deac/osd-contiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Added boundary checks when parsing CoAP packets.

Browse source 
Thanks to Stephan Zeisberg for reporting this issue.
This commit is contained in:
Niclas Finne 2017-06-01 17:33:34 +02:00
parent ea4e080bae
commit 576ca6457f
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
apps/er-coap/er-coap.c
View file

@ -529,8 +529,21 @@ coap_parse_message(void *packet, uint8_t *data, uint16_t data_len)
++current_option; ++current_option;
} }
if(current_option + option_length > data + data_len) {
/* Malformed CoAP - out of bounds */
PRINTF("BAD REQUEST: options outside data packet: %u > %u\n",
(unsigned)(current_option + option_length - data), data_len);
return BAD_REQUEST_4_00;
}
option_number += option_delta; option_number += option_delta;
if(option_number > COAP_OPTION_SIZE1) {
/* Malformed CoAP - out of bounds */
PRINTF("BAD REQUEST: option number too large: %u\n", option_number);
return BAD_REQUEST_4_00;
}
PRINTF("OPTION %u (delta %u, len %zu): ", option_number, option_delta, PRINTF("OPTION %u (delta %u, len %zu): ", option_number, option_delta,
option_length); option_length);