gnrc_sixlowpan_frag_rb: fix OOB write in _rbuf_add #19680
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
miri64
requested review from
haukepetersen,
PeterKietzmann and
cgundogan
as code owners
miri64
added
Type: bug
maribu
reviewed
May 30, 2023
sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c
Outdated
Show resolved
Hide resolved
benpicco
reviewed
May 30, 2023
| if (frag_size > entry.super->datagram_size) { | ||
| DEBUG("6lo rfrag: fragment too big for resulting datagram, discarding datagram\n"); | ||
| gnrc_pktbuf_release(entry.rbuf->pkt); | ||
| gnrc_pktbuf_release(pkt); |
There was a problem hiding this comment.
Not
Suggested change
| gnrc_pktbuf_release(pkt); | |
| gnrc_pktbuf_release_error(pkt, ENOMEM); |
?
There was a problem hiding this comment.
gnrc_pktbuf_release_error() isn't used at all in this module. Figures, since pkt is received, I don't think think there is much information gained here using that function.
maribu
approved these changes
May 30, 2023
miri64
force-pushed
the
gnrc_sixlowpan_frag_rb/bug/oob-write
branch
from
20740af to
1aeb90e
Compare
|
bors merge |
bors bot
added a commit
that referenced
this pull request
May 30, 2023
19610: drivers/periph/rtc: improve doc on rtc_set_alarm r=maribu a=maribu ### Contribution description - point out behavior on denormalized time stamps - use errno codes to indicate errors (and adapt the few instances of actual error handling to use them) 19670: cpu/stm32: stm32f4 BRR from BSRR r=maribu a=kfessel ### Contribution description sometimes one wants to save one instruction :) just write the bits we need to write. ### Testing procedure tests/periph/gpio_ll tests this ### Issues/PRs references `@maribu` might know some reference maybe #19407 19678: gnrc_sixlowpan_iphc: fix NULL pointer dereference r=maribu a=miri64 19679: gnrc_sixlowpan_frag_sfr: fix ARQ scheduler race-condition r=maribu a=miri64 19680: gnrc_sixlowpan_frag_rb: fix OOB write in _rbuf_add r=maribu a=miri64 19681: sys/xtimer: improve documentation r=maribu a=maribu ### Contribution description - Add a warning that xtimer is deprecated, so that new code hopefully starts using ztimer - Add a hint that `ztimer_xtimer_compat` can be used even after `xtimer` is gone Co-authored-by: Marian Buschsieweke <[email protected]> Co-authored-by: Karl Fessel <[email protected]> Co-authored-by: Martine Lenders <[email protected]>
|
This PR was included in a batch that was canceled, it will be automatically retried |
|
Build succeeded! The publicly hosted instance of bors-ng is deprecated and will go away soon. If you want to self-host your own instance, instructions are here. If you want to switch to GitHub's built-in merge queue, visit their help page. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contribution description
See GHSA-f6ff-g7mh-58q4
Testing procedure
Issues/PRs references