From 79ff5ed5fa585a2e30dabda627e837893cc02a49 Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Thu, 13 Apr 2017 11:25:59 +0300 Subject: [PATCH] net: zoap: Fix memory overflow issue If CoAP .well-known/core services list is bigger than single fragment then current helper functions overwrites beyond fragment space. Which corrupted whole stack. Right now sending response in multiple fragments but preferred way is send response in block by block. This should overcome packet loss across mesh scenarios. Recommended feature will be supported with later patches. Change-Id: I30ca55bde2516d80b3583731241ad295799c6614 Signed-off-by: Ravi kumar Veeramally --- subsys/net/lib/zoap/zoap_link_format.c | 31 +++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/subsys/net/lib/zoap/zoap_link_format.c b/subsys/net/lib/zoap/zoap_link_format.c index 92bfe2627d5..c29741a1616 100644 --- a/subsys/net/lib/zoap/zoap_link_format.c +++ b/subsys/net/lib/zoap/zoap_link_format.c @@ -235,7 +235,7 @@ int _zoap_well_known_core_get(struct zoap_resource *resource, token = zoap_header_get_token(request, &tkl); /* - * Per RFC 6690, Section 4.1, only one (or none) query parameter may me + * Per RFC 6690, Section 4.1, only one (or none) query parameter may be * provided, use the first if multiple. */ r = zoap_find_options(request, ZOAP_OPTION_URI_QUERY, &query, 1); @@ -281,21 +281,46 @@ int _zoap_well_known_core_get(struct zoap_resource *resource, r = -ENOENT; + /* FIXME: In mesh kind of scenarios sending bulk (multiple fragments) + * response to farthest node (over multiple hops) is not a good idea. + * Send discovery response block by block. + */ while (resource++ && resource->path) { + struct net_buf *temp; + uint8_t *str; + if (!match_queries_resource(resource, &query, num_queries)) { continue; } - frag = zoap_packet_get_buf(&response); + if (!response.start) { + temp = response.buf->frags; + str = net_buf_add(temp, 1); + *str = 0xFF; + response.start = str + 1; + } else { + temp = net_nbuf_get_data(context, K_FOREVER); + if (!temp) { + net_nbuf_unref(buf); + return -ENOMEM; + } - r = format_resource(resource, frag); + net_buf_frag_add(buf, temp); + } + + r = format_resource(resource, temp); if (r < 0) { goto done; } } + net_nbuf_compact(buf); + done: if (r < 0) { + /* FIXME: If error occurs after appending some payload, better + * remove payload and send only BAD_REQUEST response. + */ zoap_header_set_code(&response, ZOAP_RESPONSE_CODE_BAD_REQUEST); }