[riot-notifications] [RIOT-OS/RIOT] examples / tests: return value of `gnrc_netif_hdr_build()` not checked in udp.c (#11631)
notifications at github.com
Tue Jun 4 18:41:38 CEST 2019
IF YOUR ISSUE IS RELATED TO SECURITY
please submit it to the security mailing-list security at riot-os.org.
If your issue is a question related to the usage of RIOT, please submit it to
the user mailing-list users at riot-os.org or to the developer mailing-list
devel at riot-os.org.
This is an error that was copied over multiple applications, this is why I can't fix it right now, but I wanted to report it.
The return value of `gnrc_netif_hdr_build()` is not checked in most versions of the `udp send` for GNRC I came across. This results in the node to crash if the packet happens to have a very large payload https://github.com/RIOT-OS/RIOT/blob/6b582fd5d0ad95b1b5b856b89c3d25e454cff1b3/examples/gnrc_networking/udp.c#L90-L93
Example: Cannot build gnrc_networking application for samr21-xpro board.
#### Steps to reproduce the issue
Merge #11623 and build any application containing `udp.c` with `USEMODULE=gnrc_ipv6_ext_frag` (preferably one that can send large payloads like `tests/gnrc_udp`). Then send a packet that is just big enough to allow for allocation of the payload, the IPv6 header and UDP header.
udp send fe80::2806:1aff:fedd:f6d8 20908 6000
Probably also works with `slipdev` as device, but I did not test that.
Try to describe as precisely as possible here the steps required to reproduce
the issue. Here you can also describe your hardware configuration, the network
#### Expected results
The packet should not be send, an error message like e.g.
Error: unable to allocate NETIF header
should be printed.
Example: The gnrc_networking application builds on samr21-xpro.
#### Actual results
The node crashes due to a NULL pointer dereference.
Please paste or specifically describe the actual output.
Current master (https://github.com/RIOT-OS/RIOT/commit/6b582fd5d0ad95b1b5b856b89c3d25e454cff1b3) with #11623.
Operating system: Mac OSX, Linux, Vagrant VM
Build environment: GCC, CLang versions (you can run the following command from
the RIOT base directory: make print-versions).
<!-- Thanks for contributing! -->
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the notifications