Masu bincike daga rukunin NCC sakamakon binciken aikin kyauta , tsarin aiki na ainihi (RTOS), wanda ke da nufin ba da kayan aikin da suka dace da tsarin Intanet na Abubuwa (IoT, Intanet na Abubuwa). A lokacin tantancewa ya bayyana a cikin Zephyr da raunin 1 a cikin MCUboot. Ana haɓaka Zephyr tare da haɗin gwiwar kamfanonin Intel.
Gabaɗaya, an gano raunin 6 a cikin tarin cibiyar sadarwa, 4 a cikin kernel, 2 a cikin harsashi na umarni, 5 a cikin masu kula da kiran tsarin, 5 a cikin tsarin USB da 3 a cikin injin sabunta firmware. An ƙididdige batutuwa biyu masu mahimmanci, biyu suna da girma, 9 suna da matsakaici, 9 ƙananan, 4 kuma don la'akari. Matsaloli masu mahimmanci suna shafar tari na IPv4 da kuma MQTT parser, masu haɗari suna shafar yawan adadin USB da direbobin DFU na USB. A lokacin bayyanar da bayanai, an shirya gyare-gyare kawai don mafi haɗari 15 mafi haɗari; matsalolin da ke haifar da ƙin sabis ko alaƙa da lahani a cikin ƙarin hanyoyin kariya na kwaya sun kasance ba a gyara su ba.
An gano raunin da za a iya amfani da shi daga nesa a cikin jigon IPv4 na dandamali, wanda ke haifar da ɓarna a ƙwaƙwalwar ajiya lokacin sarrafa fakitin ICMP da aka gyara ta wata hanya. An sami wata babbar matsala a cikin ƙa'idar yarjejeniya ta MQTT, wanda ke haifar da rashin ingantaccen binciken tsawon filin rubutu kuma yana iya haifar da aiwatar da lambar nesa. Ana samun ƙarancin ƙin hana al'amurran sabis a cikin tarin IPv6 da aiwatar da ka'idar CoAP.
Ana iya amfani da wasu matsalolin a cikin gida don haifar da hana sabis ko aiwatar da lamba a matakin kernel. Yawancin waɗannan raunin suna da alaƙa da rashin ingantaccen bincike na muhawarar kira na tsarin, kuma yana iya haifar da saɓani na wuraren ƙwaƙwalwar kernel da ake rubutawa da karantawa. Matsalolin kuma sun mamaye lambar sarrafa kiran tsarin kanta-kiran lambar kiran mara kyau yana haifar da cikar lamba. Kwayar ta kuma gano matsalolin aiwatar da kariyar ASLR (adireshin bazuwar sararin samaniya) da kuma hanyar saita alamomin canary akan tari, wanda ya sa waɗannan hanyoyin ba su da tasiri.
Matsaloli da yawa suna shafar tulin USB da kowane direba. Misali, matsaloli a cikin ma'ajiya ta USB na iya haifar da cikar buffer da aiwatar da lamba a matakin kernel lokacin da na'urar ta haɗu da kebul na USB wanda maharin ke sarrafawa. Rashin lahani a cikin USB DFU, direba don loda sabon firmware ta USB, yana ba ku damar ɗora hoton firmware da aka gyara a cikin Flash na ciki na microcontroller ba tare da yin amfani da ɓoyayyen ɓoyewa ba tare da ƙetare ingantaccen yanayin taya tare da tabbatar da abubuwan da aka haɗa ta amfani da sa hannu na dijital. Bugu da ƙari, an yi nazarin lambar buɗe bootloader , wanda a cikinsa aka sami rauni ɗaya mara kyau.
wanda zai iya haifar da buffer ambaliya lokacin amfani da SMP (Simple Management Protocol) yarjejeniya akan UART.
Ka tuna cewa a cikin Zephyr, sararin adireshi na gama gari guda ɗaya kawai na duniya wanda aka tanadar (SASOS, Tsarin Tsare-tsare Tsare-tsare na adireshi ɗaya) don duk matakai. Ana haɗe takamaiman lambar aikace-aikace tare da takamaiman kernel don samar da aiwatar da monolithic wanda za'a iya lodawa da aiki akan takamaiman kayan aiki. An ƙayyade duk albarkatun tsarin a lokacin tattarawa, rage girman lambar da haɓaka aiki. Hoton tsarin zai iya ƙunsar waɗancan fasalolin kwaya kawai waɗanda ake buƙata don gudanar da aikace-aikacen.
Abin lura ne cewa daga cikin mahimman fa'idodin Zephyr ci gaba da aminci a zuciya. cewa duk matakan ci gaba suna ɗaukar matakai na tilas na tabbatar da tsaro na lambar: gwaji mai ban mamaki, bincike a tsaye, gwajin shiga, nazarin lambar, nazarin aiwatar da bayan gida da ƙirar ƙira.
source: budenet.ru