mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
sys/clif: Fixing out of bounds read under certain conditions
This commit is contained in:
parent
be29a00d74
commit
8c295ab7cf
@ -177,22 +177,17 @@ ssize_t clif_add_attr(clif_attr_t *attr, char *buf, size_t maxlen)
|
|||||||
assert(attr);
|
assert(attr);
|
||||||
assert(attr->key);
|
assert(attr->key);
|
||||||
|
|
||||||
/* if no length given, calculate it */
|
|
||||||
if (!attr->key_len) {
|
|
||||||
attr->key_len = strlen(attr->key);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* count attr name size and separator ';' */
|
/* count attr name size and separator ';' */
|
||||||
size_t req_space = attr->key_len + 1;
|
size_t req_space = attr->key_len + 1;
|
||||||
size_t pos = 0;
|
size_t pos = 0;
|
||||||
int quoted = strcmp(attr->key, LF_ATTR_SIZE) ? 1 : 0;
|
int quoted = 0;
|
||||||
|
if (attr->key_len >= LF_ATTR_SIZE_S) {
|
||||||
|
quoted = strcmp(attr->key, LF_ATTR_SIZE) ? 1 : 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (attr->value) {
|
if (attr->value) {
|
||||||
if (!attr->value_len) {
|
|
||||||
attr->value_len = strlen(attr->value);
|
|
||||||
}
|
|
||||||
/* count also '=' */
|
/* count also '=' */
|
||||||
req_space += attr->value_len + 1;
|
req_space += attr->value_len + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (quoted) {
|
if (quoted) {
|
||||||
|
@ -237,9 +237,7 @@ ssize_t clif_add_target(const char *target, char *buf, size_t maxlen);
|
|||||||
* @note
|
* @note
|
||||||
* - If @p buf is NULL this will return the amount of bytes that would be
|
* - If @p buf is NULL this will return the amount of bytes that would be
|
||||||
* needed.
|
* needed.
|
||||||
* - If the lengths of the key or the value of the attribute are not
|
* - The length of the key must be set in `attr->key_len`.
|
||||||
* defined a NULL-terminated string will be assumed, and it will be
|
|
||||||
* calculated.
|
|
||||||
*
|
*
|
||||||
* @return amount of bytes used from the buffer if successful
|
* @return amount of bytes used from the buffer if successful
|
||||||
* @return CLIF_NO_SPACE if there is not enough space in the buffer
|
* @return CLIF_NO_SPACE if there is not enough space in the buffer
|
||||||
|
@ -82,9 +82,9 @@ static void test_clif_encode_links(void)
|
|||||||
const char exp_string[] = "</sensor/temp>;rt=\"temperature\";if=\"sensor\","
|
const char exp_string[] = "</sensor/temp>;rt=\"temperature\";if=\"sensor\","
|
||||||
"</node/info>,</node/ep>;ct=\"40\"";
|
"</node/info>,</node/ep>;ct=\"40\"";
|
||||||
clif_attr_t attrs[] = {
|
clif_attr_t attrs[] = {
|
||||||
{ .key = "rt", .value = "temperature" },
|
{ .key = "rt", .key_len = 2, .value = "temperature", .value_len = 11 },
|
||||||
{ .key = "if", .value = "sensor" },
|
{ .key = "if", .key_len = 2, .value = "sensor", .value_len = 6 },
|
||||||
{ .key = "ct", .value = "40" }
|
{ .key = "ct", .key_len = 2, .value = "40", .value_len = 2 }
|
||||||
};
|
};
|
||||||
|
|
||||||
clif_t links[] = {
|
clif_t links[] = {
|
||||||
@ -317,12 +317,10 @@ static void test_clif_get_attr_empty(void)
|
|||||||
|
|
||||||
static void tests_clif_decode_encode_minimal(void)
|
static void tests_clif_decode_encode_minimal(void)
|
||||||
{
|
{
|
||||||
char input_buf[] = "</sensors>";
|
#define BUFF_SIZE 50
|
||||||
|
|
||||||
/* The required buffer size is (in this case) equal to the input buffer
|
char input_buf[] = "</sensors>";
|
||||||
* plus one additional byte to hold the null termination */
|
char output_buf[BUFF_SIZE];
|
||||||
const size_t output_buf_size = strlen(input_buf) + 1;
|
|
||||||
char output_buf[output_buf_size];
|
|
||||||
clif_t out_link;
|
clif_t out_link;
|
||||||
|
|
||||||
ssize_t input_len = strlen(input_buf);
|
ssize_t input_len = strlen(input_buf);
|
||||||
@ -332,7 +330,7 @@ static void tests_clif_decode_encode_minimal(void)
|
|||||||
TEST_FAIL("Malformed input string");
|
TEST_FAIL("Malformed input string");
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t result_len = clif_encode_link(&out_link, output_buf, output_buf_size);
|
ssize_t result_len = clif_encode_link(&out_link, output_buf, BUFF_SIZE);
|
||||||
if (result_len == CLIF_NO_SPACE) {
|
if (result_len == CLIF_NO_SPACE) {
|
||||||
TEST_FAIL("No space left in the buffer");
|
TEST_FAIL("No space left in the buffer");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user