coap: Detect illegal token size

RFC 7252 states: > Lengths 9-15 are reserved, MUST NOT be sent, and MUST be processed as > a message format error.
eclipse-wakaama · Jan 14, 2022 · 3dfcf3f · 3dfcf3f
1 parent 63a9fc4
commit 3dfcf3f
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/coap/er-coap-13/er-coap-13.c b/coap/er-coap-13/er-coap-13.c
@@ -720,7 +720,7 @@ coap_parse_message(void *packet, uint8_t *data, uint16_t data_len)
   /* parse header fields */
   coap_pkt->version = (COAP_HEADER_VERSION_MASK & coap_pkt->buffer[0])>>COAP_HEADER_VERSION_POSITION;
   coap_pkt->type = (coap_message_type_t) ((COAP_HEADER_TYPE_MASK & coap_pkt->buffer[0])>>COAP_HEADER_TYPE_POSITION);
-  coap_pkt->token_len = MIN(COAP_TOKEN_LEN, (COAP_HEADER_TOKEN_LEN_MASK & coap_pkt->buffer[0])>>COAP_HEADER_TOKEN_LEN_POSITION);
+  coap_pkt->token_len = (COAP_HEADER_TOKEN_LEN_MASK & coap_pkt->buffer[0])>>COAP_HEADER_TOKEN_LEN_POSITION;
   coap_pkt->code = coap_pkt->buffer[1];
   coap_pkt->mid = coap_pkt->buffer[2]<<8 | coap_pkt->buffer[3];
 
@@ -741,6 +741,14 @@ coap_parse_message(void *packet, uint8_t *data, uint16_t data_len)
     goto exit_parse_error;
   }
 
+  /*
+   * Lengths 9-15 are reserved, MUST NOT be sent, and MUST be processed as a
+   * message format error.
+   */
+  if (coap_pkt->token_len > COAP_TOKEN_LEN) {
+    goto exit_parse_error;
+  }
+
   current_option = data + COAP_HEADER_LEN;
 
   if (coap_pkt->token_len != 0)