-
Notifications
You must be signed in to change notification settings - Fork 374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory overwrite in message_send (allocLen and pktBufferLen are not the same) #105
Comments
ieei0214
pushed a commit
to ieei0214/wakaama
that referenced
this issue
Mar 10, 2016
coap_serialize_get_size need to add token_len. Signed-off-by: Ricky Liu <ricky.jh.liu@wnc.com.tw>
ieei0214
added a commit
to ieei0214/wakaama
that referenced
this issue
Mar 10, 2016
coap_serialize_get_size need to add token_len. Signed-off-by: Ricky Liu <ieei.liu@gmail.com>
dnav
added a commit
that referenced
this issue
Mar 10, 2016
Fix for issue #105: memory overwrite in message_send.
Fixed by #107 |
vslapik
pushed a commit
to vslapik/wakaama
that referenced
this issue
Apr 20, 2017
coap_serialize_get_size need to add token_len. Signed-off-by: Ricky Liu <ieei.liu@gmail.com>
vslapik
pushed a commit
to vslapik/wakaama
that referenced
this issue
Apr 20, 2017
Fix for issue eclipse-wakaama#105: memory overwrite in message_send.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
The size of coap_serialize_get_size() doesn't match the size of coap_serialize_message(). It will cause memory overwrite.
allocLen=51 pktBufferLen=57
`coap_status_t message_send(lwm2m_context_t * contextP,
coap_packet_t * message,
void * sessionH)
{
coap_status_t result = INTERNAL_SERVER_ERROR_5_00;
uint8_t * pktBuffer;
size_t pktBufferLen = 0;
size_t allocLen;
}
`
Trying to bind LWM2M Client to port 56830
LWM2M Client "testlwm2mclient" started on port 56830
The text was updated successfully, but these errors were encountered: