1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 06:32:45 +01:00
Commit Graph

23 Commits

Author SHA1 Message Date
Sören Tempel
06d572c2fc asymcute: fix one byte out-of-bounds access in _len_get
As per Section 5.2.1 of the MQTT-SN specification, the MQTT-SN length
header is either 1- or 3-octet long. If it is 3-octet long then the
first octet is 0x01. The asymcute implementation currently only checks
that the incoming packet is at least 2-octet long before attempting to
parse it (MIN_PKT_LEN). However, if the first octet is 0x01 the packet
must be more than 3 octet long in order to be valid. Since asymcute
does not check this it reads one octet beyond the packet data for a
2-octet packet where the first octet has the value 0x01. This commit
fixes this issue by adding an additional sanity check to _len_get.
2022-08-10 05:41:10 +02:00
Sören Tempel
fb660dbec6 asymcute: Compare request message type when matching acknowledgement
Currently, asymcute only matches an MQTT-SN request to its
acknowledgement using the MsgId header. However, I strongly believe
this to be insufficient as asymcute would thus also match a SUBACK
to a prior PUBLISH message (for example) as long as the message ID
matches. To address this issue, this commit modifies _req_preprocess
to also compare the request message type in addition to the message id.
2022-08-10 00:49:37 +02:00
Sören Tempel
4dcb8edcc8 asymcute: Fix deadlocks in REGACK, SUBACK and UNSUBACK handler
The handlers for these MQTT message lock the connection mutex on
function entry. During automated testing of asymcute, I discovered
return paths for these function which do not unlock the connection
mutex. This results in a deadlock which prevents asymcute from
sending any further messages.
2022-07-01 00:55:07 +02:00
Jan Romann
4384795cb9
treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
Hauke Petersen
ee01950ed7 net/asymcute: switch to sock_asnyc_event 2020-12-18 13:58:20 +01:00
Hauke Petersen
289688169e net/asymcute: fix short and pre-defined topics 2020-12-18 12:27:46 +01:00
Hauke Petersen
d5aa6c1311
Merge pull request #15675 from haukepetersen/opt_asymcute_rmstaticcasts
net/asymcute: rm explicit casts where applicable
2020-12-18 12:12:05 +01:00
Hauke Petersen
285681a4e0 net/asymcute: rm explicit casts where applicable 2020-12-18 10:36:55 +01:00
Hauke Petersen
5ff526f928 net/asymcute: fix msgId when publishing QOS0 2020-12-18 10:26:02 +01:00
Akshai M
1559aa1dc6 net/asymcute : Move 'ASYMCUTE_BUFSIZE' to 'CONFIG_'
Move ASYMCUTE_BUFSIZE to CONFIG_ namespace, update entry in Kconfig
2020-11-19 23:11:21 +01:00
Bas Stottelaar
1b35d06a51 sys/*: realign ENABLE_DEBUG 2020-10-23 11:27:48 +02:00
Bas Stottelaar
80d9da90df sys/*: add missing include of assert.h 2020-10-22 11:13:09 +02:00
Bas Stottelaar
47d376c5c3 sys/*: add explicit include of timex.h 2020-10-21 21:47:31 +02:00
Akshai M
8a6d2882f7 net/asymcute : Move 'ASYMCUTE_KEEPALIVE_PING' to 'CONFIG_' 2020-07-07 16:27:57 +05:30
Akshai M
a1df2e33b0 net/asymcute : Move 'ASYMCUTE_N_RETRY' to 'CONFIG_' 2020-07-07 16:27:57 +05:30
Akshai M
6dc5747c4b net/asymcute : Move 'ASYMCUTE_T_RETRY' to 'CONFIG_' 2020-07-07 16:27:57 +05:30
Akshai M
1753b84cba net/asymcute : Move 'ASYMCUTE_KEEPALIVE' to 'CONFIG_' 2020-07-07 16:27:57 +05:30
Akshai M
7ba0d3c76f net/asymcute : Move 'ASYMCUTE_TOPIC_MAXLEN' to 'CONFIG_' 2020-07-07 16:27:57 +05:30
Sören Tempel
30e4823e94 asymcute: don't make the assumption that req->arg is non-NULL
This fixes a denial of service where an attacker would be able to cause
a NULL pointer dereference by sending a spoofed packet. This attack only
requires knowledge about pending message ids.
2019-09-24 12:00:12 +02:00
Derek Hageman
18910cf4e2 asymcute: Reset keepalive counter on connection ACK
When a keepalive timeout occurs keepalive_retry_cnt remains zero,
so when the connection is re-established _on_keepalive_evt will
immediately disconnect instead of actually sending a keepalive ping.

The sequence looks like:
  1. _on_connack: start con->keepalive_timer
  2. Server does not respond to keepalive pings
  3. _on_keepalive_evt: con->keepalive_retry_cnt reaches zero
  4. Connection torn down and ASYMCUTE_DISCONNECTED sent to application
  5. Application starts reconnection
  6. _on_connack: start con->keepalive_timer again
  7. First _on_keepalive_evt: con->keepalive_retry_cnt is still zero
  8. Repeat from 4.

So this simply resets keepalive_retry_cnt in _on_connack when
the keepalive timer is restarted.  It's a new connection, so
resetting the keepalive retry counter make senses regardless.

Signed-off-by: Derek Hageman <hageman@inthat.cloud>
2019-08-20 17:23:05 -06:00
Hauke Petersen
785f59fb7f net/asymcute: make cli ID len conform to standard 2019-07-04 11:03:37 +02:00
Sören Tempel
2a6354b07d asymcute: check for minimum packet length early
Without this patch _len_get reads one byte beyond the con->rxbuf
if the incoming packet consists only of the byte 0x01.
2019-01-16 10:06:38 +01:00
Hauke Petersen
ad20c4f1cc net: add Asymcute (asynchronous MQTT-SN client) 2018-07-05 15:44:16 +02:00