Skip to content

UART Demo Projects #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: rmn30/uart_test
Choose a base branch
from
Draft

UART Demo Projects #18

wants to merge 5 commits into from

Conversation

adam-3bian
Copy link

No description provided.

@davidchisnall davidchisnall requested a review from rmn30 February 8, 2025 14:05
rmn30
rmn30 reviewed Feb 10, 2025
View reviewed changes
uart/at/controller/main.cc
else if (state->bufferIndex < BufferSize - 1)
{
state->buffer[state->bufferIndex++] = byte;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not so familiar with AT command processing but is it standard to just ignore characters in a command after 32 bytes?

Copy link
Collaborator

@rmn30 rmn30 Feb 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there's a second (intentional) overflow here if there is a BufferSize length or greater command followed by \n or \r?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the purposes of a demo, I've limited to 32-bytes. It allowed me to send a sensible input of 33 or above to see if at_state_process_input would stop the overrun.

For example, if you send:

AT=ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\r\n

The current code should read both \r and \n as new line characters. This isn't standard behaviour. Probably only \r should be used and \n should be ignored if found afterwards.

rmn30
rmn30 reviewed Feb 10, 2025
View reviewed changes
uart/at/controller/main.cc
if (state->buffer[i] == '=')
{
state->buffer[i] = '\0';
argument = &state->buffer[i + 1];
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the at_command_set handler assumes this is null terminated so I think I could trigger a crash if it isn't? Potentially a nice demo to have a compartment_error_handler that handles this.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also argument is out of bounds if there is a BufferSize command that ends in =.

rmn30
rmn30 reviewed Feb 10, 2025
View reviewed changes
uart/at/controller/main.cc
ATCommand commands[MaxCommands];
uint8_t commandCount;
char buffer[BufferSize];
char argument[ArgumentSize];
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field is unused.

@rmn30
Copy link
Collaborator

rmn30 commented Feb 10, 2025
edited
Loading

In case you are wondering why you're not getting traps in your example it may be because we have not turned on sub-object bounds by default so all the overflows of ATState.buffer are actually in the same object. You might want to add -Xclang -cheri-bounds=subobject-safe when compiling. Note that the overflows would still be difficult to exploit except as DoS due to not being able to forge pointers on CHERI.

More info: https://www.cl.cam.ac.uk/~pffm2/sosp2023_cheri_tutorial/exercises/4_subobject-bounds/README.html

@rmn30
Copy link
Collaborator

rmn30 commented Feb 10, 2025

Also re. code style since this is C++ all the functions that take an ATState * should be methods (or constructors) of ATState!

@adam-3bian
Copy link
Author

Some code I've previously kept as C compatible to allow for easy binding to other languages. This was probably OK for a proof of concept, but not for the final solution.

@adam-3bian
Copy link
Author

I need to run another pass over this, hopefully the code takes on board your C/C++ comments. Uses only carriage return now. I still need to implement compartment_error_handler. Ideally the AT commands should be case insensitive.

adam-3bian
adam-3bian commented Feb 11, 2025
View reviewed changes
uart/at/controller/xmake.lua
priority = 1,
entry_point = "entry_point",
stack_size = 0x800,
stack_size = 0x1200,
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stack sizes to be lowered in next commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rmn30 rmn30 rmn30 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adam-3bian @rmn30