1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-16 09:52:45 +01:00
Commit Graph

5 Commits

Author SHA1 Message Date
Sören Tempel
30e4823e94 asymcute: don't make the assumption that req->arg is non-NULL
This fixes a denial of service where an attacker would be able to cause
a NULL pointer dereference by sending a spoofed packet. This attack only
requires knowledge about pending message ids.
2019-09-24 12:00:12 +02:00
Derek Hageman
18910cf4e2 asymcute: Reset keepalive counter on connection ACK
When a keepalive timeout occurs keepalive_retry_cnt remains zero,
so when the connection is re-established _on_keepalive_evt will
immediately disconnect instead of actually sending a keepalive ping.

The sequence looks like:
  1. _on_connack: start con->keepalive_timer
  2. Server does not respond to keepalive pings
  3. _on_keepalive_evt: con->keepalive_retry_cnt reaches zero
  4. Connection torn down and ASYMCUTE_DISCONNECTED sent to application
  5. Application starts reconnection
  6. _on_connack: start con->keepalive_timer again
  7. First _on_keepalive_evt: con->keepalive_retry_cnt is still zero
  8. Repeat from 4.

So this simply resets keepalive_retry_cnt in _on_connack when
the keepalive timer is restarted.  It's a new connection, so
resetting the keepalive retry counter make senses regardless.

Signed-off-by: Derek Hageman <hageman@inthat.cloud>
2019-08-20 17:23:05 -06:00
Hauke Petersen
785f59fb7f net/asymcute: make cli ID len conform to standard 2019-07-04 11:03:37 +02:00
Sören Tempel
2a6354b07d asymcute: check for minimum packet length early
Without this patch _len_get reads one byte beyond the con->rxbuf
if the incoming packet consists only of the byte 0x01.
2019-01-16 10:06:38 +01:00
Hauke Petersen
ad20c4f1cc net: add Asymcute (asynchronous MQTT-SN client) 2018-07-05 15:44:16 +02:00