ChallengeMediumC++

Hardware Watchdog Reset Service

Scenario

An embedded service mediates access to a hardware watchdog timer. Registered processes must supply a secret token to request a reset; the service validates the token and then kicks the hardware counter. On safety-critical targets the reset mechanism must not be exploitable by a compromised or misbehaving process.

Business expectation

Only a process holding the exact current token may request a reset. After each successful reset the current token is invalidated and a fresh token is generated before the next reset is accepted. Passing an empty or shortened token must never succeed.

Security expectations

Token comparison must cover exactly kTokenLen bytes of the registered token. Passing a token shorter than kTokenLen must not bypass the check by causing a partial comparison.

Important context

Token generation is provided by the platform credential service in production. The generator body in this excerpt is a stub; review the reset validation and token invalidation flow.

41 lines

include/watchdog_service.h

Declares WatchdogService, kTokenLen, and the reset/refreshToken contract.

// WatchdogService: mediates access to the hardware watchdog timer.

#pragma once

#include <string>

// Fixed length of a registered reset token in bytes.

static constexpr size_t kTokenLen = 32;

// Mediates hardware watchdog resets for registered processes.

class WatchdogService {

public:

  // Parameters:

  //   initialToken - first registered token supplied by the registration service

  // Returns: new WatchdogService with the provided token installed

  explicit WatchdogService(const std::string& initialToken);

  // Validates callerToken and kicks the watchdog if it matches.

  // Parameters:

  //   callerToken - token supplied by the requesting process

  // Returns: true if the token was valid and the watchdog was reset;

  //          false on any mismatch. Token is invalidated after each successful use.

  bool reset(const std::string& callerToken);

  // Regenerates the token to a new pseudo-random value.

  // Parameters: none

  // Returns: void; token_ is replaced with a fresh kTokenLen-byte value

  void refreshToken();

  // Returns the current registered token (for test harness use only).

  const std::string& currentToken() const { return token_; }

private:

  std::string token_; // registered reset token; compared byte-for-byte

  // Parameters: none

  // Returns: void; writes the kick value to the hardware watchdog register

  void triggerHardwareReset();

  // Parameters: none

  // Returns: string of exactly kTokenLen pseudo-random bytes

  static std::string generateToken();

};

No findings yet

Click on a line number in the code to add a finding

You need to log in or sign up to submit.

You can inspect the challenge for free, but AI review and results require an account.

Sign inorSign up