New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integer overflow in MbedOS CoAP library parser #12930
Comments
|
Thank you for raising this detailed GitHub issue. I am now notifying our internal issue triagers. |
|
cc @teetak01 |
|
Thanks for the reports related to CoAP library. We will go through the findings. |
|
@teetak01 No problem. Let me know if I can assist with reproducing or suggesting fixes. |
|
Thanks @mjurczak, mbed-coap is developed in https://github.com/ARMmbed/mbed-coap repository. We would appreciate any contributions and/or feedback there. |
|
A solution proposal: |
|
Hi @teetak01, I understand. I will clean-up the code and commits a bit, and open new PRs targeting specific issues in mbed-coap repository. |
Description of defect
References:
https://github.com/ARMmbed/mbed-os/tree/mbed-os-5.15.3/features/frameworks/mbed-coap
https://github.com/ARMmbed/mbed-coap/tree/v5.1.5
File:
sn_coap_parser.c
Analysis:
Unhandled option length variable roll-over occurs if extended option length encoding is used with >65535 length encoded. The frame is further processed with the result of integer roll-over.
mbed-os/features/frameworks/mbed-coap/source/sn_coap_parser.c
Lines 341 to 354 in b6370b4
Type:
Result:
Target(s) affected by this defect ?
Toolchain(s) (name and version) displaying this defect ?
N/A
What version of Mbed-os are you using (tag or sha) ?
MbedOS 5.15.3
What version(s) of tools are you using. List all that apply (E.g. mbed-cli)
N/A
How is this defect reproduced ?
N/A
The text was updated successfully, but these errors were encountered: