Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper Null Termination on Software Bus Message handling #83

Closed
2 tasks done
chillfig opened this issue Feb 28, 2023 · 0 comments · Fixed by #89
Closed
2 tasks done

Improper Null Termination on Software Bus Message handling #83

chillfig opened this issue Feb 28, 2023 · 0 comments · Fixed by #89
Assignees
@chillfig
Labels
enhancement Equuleus-rc1
Milestone
Equuleus

Comments

@chillfig
Copy link
Contributor

chillfig commented Feb 28, 2023
edited
Loading

Checklist (Please check before submitting)

  • I reviewed the Contributing Guide.
  • I performed a cursory search to see if the bug report is relevant, not redundant, nor in conflict with other tickets.

Describe the bug
It is not guarenteed that the source or destination arguments of strncpy for software bus message uses in ds/apps/fsw/src assure Null termination. Many standard functions such as strcpy, strlen, strcmp among others rely on arrays of characters to be Null terminated.

To Reproduce
From local ds repo, command grep -r strncpy and view uses where argument is a software bus message.

Expected behavior
No expected behavior changes. Replace strncpy with CFE_SB_MessageStringGet

Code snips
The below code snips are DS strncpy uses that do not guarentee null-termination

DS/fsw/src/ds_cmds.c

Line 742 in 04c0154

strncpy(pDest->Pathname, DS_DestPathCmd->Pathname, sizeof(pDest->Pathname));

DS/fsw/src/ds_cmds.c

Line 809 in 04c0154

strncpy(pDest->Basename, DS_DestBaseCmd->Basename, sizeof(pDest->Basename));

DS/fsw/src/ds_cmds.c

Line 876 in 04c0154

strncpy(pDest->Extension, DS_DestExtCmd->Extension, sizeof(pDest->Extension));

This strncpy example in FM may help with null-terminated destination but does not guarentee null-terminated source:
FM strncpy example

System observed on:
imported from JSC static analysis audit

Additional context
The FM example above proves to assure Null termination for the destination, however, it may be best approach to replace strncpy with CFE_SB_MessageStringGet to consolidate handling of strings.

Reporter Info
Justin Figueroa, Vantage Systems
@chillfig chillfig changed the title Improper Null Termination Improper Null Termination on Software Bus Message handling Mar 1, 2023
@chillfig chillfig self-assigned this Mar 7, 2023
chillfig pushed a commit to chillfig/DS that referenced this issue Mar 7, 2023
Fix nasa#83, Adds null termination to software bus messaging
04a9081
chillfig pushed a commit to chillfig/DS that referenced this issue Mar 7, 2023
Fix nasa#83, Adds null termination to software bus messaging
5e0a1d9
@chillfig chillfig mentioned this issue Mar 7, 2023
Merged
2 tasks
dzbaker added a commit that referenced this issue Mar 10, 2023
@dzbaker
Merge pull request #89 from chillfig/Add_null_term
10a042f 
Fix #83, Adds null termination to software bus messaging
@dmknutsen dmknutsen added this to the Equuleus milestone May 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chillfig chillfig

Labels
enhancement Equuleus-rc1
Projects
None yet
Milestone
Equuleus
Development

Successfully merging a pull request may close this issue.

Fix #83, Adds null termination to software bus messaging chillfig/DS
2 participants
@dmknutsen @chillfig