Skip to content

Bluetooth: Mesh: Verify network buffer max len #31909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 3, 2021
Merged

Bluetooth: Mesh: Verify network buffer max len #31909

merged 1 commit into from
Feb 3, 2021

Conversation

@trond-snekvik
Copy link
Contributor

@trond-snekvik trond-snekvik commented Feb 3, 2021
edited by jhedberg
Loading

As network_decode needs a target buffer for decoding, the max PDU length
must be checked to prevent overflow on the target buffer. When receiving
a proxy configuration message with excessive length, there's no previous
check for this.

Also pulls the NET PDU length defines out into net.h, so they can be
used when defining the target buffers.

Fixes #31911

Signed-off-by: Trond Einar Snekvik Trond.Einar.Snekvik@nordicsemi.no

@trond-snekvik trond-snekvik added bug The issue is a bug, or the PR is fixing a bug priority: high High impact/importance bug labels Feb 3, 2021
@trond-snekvik trond-snekvik added this to the v2.5.0 milestone Feb 3, 2021
jhedberg
jhedberg approved these changes Feb 3, 2021
View reviewed changes
Copy link
Member

@jhedberg jhedberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine. Btw, the Priority: label doesn't really do anything for pull requests (in that it would be considered by the formal release process), so you might want to consider opening an issue.

@trond-snekvik
Copy link
Contributor Author

trond-snekvik commented Feb 3, 2021

Alright, I'll open an issue then. I think this is a serious enough issue that we should ensure it goes in.

@jhedberg jhedberg requested a review from carlescufi February 3, 2021 09:43
@trond-snekvik trond-snekvik mentioned this pull request Feb 3, 2021
Closed
@trond-snekvik trond-snekvik linked an issue Feb 3, 2021 that may be closed by this pull request
Bluetooth: Mesh: Network buffer overflow on too long proxy messages #31911
Closed
@jhedberg jhedberg removed the priority: high High impact/importance bug label Feb 3, 2021
@trond-snekvik
Bluetooth: Mesh: Verify network buffer max len
9a91156 
As network_decode needs a target buffer for decoding, the max PDU length
must be checked to prevent overflow on the target buffer. When receiving
a proxy configuration message with excessive length, there's no previous
check for this.

Also pulls the NET PDU length defines out into net.h, so they can be
used when defining the target buffers.

Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
carlescufi
carlescufi approved these changes Feb 3, 2021
View reviewed changes
Copy link
Member

@carlescufi carlescufi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nashif nashif merged commit 2bd5b63 into zephyrproject-rtos:master Feb 3, 2021
@trond-snekvik trond-snekvik deleted the net_pdu_maxlen branch February 3, 2021 19:00
@trond-snekvik trond-snekvik mentioned this pull request Feb 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhedberg jhedberg jhedberg approved these changes

@carlescufi carlescufi carlescufi approved these changes

@joerchan joerchan Awaiting requested review from joerchan

@Vudentz Vudentz Awaiting requested review from Vudentz

Assignees

@trond-snekvik trond-snekvik

Labels

area: Bluetooth Mesh area: Bluetooth bug The issue is a bug, or the PR is fixing a bug

Projects

None yet

Milestone

v2.5.0

Development

Successfully merging this pull request may close these issues.

Bluetooth: Mesh: Network buffer overflow on too long proxy messages

4 participants

@trond-snekvik @jhedberg @carlescufi @nashif