Merge pull request #10721 from nmeum/asymcute-out-of-bounds

asymcute: check for minimum packet length early

sys/net/application_layer/asymcute/asymcute.c

@@ -516,6 +516,10 @@ static void _on_unsuback(asymcute_con_t *con, const uint8_t *data, size_t len)
 
 static void _on_data(asymcute_con_t *con, size_t pkt_len, sock_udp_ep_t *remote)
 {
+    if (pkt_len < 2) {
+        return;
+    }
+
     size_t len;
     size_t pos = _len_get(con->rxbuf, &len);
 
@@ -524,8 +528,7 @@ static void _on_data(asymcute_con_t *con, size_t pkt_len, sock_udp_ep_t *remote)
         return;
     }
     /* validate incoming data: verify message length */
-    if ((pkt_len < 2) ||
-        (pkt_len <= pos) || (pkt_len < len)) {
+    if ((pkt_len <= pos) || (pkt_len < len)) {
         /* length field of MQTT-SN packet seems to be invalid -> drop the pkt */
         return;
     }