From 4fe202db1e08d0aaaf0716c082473ca70e9898c6 Mon Sep 17 00:00:00 2001
From: Benjamin Valentin <benjamin.valentin@bht-berlin.de>
Date: Fri, 4 Nov 2022 20:00:51 +0100
Subject: [PATCH] examples: check return value of coap_build_reply()

`coap_build_reply()` may return negative values on error or
0 in the no-response case.

Don't use it to calculate a payload offset without checking first.
---
 examples/nanocoap_server/coap_handler.c  | 4 ++++
 tests/riotboot_flashwrite/coap_handler.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/examples/nanocoap_server/coap_handler.c b/examples/nanocoap_server/coap_handler.c
index 8b179a3a07..09ea785ed2 100644
--- a/examples/nanocoap_server/coap_handler.c
+++ b/examples/nanocoap_server/coap_handler.c
@@ -150,6 +150,10 @@ ssize_t _sha256_handler(coap_pkt_t* pkt, uint8_t *buf, size_t len, coap_request_
     }
 
     ssize_t reply_len = coap_build_reply(pkt, result, buf, len, 0);
+    if (reply_len <= 0) {
+        return reply_len;
+    }
+
     uint8_t *pkt_pos = (uint8_t*)pkt->hdr + reply_len;
     if (blockwise) {
         pkt_pos += coap_opt_put_block1_control(pkt_pos, 0, &block1);
diff --git a/tests/riotboot_flashwrite/coap_handler.c b/tests/riotboot_flashwrite/coap_handler.c
index 6ac1352157..50fd24c275 100644
--- a/tests/riotboot_flashwrite/coap_handler.c
+++ b/tests/riotboot_flashwrite/coap_handler.c
@@ -66,6 +66,10 @@ ssize_t _flashwrite_handler(coap_pkt_t* pkt, uint8_t *buf, size_t len, coap_requ
     }
 
     ssize_t reply_len = coap_build_reply(pkt, result, buf, len, 0);
+    if (reply_len <= 0) {
+        return reply_len;
+    }
+
     uint8_t *pkt_pos = (uint8_t*)pkt->hdr + reply_len;
     pkt_pos += coap_put_block1_ok(pkt_pos, &block1, 0);