mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-10-14 16:57:41 -04:00
5a4fe788d7
Issue There is a possible vulnerability of Denial of Service attack by keeping the UDP socket for the SNTP client task always open in the coreSNTP demo. The Denial of Service attack can occur from receiving multiple server response (duplicated or malicious) for a single SNTP time request sent by the client, and thereby, filing the socket network buffer response packets that affect future time requests. Solution This PR fixes this vulnerability by updating the demo to keep a UDP socket open only for the time period of waiting for server response, closing the socket on either receiving a server response or experiencing server timeout, and re-creating a UDP socket for the next polling try. This PR also adds another security functionality using a random port for UDP socket to protect against spoofing attacks from "off-network path" attackers. |
||
|---|---|---|
| .. | ||
| DemoTasks | ||
| common_demo_include.h | ||
| core_pkcs11_config.h | ||
| core_sntp_config.h | ||
| core_sntp_demo.sln | ||
| demo_config.h | ||
| FreeRTOSConfig.h | ||
| FreeRTOSIPConfig.h | ||
| main.c | ||
| mbedtls_config.h | ||
| readme.url | ||
| WIN32.vcxproj | ||
| WIN32.vcxproj.filters | ||
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,11
[InternetShortcut]
IDList=
URL=https://www.freertos.org/sntp/sntp-demo.html