Fix nasa/cFS#945: Harden CS_OneShotCmd against DoS via secondary memory validation

[Shrey-N]

Checklist (Please check before submitting)

• I reviewed the Contributing Guide.
• I signed and emailed the appropriate Contributor License Agreement to GSFC-SoftwareRelease@mail.nasa.gov and copied cfs-program@lists.nasa.gov.

Describe the contribution
This PR addresses a critical Denial of Service (DoS) vulnerability in the CS application's OneShot command. On certain platforms, the initial memory validation is too permissive, allowing invalid or unmapped addresses to be passed to the background child task. When the child task attempts to calculate a checksum on this memory, it triggers a segmentation fault (SIGSEGV) and crashes the application.

This fix introduces a secondary, application level validation layer that checks requested memory ranges against a whitelist of known safe segments.

• Fixes [SECURITY] DoS via Invalid Memory Access in cFS CS Application cFS#945

Testing performed

1. Build steps: Built targeting the pc-linux platform within a standard cFS bundle.
2. Execution steps:
   • Sent a OneShot command with an unmapped memory address.
   • Verified the command was rejected with a specific error event.
   • Verified the command error counter incremented.
   • Verified the CS application remained stable (no crash).
   • Verified that valid memory requests still process correctly.

Expected behavior changes

• API Change: Added a new internal utility function for address range verification.
• Behavior Change: OneShot commands requesting memory outside of configured safe zones are now rejected with an error event instead of crashing the system.
• Impact: Security hardening for the Checksum application.

System(s) tested on

• Hardware: PC (x86_64)
• OS: Ubuntu 22.04 LTS
• Versions: cFE 7.0 (Latest Release)

Additional context
The validation logic was implemented using overflow safe subtraction math to prevent boundary check bypasses via large memory size parameters.

Third party code
None.

Contributor Info

• Full Name: Shrey Naithani
• Organization: N/A (Independent Contributor)
• CLA: Signed and emailed to GSFC-SoftwareRelease@mail.nasa.gov.