search

project-chip / connectedhomeip

Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance.
https://buildwithmatter.com
Apache License 2.0
7.26k stars 1.94k forks source link

Object Addresses Are Logged #19352

Closed robszewczyk closed 1 year ago

robszewczyk commented 2 years ago

Problem

Pointer values in logs could be used to bypass ASLR, making exploitation of other vulnerabilities easier.

Searching the source code for string pattern %p shows object addresses are being logged in some places:

[...]
src/protocols/secure_channel/CASEServer.cpp: ChipLogProgress(Inet, "CASE Server received
Sigma1 message. Starting handshake. EC %p", ec);
src/protocols/secure_channel/CASESession.cpp: ChipLogProgress(SecureChannel,
"RecoverInitiatorIpk: GroupDataProvider %p, Got IPK for FabricIndex %u", mGroupDataProvider,
src/ble/BtpEngine.cpp: ChipLogError(Ble, "mAppState: %p", mAppState);
src/ble/BLEEndPoint.cpp: ChipLogProgress(Ble, "subscribe complete, ep = %p", this);
src/ble/BLEEndPoint.cpp: ChipLogDebugBleEndPoint(Ble, "%s: data->%p, type %d, len %d",
__FUNCTION__, data, type, data->DataLength());
[...]

Proposed Solution

Pointer value prints should be either removed or only used on debug builds.

Generally, sensitive data should not be logged.

Relatively low priority, post 1.0

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] commented 1 year ago

This stale issue has been automatically closed. Thank you for your contributions.

stale[bot] commented 1 year ago

This stale issue has been automatically closed. Thank you for your contributions.