skliper
commented
2 years ago @n-yanchik Is this needed for Draco?
Open n-yanchik opened 2 years ago
skliper
commented
2 years ago @n-yanchik Is this needed for Draco?
n-yanchik
commented
2 years ago Nope. WFI FSW doesn’t need it. I don’t think we are using that tool. But we figured you should know about the issue.
This issue was observed in IV&V's analysis of the Roman Space Telescope's WFI Instrument ICDH FSW Build 2.0 software release. See attachment for code reference. cFS TIMs.pdf
This was veing tracked in the WFI FSW Jira system under: https://etdjira.gsfc.nasa.gov/browse/WFI-695
RST-IVV-177: ICDH Build 2: cFS Tool “elf2cfetbl” Experiences a Buffer Overflow when the Section Header Description Exceeds 60 Characters
IVV Severity: 4 Issue Category: Code Issue Type: Incorrect Code Count: 1
Description: When reading the section header using the function GetSectionHeader() on line 1667 of file elf2cfetbl.c [Ref. 1], the array of “VerboseStr”, which is of size 60, will experience a buffer overflow when “i”, the iteration integer used in the while loop on the same line, exceeds the value of 60. This can occur because the maximum characters allowed for the section header is 128 as defined by the macro MAX_SECTION_HDR_NAME_LEN on line 44 in the same file. On line 1674, “VerboseStr” is expected to have length MAX_SECTION_HDR_NAME_LEN - 1, which is 127. So, if the “SrcFileDesc” points to a section header with longer than 60 characters, on line 1667, the iterator "i" will exceed 60.
Note: The elf2cfetbl utility is a ground tool that provides a method of converting an object file containing the desired contents of a cFE application's Table Image into a binary file that is compatible with the cFE Table Services for loading the image.
Recommended Actions: Declare the “VerboseStr” in function GetSectionHeader() to be an array of characters for at least MAX_SECTION_HDR_NAME_LEN, 128.
Impact: A buffer overflow can result in unpredictable/undesired behavior during the execution of the elf2cfetbl utility. With the current code, the user would need to change the section header description to be shorter than 60 characters and re-run the elf2cfetbl tool if the header were greater than 60 characters long. This creates inconvenience for operators or other project personnel.