Spoiler alert: it makes the WRT120N look like Fort Knox. These companies have come a long way over the years.
My model is sort of listed in their supported hardware section (it's the Japanese version of the Buffalo WZR-600DPH2, though the "2" at the end is missing in their database).
Even a rookie would spot such mistake and exploit it, it's always among the first obstacles to bypass at local CTFs and it's the #1 exploit that people think about when they think about a "security vulnerability".
- Enable all warnings as errors
- Sanitize all inputs via assertions, or similar
- Provide proper unit tests
- Have a static analyzer configured for the continuous build that breaks the build if issues are found
- Specially don't allow anything to go through the static analyzer that is labeled as undefined or compiler specific according to the ANSI/ISO C standard
- Read MISRA C
Most people don't take their router in to a repair shop when the get a virus on their computer.
Also, some of these firmwares are based on an existing code base, it's just cheaper to hack it than replace it.
Just a thought. Seems like less a perturbation than rewriting a limited resource device for one feature.
If you sanitise inputs a wee bit, chances are you'll forget some. Or some endpoints. Or you'll sanitise based on ASCII but accept non-minimal UTF-8 encoding. Or non-ascii encodings altogether.
Making it extremely hard to impossible to implement the error class sounds like a better idea.
And I've never even been interested in UTF-8, much
less implemented anything that uses it.
I think the OP is a little too cute with "don't use sprintf()" - it and snprintf() can both be used completely safely.
Now, it may well be that the UI can be completely done in, say, eLua and the guts of the thing done in 'C'. I'd go for that if it made any sense to any body else on the team. As a practice, I avoid working on things that will be on the larger Internet.
I think it's not a matter of language or "safety" or "security" or anything else; it's a very, very, VERY simple matter of knowing the sizes and limits whenever you write code or design anything. Somehow I think all this... astounding ignorance stems from the misconception that memory is somehow an infinite resource, or the discouraging "if you need to know the limits, you're doing it wrong" type of thought. It is very important that you know the limits, so that you can work within them.
(Capitalising the words "Stack Overflow" is now a bit confusing, thanks to the site of the same name...)
Until customers will demand more security than fancy features this problem will not be addressed.
There was one router that had a built in backdoor, lets say you hit the router on a hidden page /sysctrl.html, which gives you essentially a poor-man's console with an input to send any command as root and it writes the output into a textarea. I mean it's as simple as launching telnet and then you're on the router as root.
I _think_ that page was behind auth; either way, anybody who had gotten on my home router could just have stepped over and unplugged it, so it wasn't an issue in my case.
Embedded devices are woefully insecure and no one seems to care!