RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

Merge pull request #20549 from chrysn-pull-requests/gcoap-asan

Browse Source 
gcoap: Avoid reading beyond defined input buffer
This commit is contained in:
Teufelchen 2024-07-30 10:13:41 +00:00 committed by GitHub
commit 1e6164fd68
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/net/application_layer/gcoap/gcoap.c
View File

@ -1658,6 +1658,9 @@ ssize_t gcoap_req_send(const uint8_t *buf, size_t len,
ssize_t res = _cache_check(buf, len, memo, &cache_hit);
if (res < 0) {
DEBUG("gcoap: Error from cache check");
memo->state = GCOAP_MEMO_UNUSED;
mutex_unlock(&_coap_state.lock);
return res;
}
len = res;
@ -1665,13 +1668,22 @@ ssize_t gcoap_req_send(const uint8_t *buf, size_t len,
switch (msg_type) {
case COAP_TYPE_CON:
/* Can't store it for retransmission, even though sending it from
* the provided buffer once is possible */
if (len > CONFIG_GCOAP_PDU_BUF_SIZE) {
DEBUG("gcoap: Request too large for retransmit buffer");
memo->state = GCOAP_MEMO_UNUSED;
mutex_unlock(&_coap_state.lock);
return -EINVAL;
}
/* copy buf to resend_bufs record */
memo->msg.data.pdu_buf = NULL;
for (int i = 0; i < CONFIG_GCOAP_RESEND_BUFS_MAX; i++) {
if (!_coap_state.resend_bufs[i][0]) {
memo->msg.data.pdu_buf = &_coap_state.resend_bufs[i][0];
memcpy(memo->msg.data.pdu_buf, buf,
CONFIG_GCOAP_PDU_BUF_SIZE);
len);
memo->msg.data.pdu_len = len;
break;
}