Reject Zenoh payloads that exceed the expected uORB topic size plus
CDR header (4 bytes), or that are too small to contain a valid CDR
header. This prevents a stack overflow from crafted network input
where z_bytes_len(payload) controls a VLA allocation.
Fixes GHSA-69g4-hcqf-j45p
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Use logical OR (||) instead of AND (&&) in _workWrite() and _workBurst()
session validation, matching the correct logic already used in _workRead()
and _workTerminate(). The AND operator allowed operations to proceed with
an invalid session ID as long as a valid file descriptor existed.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Remove the old MAVLINK_FTP_UNIT_TEST infrastructure that has been dead
code for years (not enabled in any board config). This includes:
- src/modules/mavlink/mavlink_tests/ directory (test suite, CMakeLists)
- All #ifdef MAVLINK_FTP_UNIT_TEST blocks in mavlink_ftp.cpp
- set_unittest_worker() callback mechanism in mavlink_ftp.h
- Conditional uAvionix include in mavlink_bridge_header.h
The test suite will be ported to GTest as a follow-up.
Ref: https://github.com/PX4/PX4-Autopilot/issues/26738
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Add bounds checking in the CAN frame assembly loop to prevent a buffer
overflow when copying payloads into the Tattu12SBatteryMessage struct.
A crafted CAN frame with a corrupt payload_size could write past the
48-byte struct boundary. Also guard against payload_size of 0 which
would cause an unsigned integer underflow on the size_t subtraction.
Fixes GHSA-wxwm-xmx9-hr32
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Variable-length known packet types (CRSF_PACKET_TYPE_ELRS_STATUS,
CRSF_PACKET_TYPE_LINK_STATISTICS_TX, CRSF_PACKET_TYPE_MSP_WRITE)
bypassed the bounds check that exists for unknown packets. A crafted
packet with a large size field could overflow the 64-byte process_buffer
during QueueBuffer_PeekBuffer() in the CRC state.
Apply the same CRSF_MAX_PACKET_LEN bounds check to variable-length
known packets that already exists for unknown packets.
Fixes GHSA-mqgj-hh4g-fg5p
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Reject replies with length >= sizeof(BSTPacket) to prevent OOB read
in CRC calculation. Clamp dev_name_len to buffer size to prevent OOB
write during null termination.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
* docs(ekf2): clarify EKF2_HGT_REF param description
To me it was not obvious that with EKF2_GPS_CTRL=0 this altitude
initialisation based on GPS again does not apply.
* docs(ekf2): separate paragraph
Prevent potential stack overflow from symlink loops or deeply nested
directories by capping recursion to 3 levels. Also fixes dot-entry
skipping to use strcmp instead of prefix check, and deduplicates the
filepath construction.
* Applying PR #17084
* Comitting missing changes
* Adding incoming SETUP_SIGNING handling
* Adding proper message decoding for SETUP_SIGNING
* Adding persistance of sign key in chunks of 32 bits into parameters
* Allowing SETUP_SIGNING to be handled only on usb_uart
* Removing unused type and variable
* Changing the default for Mavlink Timestamp
* Fixing styling
* Merging
* Merging submodules
* Replacing parameters with sdcard storage for secured key and ts
* Fixing styles
* Isolating signing related items in separate class
* Adding new files
* Syncing with main
* Fixing styles
* Changing the signing logic to work only if key and ts properly initialized, adding store the ts on stop
* Updated submodules to latest versions
* Updated gz to proper version
* libfc-sensor-api to proper version
* libcanard to proper version
* Updated fuzztest to proper version
* Updated public_regulated_data_types to proper version
* Updated mip_sdk to proper version
* Updated pydronecan to proper version
* Updated rosidl to proper version
* Fixing styles
* Fixing cyclonedds version
* initializing sign control in the member declaration
* Update src/modules/mavlink/mavlink_main.h
Co-authored-by: Jacob Dahl <37091262+dakejahl@users.noreply.github.com>
* Fixing comments
* Fixing duplicate method
* Fixing defines
* Fixing styles
* Fixing the define errors
* replace duplicate logic with write_key_and_timestamp() function
* add docs
* Update docs/en/mavlink/message_signing.md
Co-authored-by: Julian Oes <julian@oes.ch>
* Update src/modules/mavlink/mavlink_sign_control.cpp
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
* Update src/modules/mavlink/mavlink_sign_control.h
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
* Update docs/en/mavlink/message_signing.md
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
* rename to MAV_SIGN_CFG, fix copyright dates, fix docs SHA type, rename secrets file
* fix newlines
---------
Co-authored-by: Jacob Dahl <37091262+dakejahl@users.noreply.github.com>
Co-authored-by: Jacob Dahl <dahl.jakejacob@gmail.com>
Co-authored-by: Julian Oes <julian@oes.ch>
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Add a new parameter to map a MAVLink MANUAL_CONTROL button to turtle
mode activation. When the manual control data source is a MAVLink
instance, the driver uses the buttons field directly instead of aux
channels. When the source is RC, the existing aux channel behavior
via VOXL_ESC_MODE is preserved. Set to -1 (default) to disable.
So transitions between stopped/not stopped respect the slew rate.
- Remove previous stopped motor handling in publish_actuator_controls
- Replace with handle_stopped_motors, called in Run() before slew
- Introduce ApplyNanToActuators in ControlAllocation to stop
- Refactor ice shedding slightly to fit new structure
