From 07b3a858141db237fc72e56a78775b711b3ab975 Mon Sep 17 00:00:00 2001 From: MrKevinWeiss Date: Tue, 17 Oct 2023 13:28:05 +0200 Subject: [PATCH 1/2] dist/testbed-support: Add openmote board (cherry picked from commit 3a0ada484bb38d2933c3131b51c05b399116177f) --- dist/testbed-support/makefile.iotlab.archi.inc.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/dist/testbed-support/makefile.iotlab.archi.inc.mk b/dist/testbed-support/makefile.iotlab.archi.inc.mk index 8ab42b19ffb0..ee516b3363a6 100644 --- a/dist/testbed-support/makefile.iotlab.archi.inc.mk +++ b/dist/testbed-support/makefile.iotlab.archi.inc.mk @@ -10,6 +10,7 @@ IOTLAB_ARCHI_microbit = microbit:ble IOTLAB_ARCHI_nrf52dk = nrf52dk:ble IOTLAB_ARCHI_nrf52840dk = nrf52840dk:multi IOTLAB_ARCHI_nucleo-wl55jc = nucleo-wl55jc:stm32wl +IOTLAB_ARCHI_openmote-b = openmoteb IOTLAB_ARCHI_samr21-xpro = samr21:at86rf233 IOTLAB_ARCHI_samr30-xpro = samr30:at86rf212b IOTLAB_ARCHI_samr34-xpro = samr34:sx1276 From 78124f22b1be15f4eb1ec011c91f689c00c774a8 Mon Sep 17 00:00:00 2001 From: Martine Lenders Date: Tue, 10 Oct 2023 14:41:45 +0200 Subject: [PATCH 2/2] gcoap: fix underflow when correcting ETag from cache (cherry picked from commit 8d1cb1bd2ba14e95b74cf32ca7690196897f5ace) --- sys/net/application_layer/gcoap/gcoap.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/sys/net/application_layer/gcoap/gcoap.c b/sys/net/application_layer/gcoap/gcoap.c index d33df0565b97..9afdbd6ef48c 100644 --- a/sys/net/application_layer/gcoap/gcoap.c +++ b/sys/net/application_layer/gcoap/gcoap.c @@ -1331,8 +1331,21 @@ static ssize_t _cache_check(const uint8_t *buf, size_t len, if ((resp_etag_len > 0) && ((size_t)resp_etag_len <= COAP_ETAG_LENGTH_MAX)) { uint8_t *tmp_etag; ssize_t tmp_etag_len = coap_opt_get_opaque(&req, COAP_OPT_ETAG, &tmp_etag); - if (tmp_etag_len >= resp_etag_len) { + /* peak length without padding */ + size_t rem_len = (len - (tmp_etag + tmp_etag_len - buf)); + + if ((tmp_etag < buf) || (tmp_etag > (buf + len)) || + (rem_len > (len - ((tmp_etag + COAP_ETAG_LENGTH_MAX) - buf)))) { + DEBUG("gcoap: invalid calculated padding length (%lu) for ETag injection " + "during cache lookup.\n", (long unsigned)rem_len); + /* something fishy happened in the request. Better don't return cache entry */ + *cache_hit = false; +#if IS_USED(MODULE_NANOCOAP_CACHE) + memset(memo->cache_key, 0, sizeof(memo->cache_key)); +#endif + return -EINVAL; + } memcpy(tmp_etag, resp_etag, resp_etag_len); /* shorten ETag option if necessary */ if ((size_t)resp_etag_len < COAP_ETAG_LENGTH_MAX) { @@ -1345,7 +1358,6 @@ static ssize_t _cache_check(const uint8_t *buf, size_t len, * bitmask resp_etag_len */ *start |= (uint8_t)resp_etag_len; /* remove padding */ - size_t rem_len = (len - (tmp_etag + COAP_ETAG_LENGTH_MAX - buf)); memmove(tmp_etag + resp_etag_len, tmp_etag + COAP_ETAG_LENGTH_MAX, rem_len); len -= (COAP_ETAG_LENGTH_MAX - resp_etag_len); }