giomba/nes-proj
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

coap: added check for block offset overflow in block2 requests.

Browse Source 
The block offset is stored in a signed variable in calls to CoAP handlers and
too large block offsets will overflow into negative values.

Thanks to Bruno Melo for reporting this issue.
This commit is contained in:
Niclas Finne 2018-04-12 17:34:35 +02:00
parent 9c1b8448e8
commit 24e24b8edc
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
os/net/app-layer/coap/coap-engine.c
View File

@ -199,10 +199,18 @@ coap_receive(const coap_endpoint_t *src,
new_offset = block_offset;
}
/* call CoAP framework and check if found and allowed */
status = call_service(message, response,
transaction->message + COAP_MAX_HEADER_SIZE,
block_size, &new_offset);
if(new_offset < 0) {
LOG_DBG("Blockwise: block request offset overflow\n");
coap_status_code = BAD_OPTION_4_02;
coap_error_message = "BlockOutOfScope";
status = COAP_HANDLER_STATUS_CONTINUE;
} else {
/* call CoAP framework and check if found and allowed */
status = call_service(message, response,
transaction->message + COAP_MAX_HEADER_SIZE,
block_size, &new_offset);
}
if(status != COAP_HANDLER_STATUS_CONTINUE) {
if(coap_status_code == NO_ERROR) {