Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :219646] Untrusted value as argument in subsys/net/lib/coap/coap.c #33040

Closed
zephyrbot opened this issue Mar 7, 2021 · 1 comment
Closed

[Coverity CID :219646] Untrusted value as argument in subsys/net/lib/coap/coap.c #33040

zephyrbot opened this issue Mar 7, 2021 · 1 comment
Assignees
@rlubos
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/subsys/net/lib/coap/coap.c

Category: Insecure data handling
Function: coap_reply_init
Component: Networking
CID: 219646

Details:

zephyr/subsys/net/lib/coap/coap.c

Line 1333 in bd97359

age = coap_get_option_int(request, COAP_OPTION_OBSERVE);

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Mar 7, 2021
@rlubos
Copy link
Contributor

rlubos commented Mar 9, 2021

False positive.

Coverity says that Calling function parse_option with tainted argument *cpkt->data taints offset. That's not the case, because the offset value is incremented by the value of the decoded option length, and it's verified that the decoded option length does not exceed the boundaries of the packet received (https://github.com/zephyrproject-rtos/zephyr/blob/master/subsys/net/lib/coap/coap.c#L400).

@rlubos rlubos closed this as completed Mar 9, 2021
This was referenced Mar 9, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@nandojve nandojve mentioned this issue Mar 9, 2021
Closed
@rlubos rlubos mentioned this issue Jun 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rlubos rlubos

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rlubos @zephyrbot