[riot-notifications] [RIOT-OS/RIOT] Bugfix/nanocoap token overflow (#14075)

Maciej Jurczak notifications at github.com
Wed May 13 23:52:59 CEST 2020


### Contribution description

Fix for nanocoap read ouf of the input buffer:
https://github.com/RIOT-OS/RIOT/issues/14074

Corrected the options parsing loop condition to prevent skip-over the buffer end condition.
Added a pointer boundary check after adding token length declared in the packet header, but before making any access to the memory pointed by the current pkt_pos pointer.

### Testing procedure

### Issues/PRs references

https://github.com/RIOT-OS/RIOT/issues/14074
You can view, comment on, or merge this pull request online at:

  https://github.com/RIOT-OS/RIOT/pull/14075

-- Commit Summary --

  * Fixed buffer read out of the input packet bounds issue.
  * Added pointer range check after token length parsing.

-- File Changes --

    M sys/net/application_layer/nanocoap/nanocoap.c (8)

-- Patch Links --

https://github.com/RIOT-OS/RIOT/pull/14075.patch
https://github.com/RIOT-OS/RIOT/pull/14075.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/14075
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20200513/3c32915b/attachment.htm>


More information about the notifications mailing list