mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-18 12:52:44 +01:00
3be2c51c42
If token length in the header was longer than actually provided in the following payload, read out of the input buffer bounds or processing of data beyond the actual input packet bound could happen. In order to remove the risk, the options loop condition was modified to early detect the condition and abort packet processing if a malformed packet is detected. nanocoap: Added pointer range check after token length parsing. Added a check to verify if the current packet parsing pointer is still within the packet boundaries after incrementing by the token length declared in the header. If packet is malformed an error code is returned. nanocoap: Combined packet length checks Combined packet length checks after reading token length and processing options into a single packet length validation after the options parsing loop. The entry to the options parsing loop is safe as the while loop condition protects against entering the loop if the token length was invalid. |
||
|---|---|---|
| .. | ||
| application_layer | ||
| ble | ||
| credman | ||
| crosslayer | ||
| gnrc | ||
| link_layer | ||
| netdev_test | ||
| netif | ||
| network_layer | ||
| routing | ||
| sock | ||
| transport_layer | ||
| doc.txt | ||
| Kconfig | ||