fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-05-20 12:09:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
PX4-Autopilot/src/drivers/rc
History
Ramon Roche bf4fac7e61 fix(crsf_rc): validate variable-length packet size before buffer copy 
Variable-length known packet types (CRSF_PACKET_TYPE_ELRS_STATUS,
CRSF_PACKET_TYPE_LINK_STATISTICS_TX, CRSF_PACKET_TYPE_MSP_WRITE)
bypassed the bounds check that exists for unknown packets. A crafted
packet with a large size field could overflow the 64-byte process_buffer
during QueueBuffer_PeekBuffer() in the CRC state.

Apply the same CRSF_MAX_PACKET_LEN bounds check to variable-length
known packets that already exists for unknown packets.

Fixes GHSA-mqgj-hh4g-fg5p

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
2026-03-13 09:13:06 -07:00
..
crsf_rc
fix(crsf_rc): validate variable-length packet size before buffer copy
2026-03-13 09:13:06 -07:00
dsm_rc
module_base: remove CRTP template pattern to reduce flash bloat (#26476)
2026-02-19 15:17:17 +13:00
ghst_rc
module_base: remove CRTP template pattern to reduce flash bloat (#26476)
2026-02-19 15:17:17 +13:00
sbus_rc
module_base: remove CRTP template pattern to reduce flash bloat (#26476)
2026-02-19 15:17:17 +13:00
Kconfig
RC driver config Kconfig -typo (#24848)
2025-05-14 10:10:44 -08:00