search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
171 stars 31 forks source link

RVD#3271: fixed size global buffer, mcmds/dumpfile/dumpfile.c:105, ... #3271

Closed rvd-bot closed 4 years ago

rvd-bot commented 4 years ago 
id: 3271
title: 'RVD#3271: fixed size global buffer, mcmds/dumpfile/dumpfile.c:105, ...'
type: bug
description: "Extra care should be taken to ensure that character arrays that are\n\
  \    allocated on the stack are used safely.  They are prime targets for\n    buffer\
  \ overflow attacks. @ /opt/px4_ws/Firmware/src/systemcmds/dumpfile/dumpfile.c105,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/reflect/reflect.c100, \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_float.cpp51,106,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_dataman.c72,164,177, \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_mixer.cpp211,240,283,297,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_uart_send.c110, \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_jig_voltages.c122,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_mount.c117,174, \n/opt/px4_ws/Firmware/src/systemcmds/tests/tests_main.c164,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/tests/test_bson.c180, \n/opt/px4_ws/Firmware/src/systemcmds/mixer/mixer.cpp147,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/pwm/pwm.cpp137, \n/opt/px4_ws/Firmware/src/systemcmds/hardfault_log/hardfault_log.c166,289,453,515,605,646,792,1017,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/ver/ver.c155,156,240,277, \n/opt/px4_ws/Firmware/src/systemcmds/mtd/mtd.c332,\
  \ \n/opt/px4_ws/Firmware/src/systemcmds/mtd/24xxxx_mtd.c573, \n/opt/px4_ws/Firmware/src/drivers/qshell/qurt/qshell.cpp154,\
  \ \n/opt/px4_ws/Firmware/src/drivers/frsky_telemetry/frsky_telemetry.c241, \n/opt/px4_ws/Firmware/src/drivers/blinkm/blinkm.cpp912,\
  \ \n/opt/px4_ws/Firmware/src/drivers/device/ringbuffer.cpp393, \n/opt/px4_ws/Firmware/src/drivers/device/CDev.cpp91,113,\
  \ \n/opt/px4_ws/Firmware/src/drivers/device/posix/I2C.cpp105, \n/opt/px4_ws/Firmware/src/drivers/device/posix/cdev_platform.cpp197,331,\
  \ \n/opt/px4_ws/Firmware/src/drivers/iridiumsbd/IridiumSBD.cpp547, \n/opt/px4_ws/Firmware/src/drivers/sf0x/sf0x_tests/SF0XTest.cpp55,\
  \ \n/opt/px4_ws/Firmware/src/drivers/sf0x/sf0x.cpp110,121,593, \n/opt/px4_ws/Firmware/src/drivers/kinetis/tone_alarm/tone_alarm.cpp221,222,\
  \ \n/opt/px4_ws/Firmware/src/drivers/mkblctrl/mkblctrl.cpp161, \n/opt/px4_ws/Firmware/src/drivers/navio_sysfs_rc_in/navio_sysfs_rc_in.cpp110,183,\
  \ \n/opt/px4_ws/Firmware/src/drivers/stm32/tone_alarm/tone_alarm.cpp318,319, \n\
  /opt/px4_ws/Firmware/src/drivers/pwm_out_rc_in/pwm_out_rc_in.cpp70,141, \n/opt/px4_ws/Firmware/src/drivers/linux_pwm_out/navio_sysfs.cpp69,110,135,\
  \ \n/opt/px4_ws/Firmware/src/drivers/linux_pwm_out/linux_pwm_out.cpp66,67,69,133,\
  \ \n/opt/px4_ws/Firmware/src/drivers/linux_pwm_out/PCA9685.cpp179, \n/opt/px4_ws/Firmware/src/drivers/vmount/vmount.cpp192,\
  \ \n/opt/px4_ws/Firmware/src/drivers/bst/bst.cpp88, \n/opt/px4_ws/Firmware/src/drivers/samv7/tone_alarm/tone_alarm.cpp234,235,\
  \ \n/opt/px4_ws/Firmware/src/drivers/px4fmu/fmu.cpp205,529,918,942, \n/opt/px4_ws/Firmware/src/drivers/navio_adc/navio_adc.cpp165,220,\
  \ \n/opt/px4_ws/Firmware/src/drivers/gps/gps.cpp151, \n/opt/px4_ws/Firmware/src/drivers/roboclaw/RoboClaw.cpp354,\
  \ \n/opt/px4_ws/Firmware/src/drivers/md25/md25.cpp471,578, \n/opt/px4_ws/Firmware/src/drivers/md25/md25_main.cpp204,\
  \ \n/opt/px4_ws/Firmware/src/drivers/tap_esc/tap_esc.cpp917, \n/opt/px4_ws/Firmware/src/drivers/px4io/px4io.cpp1103,1125,1531,2017,3456,3538,\
  \ \n/opt/px4_ws/Firmware/src/drivers/protocol_splitter/protocol_splitter.cpp63,\
  \ \n/opt/px4_ws/Firmware/src/drivers/batt_smbus/batt_smbus.cpp602,606,613,617,624,628,\
  \ \n/opt/px4_ws/Firmware/src/drivers/linux_gpio/linux_gpio.cpp60,61,123,164,200,218,\
  \ \n/opt/px4_ws/Firmware/src/drivers/snapdragon_rc_pwm/snapdragon_rc_pwm.cpp72,113,\
  \ \n/opt/px4_ws/Firmware/src/drivers/ulanding/ulanding.cpp116, \n/opt/px4_ws/Firmware/src/drivers/linux_sbus/linux_sbus.cpp256,\
  \ \n/opt/px4_ws/Firmware/src/drivers/snapdragon_pwm_out/snapdragon_pwm_out.cpp82,164,\
  \ \n/opt/px4_ws/Firmware/src/modules/sdlog2/sdlog2.c509,510,562,563, \n/opt/px4_ws/Firmware/src/modules/uavcannode/uavcannode_main.cpp242,\
  \ \n/opt/px4_ws/Firmware/src/modules/simulator/simulator_mavlink.cpp727, \n/opt/px4_ws/Firmware/src/modules/land_detector/land_detector_main.cpp60,\
  \ \n/opt/px4_ws/Firmware/src/modules/replay/replay_main.cpp178, \n/opt/px4_ws/Firmware/src/modules/dataman/dataman.cpp501,615,715,\
  \ \n/opt/px4_ws/Firmware/src/modules/events/temperature_calibration/accel.cpp209,\
  \ \n/opt/px4_ws/Firmware/src/modules/events/temperature_calibration/baro.cpp184,\
  \ \n/opt/px4_ws/Firmware/src/modules/events/temperature_calibration/gyro.cpp193,\
  \ \n/opt/px4_ws/Firmware/src/modules/commander/mag_calibration.cpp115,570, \n/opt/px4_ws/Firmware/src/modules/commander/calibration_routines.cpp735,\
  \ \n/opt/px4_ws/Firmware/src/modules/commander/PreflightCheck.cpp92,126,246,319,363,\
  \ \n/opt/px4_ws/Firmware/src/modules/commander/gyro_calibration.cpp231,422, \n/opt/px4_ws/Firmware/src/modules/commander/accelerometer_calibration.cpp190,\
  \ \n/opt/px4_ws/Firmware/src/modules/muorb/krait/px4muorb_KraitRpcWrapper.cpp98,\
  \ \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_log_handler.cpp370,376,478,540,610,624,\
  \ \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_parameters.cpp129,145,224,237,242,\
  \ \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_tests/mavlink_ftp_test.cpp215,\
  \ \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_ftp.cpp305,309, \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_main.cpp1494,2525,\
  \ \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_receiver.cpp2330, \n/opt/px4_ws/Firmware/src/modules/gpio_led/gpio_led.c159,\
  \ \n/opt/px4_ws/Firmware/src/modules/uavcan/uavcan_main.cpp606, \n/opt/px4_ws/Firmware/src/modules/uavcan/uavcan_servers.cpp1013,1014,\
  \ \n/opt/px4_ws/Firmware/src/modules/navigator/geofence.cpp447, \n/opt/px4_ws/Firmware/src/modules/uORB/uORB_tests/uORBTest_UnitTest.cpp127,477,766,\
  \ \n/opt/px4_ws/Firmware/src/modules/uORB/uORBDevices.cpp861, \n/opt/px4_ws/Firmware/src/modules/uORB/uORBManager.cpp125,376,488,518,546,612,661,\
  \ \n/opt/px4_ws/Firmware/src/modules/uavcanesc/uavcanesc_main.cpp215, \n/opt/px4_ws/Firmware/src/modules/syslink/syslink_main.cpp330,\
  \ \n/opt/px4_ws/Firmware/src/modules/logger/logger.cpp658,659,1297,1400,1485,1539,1550,1767,1781,2029,2088,\
  \ \n/opt/px4_ws/Firmware/src/modules/systemlib/printload.c178, \n/opt/px4_ws/Firmware/src/modules/systemlib/otp.c190,\
  \ \n/opt/px4_ws/Firmware/src/modules/systemlib/rc_check.c58, \n/opt/px4_ws/Firmware/src/modules/sensors/temperature_compensation.cpp52,\
  \ \n/opt/px4_ws/Firmware/src/modules/sensors/parameters.cpp49,107, \n/opt/px4_ws/Firmware/src/modules/sensors/voted_sensors_update.cpp231,\
  \ \n/opt/px4_ws/Firmware/src/lib/version/version.c69,155, \n/opt/px4_ws/Firmware/src/lib/rc/rc_tests/RCTest.cpp74,162,232,293,\
  \ \n/opt/px4_ws/Firmware/src/lib/mixer/mixer_load.c51, \n/opt/px4_ws/Firmware/src/lib/mixer/mixer_multirotor.cpp105,\
  \ \n/opt/px4_ws/Firmware/src/lib/controllib/block/BlockParam.cpp51,57, \n/opt/px4_ws/Firmware/src/lib/controllib/block/Block.cpp68,89,108,126,145,163,181,199,\
  \ \n/opt/px4_ws/Firmware/src/platforms/qurt/px4_layer/main.cpp80,123,189, \n/opt/px4_ws/Firmware/src/platforms/qurt/fc_addon/rc_receiver/rc_receiver_main.cpp64,\
  \ \n/opt/px4_ws/Firmware/src/platforms/qurt/fc_addon/uart_esc/uart_esc_main.cpp71,138,201,\
  \ \n/opt/px4_ws/Firmware/src/platforms/qurt/fc_addon/mpu_spi/mpu9x50_main.cpp78,\
  \ \n/opt/px4_ws/Firmware/src/platforms/common/px4_getopt.c66, \n/opt/px4_ws/Firmware/src/platforms/posix/main.cpp183,208,479,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/df_mpu9250_wrapper/df_mpu9250_wrapper.cpp355,430,510,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/tonealrmsim/tone_alarm.cpp131,132,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/df_mpu6050_wrapper/df_mpu6050_wrapper.cpp274,349,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/df_lsm9ds1_wrapper/df_lsm9ds1_wrapper.cpp334,409,489,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/bebop_flow/dump_pgm.cpp61,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/gpssim/gpssim.cpp113, \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/df_hmc5883_wrapper/df_hmc5883_wrapper.cpp195,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/gyrosim/gyrosim.cpp1141, \n\
  /opt/px4_ws/Firmware/src/platforms/posix/drivers/df_ak8963_wrapper/df_ak8963_wrapper.cpp195,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/drivers/df_bebop_bus_wrapper/df_bebop_bus_wrapper.cpp296,\
  \ \n/opt/px4_ws/Firmware/src/platforms/posix/px4_layer/px4_posix_tasks.cpp82, \n\
  /opt/px4_ws/Firmware/src/platforms/posix/px4_layer/px4_sem.cpp139, \n/opt/px4_ws/Firmware/src/platforms/posix/tests/vcdev_test/vcdevtest_example.cpp60,119,220,\
  \ \n/opt/px4_ws/Firmware/msg/templates/urtps/microRTPS_transport.cpp312, \n"
cwe: None
cve: None
keywords:
- rats
- static analysis
- testing
- triage
- bug
- 'version: v1.7.0'
- 'robot component: PX4'
- components software
system: ''
vendor: null
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/3271
flaw:
  phase: testing
  specificity: subject-specific
  architectural-location: application-specific
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: 2020-06-29 (21:12)
  detected-by: Alias Robotics
  detected-by-method: testing static
  date-reported: 2020-06-29 (21:12)
  reported-by: Alias Robotics
  reported-by-relationship: automatic
  issue: https://github.com/aliasrobotics/RVD/issues/3271
  reproducibility: always
  trace: ''
  reproduction: See artifacts below (if available)
  reproduction-image: gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_px4/-/jobs/616402716/artifacts/download
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''