From 905c17b5c116b039c1083290679be3f6c27fe401 Mon Sep 17 00:00:00 2001 From: heppen Date: Thu, 14 Sep 2023 18:59:15 +0800 Subject: [PATCH] bugfix cve-2023-30362 --- src/net.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/src/net.c b/src/net.c index 7154628..a432ddd 100644 --- a/src/net.c +++ b/src/net.c @@ -1217,19 +1217,25 @@ coap_send_internal(coap_session_t *session, coap_pdu_t *pdu) { /* Need to check that we are not seeing this proxy in the return loop */ if (pdu->data && opt == NULL) { - if (pdu->used_size + 1 <= pdu->max_size) { - char *a_match; - size_t data_len = pdu->used_size - (pdu->data - pdu->token); - pdu->data[data_len] = '\000'; - a_match = strstr((char*)pdu->data, cp); - if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') && - ((size_t)(a_match - (char*)pdu->data + len) == data_len || - a_match[len] == ' ')) { - coap_log(LOG_WARNING, "Proxy loop detected '%s'\n", - (char*)pdu->data); - coap_delete_pdu(pdu); - return (coap_mid_t)COAP_DROPPED_RESPONSE; - } + char *a_match; + size_t data_len; + + if (pdu->used_size + 1 > pdu->max_size) { + /* No space */ + return (coap_mid_t)COAP_DROPPED_RESPONSE; + } + if (!coap_pdu_resize(pdu, pdu->used_size + 1)) { + /* Internal error */ + return (coap_mid_t)COAP_DROPPED_RESPONSE; + } + data_len = pdu->used_size - (pdu->data - pdu->token); + pdu->data[data_len] = '\000'; + a_match = strstr((char*)pdu->data, cp); + if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') && + ((size_t)(a_match - (char*)pdu->data + len) == data_len || + a_match[len] == ' ')) { + coap_delete_pdu(pdu); + return (coap_mid_t)COAP_DROPPED_RESPONSE; } } if (pdu->used_size + len + 1 <= pdu->max_size) { -- 2.33.0