username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

fix: Enable stack canaries, heap poisoning, WDT panic; remove dead code

Browse Source 
- CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y (buffer overflow detection)
- CONFIG_HEAP_POISONING_LIGHT=y (use-after-free/corruption detection)
- CONFIG_ESP_TASK_WDT_PANIC=y (auto-reboot on hung task)
- Remove unused #include "esp_now.h" (CVE-2025-52471 mitigation)
- Replace hardcoded default IP 192.168.129.11 with 0.0.0.0 in Kconfig
This commit is contained in:
user
2026-02-14 22:16:13 +01:00
parent 31724df63f
commit 0bcb5ddf0c
7 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ROADMAP.md
View File

@@ -167,8 +167,11 @@ Note: Promiscuous mode (probe/deauth capture) disabled on original ESP32 — bre
- [x] Serial console AUTH management
- [x] Auto-generated auth secret on first boot
- [x] Pentest completed: 50+ tests, all network-facing tests PASS
- [ ] Enable stack canaries (`CONFIG_COMPILER_STACK_CHECK_MODE_NORM`)
- [ ] Enable heap poisoning (`CONFIG_HEAP_POISONING_LIGHT`)
- [x] Enable stack canaries (`CONFIG_COMPILER_STACK_CHECK_MODE_NORM`)
- [x] Enable heap poisoning (`CONFIG_HEAP_POISONING_LIGHT`)
- [x] Enable WDT panic (`CONFIG_ESP_TASK_WDT_PANIC`)
- [x] Remove unused `#include "esp_now.h"` (CVE-2025-52471 mitigation)
- [x] Remove hardcoded default IP from Kconfig (use TARGET command)
- [ ] Multi-target (send data to 2+ UDP destinations)
## Web Backend (`~/git/esp32-web/`)