New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
uri_parser: check if uri is long enough to even contain a :// #15930
Conversation
95aeb76
to
e2cad36
Compare
Before attempting to access these characters. This fixes an out-of-bounds read on the provided URI buffer.
e2cad36
to
333572e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good as is. I think we need another check after consuming the scheme whether there is still space in buffer to consume (similar to here: https://github.com/RIOT-OS/RIOT/pull/15929/files#diff-05fd96efad40b0211dd1f6c15d061bc4c810f3b9f0c18eb5d33b054413aa6d75R235). But we can do that in the other PR. I'll just rebase my PR onto your's once we merged it.
Contribution description
Before attempting to access the
://part of the URI it is necessary to check that the URI is long enough to actually contain this string and data following it. Otherwise, a read outside the bounds of the provided buffer is performed if the buffer is too small.Testing procedure
Application code:
Makefile:
Run:
Issues/PRs references
This is similar to #15927 but not addressed in #15929.