors/cameras/jevois.c49,54,73,134,427,438,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/sensors/airspeed_otf.c61, \n\
  /opt/paparazzi_ws/paparazzi/sw/airborne/modules/digital_cam/sim_i2c_cam_ctrl.c58,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/digital_cam/atmega_i2c_cam_ctrl.c97,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/digital_cam/catia/catia.c106,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/meteo/wind_estimator.c475, \n\
  /opt/paparazzi_ws/paparazzi/sw/airborne/modules/computer_vision/lib/v4l/virt2phys.c61,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/computer_vision/textons.c444,473,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/computer_vision/video_usb_logger.c62,131,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/computer_vision/video_thread.c94,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/computer_vision/viewvideo.c137,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/computer_vision/video_capture.c118,127,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/display/max7456.c380, \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/ins/ins_mekf_wind_wrapper.c611,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/loggers/file_logger.c109,118,125,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/loggers/sdlog_chibios.c221,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/loggers/high_speed_logger_direct_memory.c967,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/loggers/sdlog_chibios/sdLog.c134,742,812,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/loggers/sdlog_chibios/printf.c178,180,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/modules/gsm/gsm.c273,342,355,409, \n\
  /opt/paparazzi_ws/paparazzi/sw/airborne/boards/disco/board.c38,44,54, \n/opt/paparazzi_ws/paparazzi/sw/airborne/boards/ardrone/board.c97,103,113,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/boards/swing/board.c45, \n/opt/paparazzi_ws/paparazzi/sw/airborne/boards/bebop/board.c39,45,55,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/firmwares/non_ap/geiger_counter/geiger_counter.c52,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/firmwares/logger/main_logger.c402, \n\
  /opt/paparazzi_ws/paparazzi/sw/airborne/subsystems/gps/gps_furuno.c69, \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/lpc21/test/uart.c85,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/lpc21/test/bootloader/printf.c82,127,211,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/lpc21/efsl/src/mkfs.c41, \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/lpc21/efsl/src/ui.c56,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/lpc21/lpcusb/examples/printf.c82,127,211,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/sim/modules/core/rtos_mon_arch.c38,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/linux/mcu_periph/pwm_sysfs.c58,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/linux/mcu_periph/adc_arch.c150,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/airborne/arch/stm32/usb_ser_hw.c246, \n/opt/paparazzi_ws/paparazzi/sw/ext/libexif/exif-loader.c76,117,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ext/libexif/exif-entry.c599,600,673,748,967,974,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ext/libexif/exif-content.c118, \n/opt/paparazzi_ws/paparazzi/sw/simulator/nps/nps_ivy.c158,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/simulator/nps/nps_main_sitl.c102, \n/opt/paparazzi_ws/paparazzi/sw/simulator/nps/nps_fdm_jsbsim.cpp308,532,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/simulator/nps/nps_radio_control_spektrum.c78,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/tools/STDMA_dongle/uart.c50,102,147, \n/opt/paparazzi_ws/paparazzi/sw/tools/STDMA_dongle/main.c171,494,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/tools/bluegiga_usb_dongle/uart.c59,104,141, \n\
  /opt/paparazzi_ws/paparazzi/sw/tools/bluegiga_usb_dongle/main.c381,879,1042, \n\
  /opt/paparazzi_ws/paparazzi/sw/tools/wiki_gen/wiki_gen.c69,97, \n/opt/paparazzi_ws/paparazzi/sw/tools/vectornav_configurator/VectorNavSetup_console.cpp60,121,136,151,166,217,228,245,256,273,284,311,353,368,431,445,457,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/tools/gps_ublox_conf/ublox_conf.c135,205,207,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/tools/mergelogs.c30, \n/opt/paparazzi_ws/paparazzi/sw/logalizer/tmdata.c54,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/logalizer/plot3dparse.c70,73, \n/opt/paparazzi_ws/paparazzi/sw/logalizer/sdlogger_download.c70,273,560,613,618,659,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/logalizer/ctrlstick.c126,349, \n/opt/paparazzi_ws/paparazzi/sw/logalizer/ffjoystick.c133,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/logalizer/tmserver.c111, \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/sbs_parser.c148,293,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/sbp2ivy.c82, \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/natnet2ivy.c166,719,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/davis2ivy.c140, \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/kestrel2ivy.c203,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/rtcm2ivy.c105,106,260, \n\
  /opt/paparazzi_ws/paparazzi/sw/ground_segment/misc/video_synchronizer.c119, \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/lpc21iap/lpc21iap.c83,90,155,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/cockpit/ant_track_pmm.c439, \n\
  /opt/paparazzi_ws/paparazzi/sw/ground_segment/tmtc/ivy_serial_bridge.c379, \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/tmtc/app_server.c84,90,96,97,98,99,100,101,114,193,221,232,236,251,262,265,374,384,394,\
  \ \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/tmtc/ivy2nmea.c535, \n/opt/paparazzi_ws/paparazzi/sw/ground_segment/joystick/usb_stick.c128,451,\
  \ \n/opt/paparazzi_ws/paparazzi/tests/math/tap.c347, \n"
cwe: None
cve: None
keywords:
- rats
- static analysis
- testing
- triage
- bug
- 'version: v5.16.0_stable'
- 'robot component: Ardupilot'
- components software
system: ''
vendor: null
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/2963
flaw:
  phase: testing
  specificity: subject-specific
  architectural-location: application-specific
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: 2020-06-29 (15:58)
  detected-by: Alias Robotics
  detected-by-method: testing static
  date-reported: 2020-06-29 (15:58)
  reported-by: Alias Robotics
  reported-by-relationship: automatic
  issue: https://github.com/aliasrobotics/RVD/issues/2963
  reproducibility: always
  trace: ''
  reproduction: See artifacts below (if available)
  reproduction-image: gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_paparazzi/-/jobs/615965520/artifacts/download
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''
rvd-bot commented 3 years ago

Ticket is still missing triage. Closing for inactivity