kaspar/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-12-27 07:21:18 +01:00
Code Releases Activity
RIOT/sys
History
bors[bot] 72a0f1972d
Merge #18746 #19161 
18746: sys/clif: Fixing out of bounds read under certain conditions r=maribu a=Teufelchen1

Hi 😈

This fixes a potential out of bounds read in clif_encode_link. There is no code in RIOT that can be exploited.
The fix does not break the current API but alters the behaviour slightly. Before the change, the length attributes of `clif_attr_t` where optional. If missing, the length was deduced using `strlen()`. This fix makes those parameters required and if they are `0` it operates as if the length really is `0`. This might not be ideal but it is the only non api breaking fix I could think off. 
```c
typedef struct {
    char *value;                  
    unsigned value_len;    NO LONGER OPTIONAL
    const char *key;               
    unsigned key_len;       NO LONGER OPTIONAL
} clif_attr_t;
```
Depends on #18744

cc `@leandrolanzieri` 

19161: bors.yaml: re-activate labels check + add block_labels r=miri64 a=miri64



Co-authored-by: Teufelchen1 <bennet.blischke@haw-hamburg.de>
Co-authored-by: Martine Lenders <m.lenders@fu-berlin.de>
2023-02-23 16:39:44 +00:00
..
analog_util
sys/analog_util/dac_util: fix truncation bug
2022-12-09 13:58:12 -05:00
app_metadata
arduino
codespell: fix remaining issues
2022-09-16 14:00:35 +02:00
auto_init
Merge #18257
2023-02-13 21:09:07 +00:00
base64
benchmark
sys/benchmark: fix divide by zero if runs < 1000
2022-02-08 12:52:48 +01:00
bhp
sys/bhp_msg: add IPC based Bottom Half Processor
2022-08-19 12:01:30 +02:00
bitfield
sys/bitfield: add bf_popcnt()
2022-11-10 23:44:50 +01:00
bloom
bus
sys/bus: model Kconfig
2022-03-11 09:24:12 +01:00
can
core/lib: Add macros/utils.h header
2023-01-07 09:47:44 +01:00
cb_mux
checksum
sys/checksum: add CRC-16 implementation without lookup table
2022-10-06 17:43:20 +02:00
chunked_ringbuffer
sys/chunked_ringbuffer: model in Kconfig
2022-03-04 09:35:50 +01:00
clif
sys/clif: Fixing out of bounds read under certain conditions
2023-02-23 15:45:03 +01:00
coding
sys/coding: add XOR based coding module
2023-02-06 16:21:57 +01:00
color
congure
congure_abe: initial import of TCP ABE congestion control
2022-10-17 16:44:39 +02:00
cpp11-compat
sys/cpp11-compat: Fix kconfig model
2022-08-16 10:57:26 +02:00
cpp_new_delete
sys: remove -std=c++11
2022-01-13 17:50:59 +01:00
crypto
sys/crypto: make AES_KEY struct private
2023-02-20 18:22:00 +01:00
cxx_ctor_guards
debug_irq_disable
cpu/cortexm_common: measure time spent with IRQ disabled
2022-11-24 21:27:20 +01:00
div
ecc
eepreg
embunit
entropy_source
event
sys/event: ensure that a queue has a waiter before waiting for flags
2022-04-14 17:10:24 +02:00
evtimer
fido2
fido2/ctap: uncrustify files
2022-09-23 16:42:52 +02:00
fmt
Merge #19027
2023-02-17 20:09:53 +00:00
frac
fs
vfs: drop unused abs_path parameter
2022-09-29 22:01:37 +02:00
fuzzing
fuzzing: Add uri_parser fuzzer setup
2022-12-19 13:03:45 +01:00
hashes
core/lib: Add macros/utils.h header
2023-01-07 09:47:44 +01:00
include
Merge #18746 #19161
2023-02-23 16:39:44 +00:00
iolist
sys/iolist: introduce iolist_to_buffer()
2022-05-02 23:23:52 +02:00
isrpipe
libc
sys/string_utils: add strscpy()
2022-09-26 19:06:46 +02:00
log_color
sys/log_color: guard from compiling for esp
2022-10-12 13:45:29 +02:00
log_printfnoformat
sys/log: modularize log into log_color and log_printfnoformat
2022-10-12 12:21:29 +02:00
luid
malloc_thread_safe
sys/malloc_tracing: add module to trace dyn memory management
2022-11-15 12:59:46 +01:00
matstat
memarray
mineplex
net
Merge #19294 #19295
2023-02-21 23:15:06 +00:00
newlib_syscalls_default
cpu/mips: Remove all mips
2022-09-27 13:42:37 +02:00
od
sys/od/kconfig: add od_string
2022-03-11 09:20:24 +01:00
oneway-malloc
phydat
sys/phydat: add functions for Unix time conversion to phydat
2023-01-21 11:01:42 +01:00
picolibc_syscalls_default
pipe
pm_layered
Revert "sys/pm_layered: pm_(un)block add attribute optimize(3) -shortens hotpath"
2023-01-16 11:28:30 +01:00
posix
treewide: fix typos found by recent codespell
2022-11-24 14:53:48 +01:00
preprocessor
sys/preprocessor: add Kconfig file
2022-10-17 10:38:14 +02:00
progress_bar
ps
puf_sram
sys/puf_sram: cleanup header
2022-12-05 16:13:21 +01:00
random
random: use void * in random_bytes()
2022-07-26 19:46:14 +02:00
riotboot
sys/riotboot: add tinyUSB DFU support
2023-01-15 18:09:55 +01:00
rtc_utils
rust_riotmodules
rust_riotmodules: pub use instead of extern crate
2022-07-10 21:27:13 +02:00
rust_riotmodules_standalone
rust: Update riot-sys and riot-wrappers
2023-02-20 09:06:33 +01:00
saul_reg
drivers/saul: use const qualifier for data to write
2022-05-23 08:35:27 +02:00
sched_round_robin
schedstatistics
sema
sys/sema: use sema_ztimer64 to implement old sema api
2022-03-10 14:19:44 +01:00
sema_inv
senml
sys/senml: add SenML modules
2022-02-11 12:38:21 +01:00
seq
shell
sys/shell: don't include suit command by default
2023-02-21 17:34:00 +01:00
shell_lock
sys/shell_lock: do not call strlen, less jumpy
2023-01-16 21:11:58 +01:00
ssp
stdio_nimble
core/init: call vfs_bind_stdio() in early_init()
2023-01-08 22:26:13 +01:00
stdio_null
Merge #18459 #18724 #19081 #19082 #19136
2023-01-13 13:50:55 +00:00
stdio_rtt
sys/stdio_rtt: move documentation in doc.txt
2023-02-05 15:49:20 +01:00
stdio_semihosting
core/init: call vfs_bind_stdio() in early_init()
2023-01-08 22:26:13 +01:00
stdio_uart
core/init: call vfs_bind_stdio() in early_init()
2023-01-08 22:26:13 +01:00
stdio_udp
sys/stdio_udp: add stdio over UDP
2023-01-13 11:08:22 +01:00
suit
sys/suit: Ensure previous thread is stopped before reusing its stack
2023-01-25 18:04:28 +01:00
test_utils
sys/test_utils/print_stack_usage: reduce MIN_SIZE for fmt
2023-02-07 22:42:43 +01:00
timex
tiny_strerror
sys/tiny_strerror: add missing error codes
2023-01-12 08:39:30 +01:00
trace
treewide: make all modules use Kconfig ZTIMER_USEC indirection
2022-03-17 14:33:07 +01:00
trickle
tsrb
universal_address
uri_parser
sys/uri_parser: fixing potential out of bounds read when consuming ports
2022-12-05 15:41:33 +01:00
usb
core/init: call vfs_bind_stdio() in early_init()
2023-01-08 22:26:13 +01:00
usb_board_reset
sys/usb_board_reset: allow to enable it also for stdio_usb_serial_jtag
2023-02-06 16:19:11 +01:00
ut_process
uuid
vfs
sys/vfs: vfs.c: add missing "container.h" include
2023-02-02 16:34:28 +01:00
vfs_util
sys/vfs_util: bugfix rec. delete, rel. components
2022-08-30 17:53:36 +02:00
xtimer
sys/xtimer: switch default backend to ztimer
2022-03-18 08:23:00 +01:00
zptr
ztimer
ztimer: introduce ztimer_mutex_unlock_after()
2023-01-13 00:08:55 +01:00
ztimer64
sys/ztimer64: properly clear timer on removal
2022-03-01 11:03:10 +01:00
doc.txt
Kconfig
debug_irq_disable: add module to debug time spent in irq_disable
2022-11-24 21:27:20 +01:00
Kconfig.newlib
sys/syscalls: add libc_gettimeofday
2022-03-24 11:36:49 +01:00
Kconfig.picolibc
Kconfig.stdio
cpu/esp32: add stdio_usb_serial_jtag
2023-01-09 00:51:27 +01:00
Makefile
sys/preprocessor: add preprocessor module
2022-10-17 10:38:14 +02:00
Makefile.dep
Merge #18257
2023-02-13 21:09:07 +00:00
Makefile.include
sys: add tinyusb_dfu and riotboot_tinyusb_dfu to makefiles
2023-01-15 18:09:55 +01:00