cFE icon indicating copy to clipboard operation
cFE copied to clipboard

Published 20 hours ago verified publisher icon nasa

Possible PortMessage buffer truncation

Open chillfig opened this issue 11 months ago • 0 comments

Is your feature request related to a problem? Please describe. Data truncation is possible in the snprintf() below https://github.com/nasa/cFE/blob/5cffc39eccee4902f71809c8963920ea1469e3cd/modules/evs/fsw/src/cfe_evs_utils.c#L548-L551

Describe the solution you'd like Appropriately allocate size for the message.

Describe alternatives you've considered Leave as is. The possibility of truncating the message may be low given that AppName, for example, will not likely occupy the max 20 characters that it is allotted.

Additional context This issue was flagged in JSC 2.1 static analysis.

TimeBuffer: 23 characters (excluding the null terminator) Spacecraft ID: 10 characters (maximum length for uint32) Processor ID: 10 characters (maximum length for uint32) AppName: 20 characters (maximum given size) Event ID: 5 characters (maximum length for uint16) Message: 122 characters (maximum given size) Exact non-data characters: 8 characters The total exact maximum length is 23 + 10 + 10 + 20 + 5 + 122 + 8 = 198 characters needed, not counting the null terminator.

The defined length for CFE_EVS_MAX_PORT_MSG_LENGTH of 172

Requester Info Justin Figueroa, Vantage

chillfig avatar Mar 12 '24 20:03 chillfig