Mirror
/
ardupilot
mirror of https://github.com/ArduPilot/ardupilot
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AP_Arming: correct use of failure messages as format strings 

This is important as if the returned string happens to contain
substitutions (%s in particular), we can attempt to pull random data
off the stack and incorporate it in the string.

This sort of bug is rather famous for serious explots in sendmail.

This could be bad if your stack is relatively full and the memory after
it is inaccessible.
This commit is contained in:
Peter Barker 2019-03-07 13:29:28 +11:00 committed by Peter Barker
parent e78eec3292
commit 12981b1f07
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libraries/AP_Arming/AP_Arming.cpp
View File

@ -329,7 +329,7 @@ bool AP_Arming::ins_checks(bool report)
// check AHRS attitudes are consistent
char failure_msg[50] = {};
if (!AP::ahrs().attitudes_consistent(failure_msg, ARRAY_SIZE(failure_msg))) {
check_failed(ARMING_CHECK_INS, report, failure_msg);
check_failed(ARMING_CHECK_INS, report, "%s", failure_msg);
return false;
}
}
@ -463,7 +463,7 @@ bool AP_Arming::battery_checks(bool report)
char buffer[MAVLINK_MSG_STATUSTEXT_FIELD_TEXT_LEN+1] {};
if (!AP::battery().arming_checks(sizeof(buffer), buffer)) {
check_failed(ARMING_CHECK_BATTERY, report, buffer);
check_failed(ARMING_CHECK_BATTERY, report, "%s", buffer);
return false;
}
}