[riot-notifications] [RIOT-OS/RIOT] nanocoap: options buffer overflow (#10753)

nmeum notifications at github.com
Fri Jan 11 10:11:10 CET 2019


A possible hotfix for this issue:

```patch
diff --git a/sys/net/application_layer/nanocoap/nanocoap.c b/sys/net/application_layer/nanocoap/nanocoap.c
index 672d31b10..8f1963552 100644
--- a/sys/net/application_layer/nanocoap/nanocoap.c
+++ b/sys/net/application_layer/nanocoap/nanocoap.c
@@ -111,6 +111,9 @@ int coap_parse(coap_pkt_t *pkt, uint8_t *buf, size_t len)
                 DEBUG("optpos option_nr=%u %u\n", (unsigned)option_nr, (unsigned)optpos->offset);
                 optpos++;
                 option_count++;
+
+                if (option_count >= NANOCOAP_NOPTS_MAX)
+                    return -ENOMEM;
             }
 
             pkt_pos += option_len;
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/issues/10753#issuecomment-453442585
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190111/651e9e02/attachment.html>


More information about the notifications mailing list