sys/net/nanocoap: Fix sending bogus separate responses

When module `nanocoap_server_separate` is not used, the functions to send separate responses are still provided, just in a broken version: They will send the separate replies from a different endpoint than the request was received at (even on machines with only one IP address, as also the source port is randomized). This changes the behavior to only provide the functions for separate response when the do work, so that others will detect an invalid configuration at compile time rather than at run time. The documentation is duly updated.
RIOT-OS · Dec 12, 2024 · 0d62ba6 · 0d62ba6
1 parent 75828d2
commit 0d62ba6
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/sys/include/net/nanocoap_sock.h b/sys/include/net/nanocoap_sock.h
@@ -229,9 +229,7 @@ typedef struct {
  */
 typedef struct {
     sock_udp_ep_t remote;           /**< remote to send response to         */
-#if defined(MODULE_SOCK_AUX_LOCAL) || DOXYGEN
     sock_udp_ep_t local;            /**< local from which to send response  */
-#endif
     uint8_t token[COAP_TOKEN_LENGTH_MAX];   /**< request token              */
     uint8_t tkl;                    /**< request token length               */
     uint8_t no_response;            /**< no-response bitmap                 */
@@ -246,6 +244,9 @@ typedef struct {
  * The CoAP handler should then respond with an empty ACK by calling
  * @ref coap_build_empty_ack
  *
+ * @warning This function is only available when using the module
+ *          `nanocoap_server_separate`
+ *
  * @param[out]  ctx     Context information for separate response
  * @param[in]   pkt     CoAP packet to which the response will be generated
  * @param[in]   req     Context of the CoAP request
@@ -260,6 +261,11 @@ void nanocoap_server_prepare_separate(nanocoap_server_response_ctx_t *ctx,
  *
  * @pre     @ref nanocoap_server_prepare_separate has been called on @p ctx
  *          inside the CoAP handler
+ * @pre     Synchronization between calls of this function and calls of
+ *          @ref nanocoap_server_prepare_separate is ensured
+ *
+ * @warning This function is only available when using the module
+ *          `nanocoap_server_separate`
  *
  * @param[in]   ctx     Context information for the CoAP response
  * @param[in]   code    CoAP response code

diff --git a/sys/net/application_layer/nanocoap/sock.c b/sys/net/application_layer/nanocoap/sock.c
@@ -1075,16 +1075,15 @@ void auto_init_nanocoap_server(void)
     nanocoap_server_start(&local);
 }
 
+#if MODULE_NANOCOAP_SERVER_SEPARATE
 void nanocoap_server_prepare_separate(nanocoap_server_response_ctx_t *ctx,
                                     coap_pkt_t *pkt, const coap_request_ctx_t *req)
 {
     ctx->tkl = coap_get_token_len(pkt);
     memcpy(ctx->token, coap_get_token(pkt), ctx->tkl);
     memcpy(&ctx->remote, req->remote, sizeof(ctx->remote));
-#ifdef MODULE_SOCK_AUX_LOCAL
     assert(req->local);
     memcpy(&ctx->local, req->local, sizeof(ctx->local));
-#endif
     uint32_t no_response = 0;
     coap_opt_get_uint(pkt, COAP_OPT_NO_RESPONSE, &no_response);
     ctx->no_response = no_response;
@@ -1124,7 +1123,6 @@ int nanocoap_server_send_separate(const nanocoap_server_response_ctx_t *ctx,
     }
 
     sock_udp_aux_tx_t *aux_out_ptr = NULL;
-#ifdef MODULE_SOCK_AUX_LOCAL
     /* make sure we reply with the same address that the request was
      * destined for -- except in the multicast case */
     sock_udp_aux_tx_t aux_out = {
@@ -1134,6 +1132,6 @@ int nanocoap_server_send_separate(const nanocoap_server_response_ctx_t *ctx,
     if (!sock_udp_ep_is_multicast(&ctx->local)) {
         aux_out_ptr = &aux_out;
     }
-#endif
     return sock_udp_sendv_aux(NULL, &head, &ctx->remote, aux_out_ptr);
 }
+#endif