Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport] asymcute: fix one byte out-of-bounds access in _len_get #18453

Merged
merged 1 commit into from
Aug 15, 2022
Merged

[Backport] asymcute: fix one byte out-of-bounds access in _len_get #18453

merged 1 commit into from
Aug 15, 2022

Conversation

nmeum
Copy link
Member

@nmeum nmeum commented Aug 15, 2022

Backport of #18433

@nmeum
asymcute: fix one byte out-of-bounds access in _len_get
b73bdf3 
As per Section 5.2.1 of the MQTT-SN specification, the MQTT-SN length
header is either 1- or 3-octet long. If it is 3-octet long then the
first octet is 0x01. The asymcute implementation currently only checks
that the incoming packet is at least 2-octet long before attempting to
parse it (MIN_PKT_LEN). However, if the first octet is 0x01 the packet
must be more than 3 octet long in order to be valid. Since asymcute
does not check this it reads one octet beyond the packet data for a
2-octet packet where the first octet has the value 0x01. This commit
fixes this issue by adding an additional sanity check to _len_get.
@github-actions github-actions bot added Area: network Area: Networking Area: sys Area: System labels Aug 15, 2022
@miri64 miri64 added Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) Process: release backport Integration Process: The PR is a release backport of a change previously provided to master CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Aug 15, 2022
@miri64 miri64 enabled auto-merge August 15, 2022 12:25
@miri64 miri64 merged commit 920157b into RIOT-OS:2022.07-branch Aug 15, 2022
@chrysn chrysn added this to the Release 2022.07 milestone Aug 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miri64 miri64 miri64 approved these changes

@haukepetersen haukepetersen Awaiting requested review from haukepetersen haukepetersen is a code owner

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

@cgundogan cgundogan Awaiting requested review from cgundogan cgundogan is a code owner

Assignees
No one assigned
Labels
Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: release backport Integration Process: The PR is a release backport of a change previously provided to master Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2022.07
Development

Successfully merging this pull request may close these issues.
3 participants
@nmeum @miri64 @chrysn