Skip to content

Fix cFS DoS via Unvalidated AppEntryPoint#2685

Open
aw0lid wants to merge 1 commit into
nasa:mainfrom
aw0lid:fix-dos-vulnerability-2684
Open

Fix cFS DoS via Unvalidated AppEntryPoint#2685
aw0lid wants to merge 1 commit into
nasa:mainfrom
aw0lid:fix-dos-vulnerability-2684

Conversation

@aw0lid

@aw0lid aw0lid commented Mar 16, 2026

Copy link
Copy Markdown

Description

This Pull Request addresses the Denial of Service (DoS) vulnerability reported in #2684. It adds a validation layer within CFE_ES_AppCreate to ensure that the requested AppEntryPoint (symbol name) is not already in use by any active application or core service.

Fix Logic

The fix implements a two-tier validation strategy for the AppEntryPoint:

  1. Namespace Protection: Pre-emptively rejects entry points starting with reserved prefixes (CFE_ or OS_). This prevents external apps from attempting to reuse core system symbols.
  2. Redundancy Check: Iterates through the AppTable while holding the SharedData lock to verify if the provided InitSymbolName is already in use by another running application.

This ensures the system rejects unauthorized or conflicting entry points before resource allocation, preventing OSAL mutex name collisions and fatal system aborts (SIGABRT).

Testing Performed

Verified on cFS Draco (v7.0.0).

  • Test Method: Used a custom Python script to inject raw UDP CFE_ES_START_APP_CC packets.
  • Scenario 1 (Core Symbol): Attempted to start an app with AppEntryPoint set to CFE_ES_Main.
  • Scenario 2 (Duplicate App): Attempted to start an app with AppEntryPoint set to SCH_LAB_AppMain (already running).
  • Observed Result: In both cases, the system correctly caught the conflict, logged the specific rejection reason to SysLog, and returned CFE_ES_ERR_DUPLICATE_NAME.
  • System Stability: The core remained operational; no SIGABRT or IOT instruction crashes occurred.

Impact

  • Increases system robustness against unvalidated ground command parameters.
  • Prevents accidental or malicious system-wide crashes due to symbol reuse.

Closes #2684

@aw0lid aw0lid marked this pull request as ready for review March 16, 2026 00:31
@dzbaker dzbaker added this to the v7.0.2 milestone Mar 16, 2026
@aw0lid aw0lid force-pushed the fix-dos-vulnerability-2684 branch from bf87ddd to 16f5514 Compare March 16, 2026 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

cFS DoS via Unvalidated AppEntryPoint in CFE_ES_START_APP_CC Command

2 participants