libcoap icon indicating copy to clipboard operation
libcoap copied to clipboard
verified publisher icon obgm

lwip:memory out-of-bounds write

Open luminais opened this issue 5 years ago • 5 comments

if the parameter'size' of function coap_new_string is not smaller than MEMP_LEN_COAPSTRING, it will leading to memory out-of-bounds write

luminais avatar Jun 29 '20 12:06 luminais

image same with COAP_OPTLIST

luminais avatar Jun 29 '20 12:06 luminais

Thank you for reporting this. A fix for this has been created in #521 .

mrdeep1 avatar Jun 29 '20 15:06 mrdeep1

Thank you.

@luminais For reporting issues it would be great to have a descriptive and short title, and for the error description, there is an input box the in form that opens when creating a new issue. Having the entire description in the title is a bit difficult to read.

obgm avatar Jun 30 '20 12:06 obgm

#521 has been merged, and libcoap LwIP support has been re-written in PR https://github.com/obgm/libcoap/pull/884, and so this should no longer be an issue. LwIP specific memory allocations are no longer used.

mrdeep1 avatar Jul 23 '22 15:07 mrdeep1

Fixed in #939.

mrdeep1 avatar Oct 10 '22 19:10 mrdeep1