8000 nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery() [backport 2023.10] by MrKevinWeiss · Pull Request #20038 · RIOT-OS/RIOT · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery() [backport 2023.10] #20038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 2, 2023
Merged

nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery() [backport 2023.10] #20038

merged 1 commit into from
Nov 2, 2023

Conversation

MrKevinWeiss
Copy link
Contributor

Backport of #19994

Contribution description

If uri contains no path but only a query "?foo=bar" len would underflow. Fix this by detecting if there is no path.

Reported by @Yu3H0

Testing procedure

Issues/PRs references

GHSA-4hvc-7m7r-78xq

@benpicco @MrKevinWeiss
nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery()
6f3bd7b 
If uri contains no path but only a query "?foo=bar" `len` would underflow.
Fix this by detecting if there is no path.

Reported by @Yu3H0

(cherry picked from commit 0fa04a3)
@MrKevinWeiss MrKevinWeiss added the Area: CoAP Area: Constrained Application Protocol implementations label Nov 2, 2023
@MrKevinWeiss MrKevinWeiss added Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: release backport Integration Process: The PR is a release backport of a change previously provided to master Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) labels Nov 2, 2023
@riot-ci
Copy link
riot-ci commented Nov 2, 2023

Murdock results

✔️ PASSED

6f3bd7b nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery()

Success Failures Total Runtime
7937 0 7937 17m:08s

Artifacts

@benpicco
Copy link
Contributor
benpicco commented Nov 2, 2023

bors merge

@bors bors
Copy link
Contributor
bors bot commented Nov 2, 2023

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

@bors bors bot merged commit 2ffdc2c into RIOT-OS:2023.10-branch Nov 2, 2023
@MrKevinWeiss MrKevinWeiss deleted the backport/2023.10/coap_opt_put_uri_pathquery-underflow branch November 6, 2023 11:52
@MrKevinWeiss MrKevinWeiss added this to the Release 2023.10 milestone Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benpicco benpicco benpicco approved these changes

@miri64 miri64 Awaiting requested review from miri64 miri64 is a code owner

@haukepetersen haukepetersen Awaiting requested review from haukepetersen haukepetersen is a code owner

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

@cgundogan cgundogan Awaiting requested review from cgundogan cgundogan is a code owner

Assignees
No one assigned
Labels
Area: CoAP Area: Constrained Application Protocol implementations Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: release backport Integration Process: The PR is a release backport of a change previously provided to master Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2023.10
Development

Successfully merging this pull request may close these issues.
3 participants
@MrKevinWeiss @riot-ci @benpicco
0