🛡️ Sentinel: [CRITICAL] Fix buffer overflows in EAD protocol handlers#38
🛡️ Sentinel: [CRITICAL] Fix buffer overflows in EAD protocol handlers#38
Conversation
Explicitly bounds-check the lengths of decrypted network payloads against the underlying buffer sizes to prevent stack and heap overflows. Ensures length calculations from packets do not underflow into negative sizes causing `memcpy` faults. Signed-off-by: Jules Agent <jules@example.com> Co-authored-by: manupawickramasinghe <73810867+manupawickramasinghe@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
github-actions
bot
added
target/airoha
target/apm821xx
target/armsr
target/at91
target/ath79
target/bcm27xx
target/bcm47xx
target/bcm4908
target/bcm53xx
target/bmips
target/d1
target/econet
target/gemini
target/imx
target/ipq40xx
target/ipq806x
target/qualcommax
target/qualcommbe
target/ixp4xx
target/kirkwood
target/lantiq
target/layerscape
target/loongarch64
target/malta
target/mediatek
target/microchipsw
target/mpc85xx
target/mvebu
labels
github-actions
bot
added
target/mxs
target/octeon
target/omap
target/pistachio
target/qoriq
target/ramips
target/realtek
target/rockchip
target/sifiveu
target/siflower
target/starfive
target/stm32
target/sunxi
target/tegra
target/uml
target/x86
target/zynq
target/imagebuilder
kernel
core packages
build/scripts/tools
toolchain
GitHub/CI
labels
1 participant
🛡️ Sentinel: [CRITICAL] Fix buffer overflows in EAD protocol handlers
🚨 Severity: CRITICAL
💡 Vulnerability: EAD service (
ead.c) and client (ead-client.c) lacked strict bounds checking when processing payload lengths from network packets.🎯 Impact: Attackers could send malformed UDP packets with modified length fields that underflow to negative values or exceed allocated boundaries, leading to out-of-bounds array writes and
memcpyheap overflows (DoS/RCE).🔧 Fix: Added explicit boundaries verifying
msg->lencalculations are both> 0and< sizeof(buffer)prior to data extraction.✅ Verification: Compiled successfully using
make -C package/network/services/ead/src.PR created automatically by Jules for task 703436063192267359 started by @manupawickramasinghe