1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00
Commit Graph

129 Commits

Author SHA1 Message Date
Benjamin Valentin
d4aa8aad10 nanocoap: validate input with NDEBUG
A malformed or malicious CoAP request may contain invalid field lengths.
`nanocoap` protects with this by using `assert()`, which safely crashes
the application in debug mode.

In release mode the check is removed.

Instead of allowing arbitrary memory writes, return 0 on invalid inputs.

Discovered by [Coverity](https://scan3.coverity.com/reports.htm#v46910/p10250/fileInstanceId=38357789&defectInstanceId=9793779&mergedDefectId=297306)
2020-08-11 15:54:23 +02:00
Maciej Jurczak
edf016a6cb nanocoap: Added token length validation.
Implemented a check in coap_parse() to verify if TKL value is within valid range as specified by RFC7252. The token length must be within 0-8 range, any other value should be considered as invalid and the packet should produce message format error.
A test case was added to tests-nanocoap.c to verify correct behavior in case of TKL in range and out of range.

Update sys/net/application_layer/nanocoap/nanocoap.c

Prefixed debug message with module name and abbreviations expanded.

Co-authored-by: Martine Lenders <mail@martine-lenders.eu>

Update sys/net/application_layer/nanocoap/nanocoap.c

Prefixed debug message with module name and abbreviations expanded.

Co-authored-by: Martine Lenders <mail@martine-lenders.eu>
2020-05-25 22:44:50 +02:00
Maciej Jurczak
3be2c51c42 nanocoap: Fixed buffer read out of the input packet bounds issue.
If token length in the header was longer than actually provided in the following payload, read out of the input buffer bounds or processing of data beyond the actual input packet bound could happen. In order to remove the risk, the options loop condition was modified to early detect the condition and abort packet processing if a malformed packet is detected.

nanocoap: Added pointer range check after token length parsing.

Added a check to verify if the current packet parsing pointer is still within the packet boundaries after incrementing by the token length declared in the header. If packet is malformed an error code is returned.

nanocoap: Combined packet length checks

Combined packet length checks after reading token length and processing options into a single packet length validation after the options parsing loop. The entry to the options parsing loop is safe as the while loop condition protects against entering the loop if the token length was invalid.
2020-05-25 22:44:39 +02:00
Ken Bannister
595e8c631f
Merge pull request #13726 from benpicco/nanocoap-payload_helper
nanocoap: add payload helper functions
2020-05-03 08:56:30 -04:00
Benjamin Valentin
e5c20b143d nanocoap: add coap_payload_put_char() 2020-05-01 13:58:22 +02:00
Benjamin Valentin
2751708341 nanocoap: add payload helper functions
This adds two functions `coap_payload_add()` and `coap_payload_advance()`.

 - `coap_payload_add()` will add n bytes to the payload buffer and advance
    payload pointer accordingly.

    const char hello[] = "Hello CoAP!";
    coap_payload_add(pkt, hello, sizeof(hello));

 - `coap_payload_advance()` will advance the payload buffer after data
    has been added to it.

    int len = snprintf(pkt->payload, pkt->payload_len, "%s %s!", "Hello", "CoAP");
    coap_payload_advance(pkt, len);

I considered adding an additional parameter to keep track of the total request size
(returned size from coap_opt_finish() incremented by each added payload fragment),
but decided against it to keep consistency with the existing API.
2020-05-01 13:58:22 +02:00
Cenk Gündoğan
ea616abfda nanocoap: allow coap_opt_add_string() for zero-terminated strings 2020-04-22 12:28:48 +02:00
Leandro Lanzieri
46507ff247
Merge pull request #13894 from kb2ma/gcoap/ping
net/gcoap: add CoAP ping request
2020-04-21 12:23:54 +02:00
Cenk Gündoğan
6859de7855 nanocoap: export coap_opt_get_uint() 2020-04-17 22:39:44 +02:00
Ken Bannister
2d3eb1a343 net/nanocoap: validate empty message length 2020-04-17 08:15:20 -04:00
Leandro Lanzieri
b6be8af81c
net/nanocoap: Move NANOCOAP_QS_MAX to 'CONFIG_' namespace 2020-04-07 17:00:53 +02:00
Leandro Lanzieri
2f72189aa2
net/nanocoap: Move NANOCOAP_BLOCK_SIZE_EXP_MAX to 'CONFIG_' namespace 2020-04-07 17:00:53 +02:00
Leandro Lanzieri
4052c01e85
net/nanocoap: Move NANOCOAP_URI_MAX to 'CONFIG_' namespace 2020-04-07 17:00:53 +02:00
Leandro Lanzieri
c84576ef6e
net/nanocoap: Move NANOCOAP_NOPTS_MAX to 'CONFIG_' namespace 2020-04-07 17:00:52 +02:00
Ken Bannister
d57340c964 net/nanocoap: use new Uri-Query functions as primary implementation 2020-04-06 06:19:44 -04:00
Cenk Gündoğan
50900a1fbe nanocoap: add convenience function for PROXY_URI 2020-03-28 14:50:51 +01:00
Cenk Gündoğan
5e42e26a6e nanocoap: add const qualifier to pkt of coap_opt_get_opaque() 2020-03-25 13:38:21 +01:00
1d5010e126
nanocoap: make separate tree handling function
This refactors nanocoap to seperate out the resource tree parsing. It
allows for calling the tree handler with custom resource trees. The
advantage is that a resource with COAP_MATCH_SUBTREE can parse a new
separate resource tree.
2020-03-23 15:08:53 +01:00
Ken Bannister
c55837d809 net/nanocoap: add query option directly 2020-03-12 08:44:26 -04:00
Aiman Ismail
64f9658472 nanocoap: add coap_opt_add_uquery2() 2020-03-05 19:06:14 +01:00
Ken Bannister
0ed4fe2da6 net/coap: move/rename function to add query option 2020-01-29 09:23:47 -05:00
d4f3747705 sys/net: fix typos 2019-11-23 22:39:38 +01:00
8b06560c02
sys/net/nanocoap: correctly initialize array 2019-10-30 17:03:06 +01:00
95da51bd7f
sys/net/nanocoap: fix potential use of uinitialized variable 2019-10-30 17:03:06 +01:00
5d1480a4b8
sys/net/nanocoap: fail when start data cannot be parsed 2019-10-30 17:03:06 +01:00
1aa1e2c8cc
sys/net/nanocoap: return ENOENT if parsing option failed
This fixes a potential use of uninitialized len in subsequent function calls.

This was reported by scan-build
2019-10-30 17:03:06 +01:00
Ken Bannister
2dc4209c0e net/nanocoap: optimize determination of exponent for block szx 2019-10-03 13:17:09 -04:00
Ken Bannister
e22d4729e1 net/nanocoap: initialize offset attribute 2019-10-02 05:51:59 -04:00
Ken Bannister
2abcbc0d20 net/coap: add generic get block function 2019-10-02 05:51:59 -04:00
Ken Bannister
5eaa51e426 net/nanocoap: remove unused function 2019-10-02 05:51:59 -04:00
Ken Bannister
efb75c5c4c net/coap: improve slicer to block helper 2019-10-02 05:51:59 -04:00
Ken Bannister
dae9c4ab89 net/nanocoap: use coap_opt_add_uint() and remove unused 2019-10-02 05:51:59 -04:00
Ken Bannister
233dd31e17 net/nanocoap: add generic uint block option 2019-10-02 05:51:59 -04:00
benpicco
e942f86837
Merge pull request #11056 from kb2ma/coap/pkt_api_block_write
net/gcoap: add/use Packet API Block implementation
2019-09-24 21:43:33 +02:00
Ken Bannister
39eddce078 net/nanocoap: add function to retrieve opaque option 2019-09-11 05:40:14 -04:00
Sebastian Meiling
9f5951d216
Merge pull request #10214 from bergzand/pr/nanocoap/flags_uint32t
nanocoap: change method flag type to uint16_t
2019-09-09 12:33:17 +03:00
4d399bf444
nanocoap: change method flag type to uint32_t 2019-09-09 09:40:14 +02:00
Ken Bannister
4e89741b79 net/nanocoap: add function to iterate over options 2019-08-24 06:51:29 -04:00
Ken Bannister
6c8e646b83 net/nanocoap: check for payload marker when parse option 2019-08-24 06:51:29 -04:00
Ken Bannister
513ddfd79c net/nanocoap: add Packet API block write functions 2019-08-02 09:46:24 -04:00
Ken Bannister
64b4e0ad2d net/nanocoap: add block slicer init function 2019-07-30 13:10:10 -04:00
Ken Bannister
a6f919ef3e net/nanocoap: refactor block2_finish() 2019-07-30 13:10:10 -04:00
Ken Bannister
86edea81be net/nanocoap: use block init helper internally 2019-07-30 13:10:10 -04:00
Ken Bannister
69efaa1d56 net/nanocoap: add block init helper function 2019-07-30 13:10:10 -04:00
Ken Bannister
9dce54b54b net/nanocoap: refactor block option control use 2019-07-22 05:42:08 -04:00
Ken Bannister
4311f17e81 net/nanocoap: refactor block option put 2019-07-22 05:42:08 -04:00
Ken Bannister
64ba8e4ea9 net/nanocoap: document internal option functions 2019-07-18 05:21:40 -04:00
6c02521591 nanocoap: make coap_get_block2() actually fill struct 2019-07-05 15:29:58 +02:00
0ec9c57b2b add copyrights from IOTPUSH project 2019-05-02 12:09:37 +02:00
chrysn
09dc930d3a nanocoap: add some const qualifiers 2019-04-12 11:04:47 +02:00
chrysn
a51460984b nanocoap: Add coap_opt_add_opaque
This option complements the existing coap_opt_add_{uint,string} and even
more special-purpose functions; its implementation is trivial given the
existing static _add_opt_pkt function.

The method is useful when working with ETags (ETag, If-Match options).
2019-04-12 11:04:47 +02:00
88171698e0
Merge pull request #10931 from kb2ma/nanocoap/pktapi_opt_enospc
net/nanocoap: Packet API return error if buffer full
2019-04-03 14:49:44 +02:00
Ken Bannister
5bf2fc6227 net/nanocoap: return error from coap_opt_finish if no space 2019-03-19 05:30:04 -04:00
Ken Bannister
3cdf43607c net/nanocoap: Return error from coap_opt_add_xxx() if no space 2019-03-19 05:30:04 -04:00
Leandro Lanzieri
6bb4158c31 sys/net/application_layer/nanocoap: Add path prefix opt
This adds a prefix option for the methods field of a coap resource and
modifies the way the path is matched on a request to accept prefix
matching.
2019-03-17 14:26:11 +01:00
Sebastian Meiling
a65fede8c4
Merge pull request #10855 from kb2ma/nanocoap/simple_reply_safety
net/nanocoap: verify simple reply buffer
2019-01-24 12:08:31 +01:00
Ken Bannister
3343ed3674 net/nanocoap: verify reply length before write 2019-01-24 05:18:12 -05:00
Ken Bannister
e35bcb6853 net/nanocoap: fix remaining space calculation
The space calculation must use the same length as the eventual
return value.
2019-01-23 16:36:20 -05:00
Ken Bannister
85a658634f net/nanocoap: validate option length before write 2019-01-18 12:34:55 -05:00
Ken Bannister
b9f6354067 net/nanocoap: document function that writes option header 2019-01-18 12:34:55 -05:00
4b1b0aa84e sys/net/nanocoap: fix possible option_count overflow 2019-01-14 12:30:06 +01:00
Ken Bannister
424a01ddc1 net/gcoap: remove gcoap attributes from coap_pkt_t 2018-11-24 07:09:25 -05:00
Martine Lenders
78164977d8
Merge pull request #10223 from kb2ma/nanocoap/string_opt_first_char
net/nanocoap: fix string option separator write handling
2018-11-22 16:43:45 +01:00
Ken Bannister
fa77929cc7 net/nanocoap: fix string option separator handling
Assumed initial character was a separator when writing the option,
and skipped over it.
2018-11-22 09:25:05 -05:00
Lasse Lueder
18ae8ef90d net/nanocoap: use coap_data_ptr instead of hdr.data 2018-11-02 16:33:29 +01:00
Ken Bannister
ad38dd9a6f net/nanocoap: fix non-confirmable response type 2018-10-15 06:42:37 -04:00
726ebf3dad coap: use COAP_FORMAT style content-format defines
Replaces all occurences of COAP_CT_.* with COAP_FORMAT_.*
2018-10-15 09:44:17 +02:00
551b3513db nanocoap: Add server-side block2 support 2018-10-14 14:30:29 +02:00
Hauke Petersen
f3f673eb45 net/nanocoap: factor out generic CoAP defines 2018-09-26 14:31:57 +02:00
Hauke Petersen
becfce247d net/nanocoap: allow empty uri/location path option
For CoAP, there is actually a difference between
`/some/path` and `/some/path/`. This needs to be reflected
when parsing the URI and location path options from a given
string.
2018-09-11 10:06:57 +02:00
Hauke Petersen
4c08e77d00 net/nanocoap: improve option handling
- add generic string put and get functions
- add location path and location query options
- add dedicated functions for getting and setting
  URI query, URI path, location query, and location path
  options
2018-08-30 10:31:03 +02:00
7d013eb2b6 sys: fix doxygen grouping 2018-06-11 19:12:02 +02:00
Ken Bannister
43db2715cd net/nanocoap: create pkt-based request
Includes string and uint options.
2018-06-10 08:44:16 -04:00
4897222e7e nanocoap: add server-side block1 support 2018-04-16 12:31:56 +02:00
dee793d29f nanocoap: rework option handling 2018-04-10 20:58:06 +02:00
0729259390 nanocoap: add context ptr to coap_resource_t 2018-02-02 18:54:29 +01:00
Ken Bannister
c9b6e990f7 net/nanocoap: message ID received in host order 2018-01-12 05:58:52 -05:00
84bc849014 sys: net: nanocoap: ignore Uri-Host option 2017-12-01 12:55:45 +01:00
16bdbe5d32 sys: net: add nanocoap 2017-12-01 12:55:44 +01:00