If token length in the header was longer than actually provided in the following payload, read out of the input buffer bounds or processing of data beyond the actual input packet bound could happen. In order to remove the risk, the options loop condition was modified to early detect the condition and abort packet processing if a malformed packet is detected.
nanocoap: Added pointer range check after token length parsing.
Added a check to verify if the current packet parsing pointer is still within the packet boundaries after incrementing by the token length declared in the header. If packet is malformed an error code is returned.
nanocoap: Combined packet length checks
Combined packet length checks after reading token length and processing options into a single packet length validation after the options parsing loop. The entry to the options parsing loop is safe as the while loop condition protects against entering the loop if the token length was invalid.
This does two things:
The documentation of `luid_get()` is wrong, or at least confusing.
It talks about
> an 8-bit incrementing counter value into the most significant byte
while the implementation does
((uint8_t *)buf)[0] ^= lastused++; // 0 is LSB!
Now it could be argued that the intention was that the ID is supposed
to be used in Big Endian contexts and that was an omission, however
to keep everyone's sanity, let's keep it simple and just state that this
actually changes the LSB.
Also add a `luid_get_lb()` function that does the same, but modifies the
most significant byte - or the last byte if looking at the index.
This can then be used directly by e.g. #13743
__set_PRIMASK(state) had been directly inlined to avoid a hardfault that
occured when branching after waking up from sleep with DBG_STANDBY,
DBG_STOP or DBG_SLEEP set in DBG_CR.
The hardfault occured when returning from the branch to irq_restore,
since the function is now inlined the branch does not happen either.
Refer to #14015 for more details.
irq_% are not inlined by the compiler which leads to it branching
to a function that actually implement a single machine instruction.
Inlining these functions makes the call more efficient as well as
saving some bytes in ROM.
The shell command offers no capability to parse the outgoing network
interface in the gateway host, so link-local addresses are not usable
with this example without this patch.
avrdude.mk and serial.mk was included twice. As a result of the former, avrdude
wasted one flash cycle and some time by writing the same firmware twice.
The offset of MTD regions must be aligned with erase sectors.
So in order not to waste address space, avoid misconfiguration and
eventually support storage media > 4 GiB, give the offset in sectors
instead of bytes.
It includes per-board support for the nrfutil programmer used with its
default bootloader; this is not generalized over Adafruit's boards as
they use incompatible versions of nrfutil.
