username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

fix: Enable stack canaries, heap poisoning, WDT panic; remove dead code

Browse Source 
- CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y (buffer overflow detection)
- CONFIG_HEAP_POISONING_LIGHT=y (use-after-free/corruption detection)
- CONFIG_ESP_TASK_WDT_PANIC=y (auto-reboot on hung task)
- Remove unused #include "esp_now.h" (CVE-2025-52471 mitigation)
- Replace hardcoded default IP 192.168.129.11 with 0.0.0.0 in Kconfig
This commit is contained in:
user
2026-02-14 22:16:13 +01:00
parent 31724df63f
commit 0bcb5ddf0c
7 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TODO.md
+5 -5
View File
@@ -3,11 +3,11 @@
## Firmware
### Security (from pentest findings)
- [ ] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries)
- [ ] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection)
- [ ] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery)
- [ ] Remove unused `#include "esp_now.h"` from app_main.c
- [ ] Remove hardcoded default IP `192.168.129.11` from binary
- [x] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries)
- [x] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection)
- [x] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery)
- [x] Remove unused `#include "esp_now.h"` from app_main.c
- [x] Remove hardcoded default IP `192.168.129.11` from binary
- [ ] Flash encryption planning (irreversible eFuse burn)
- [ ] Secure Boot V2 planning (irreversible eFuse burn)
- [ ] DTLS for UDP command channel (stretch goal)