1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00

gcoap: Avoid reading beyond defined input buffer

This commit is contained in:
chrysn 2024-04-06 11:28:03 +02:00
parent 4a4101b3b8
commit 502406dbbb

View File

@ -1664,13 +1664,19 @@ ssize_t gcoap_req_send(const uint8_t *buf, size_t len,
switch (msg_type) { switch (msg_type) {
case COAP_TYPE_CON: case COAP_TYPE_CON:
/* Can't store it for retransmission, even though sending it from
* the provided buffer once is possible */
if (len > CONFIG_GCOAP_PDU_BUF_SIZE) {
return -EINVAL;
}
/* copy buf to resend_bufs record */ /* copy buf to resend_bufs record */
memo->msg.data.pdu_buf = NULL; memo->msg.data.pdu_buf = NULL;
for (int i = 0; i < CONFIG_GCOAP_RESEND_BUFS_MAX; i++) { for (int i = 0; i < CONFIG_GCOAP_RESEND_BUFS_MAX; i++) {
if (!_coap_state.resend_bufs[i][0]) { if (!_coap_state.resend_bufs[i][0]) {
memo->msg.data.pdu_buf = &_coap_state.resend_bufs[i][0]; memo->msg.data.pdu_buf = &_coap_state.resend_bufs[i][0];
memcpy(memo->msg.data.pdu_buf, buf, memcpy(memo->msg.data.pdu_buf, buf,
CONFIG_GCOAP_PDU_BUF_SIZE); len);
memo->msg.data.pdu_len = len; memo->msg.data.pdu_len = len;
break; break;
} }