[riot-notifications] [RIOT-OS/RIOT] nanocoap: fix server-side option_count overflow (#10754)

Kaspar Schleiser notifications at github.com
Sat Jan 12 10:49:53 CET 2019


kaspar030 commented on this pull request.



> @@ -111,6 +111,9 @@ int coap_parse(coap_pkt_t *pkt, uint8_t *buf, size_t len)
                 DEBUG("optpos option_nr=%u %u\n", (unsigned)option_nr, (unsigned)optpos->offset);
                 optpos++;
                 option_count++;
+                if (option_count >= NANOCOAP_NOPTS_MAX) {

Yes. The new test seems to be working, it exposed that using "==" here caused to write one behind the options array. So I moved the check to the beginning of the if case.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/10754#discussion_r247308201
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190112/be27e57e/attachment-0001.html>


More information about the notifications mailing list