Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CoAP server should not silently truncate too long requests #83735

Closed
martinjaeger opened this issue Jan 9, 2025 · 2 comments · Fixed by #83758
Closed

CoAP server should not silently truncate too long requests #83735

martinjaeger opened this issue Jan 9, 2025 · 2 comments · Fixed by #83758
Assignees
Labels
area: Networking bug The issue is a bug, or the PR is fixing a bug

Comments

@martinjaeger
Copy link
Member

martinjaeger commented Jan 9, 2025

Describe the bug

The CoAP server reads incoming packets from the UDP socket using recvfrom, which silently truncates messages if they don't fit into the buffer (see Socket API docs here).

There is an assertion which checks the returned length. However, this assertion will never fail as long as the Socket API is implemented correctly.

received = zsock_recvfrom(sock_fd, buf, sizeof(buf), ZSOCK_MSG_DONTWAIT, &client_addr,
&client_addr_len);
__ASSERT_NO_MSG(received <= sizeof(buf));

To Reproduce

Steps to reproduce the behavior:

  1. Build some code that uses the CoAP server, e.g. samples/net/sockets/coap_server
  2. Send a CoAP request that is larger than CONFIG_COAP_SERVER_MESSAGE_SIZE.
  3. Observe that the message is silently truncated.

Expected behavior

The CoAP server should not further process incomplete CoAP messages. It should also not respond to the client with an ACK, but with 4.13 Request Entity Too Large instead.

Impact

Buffers must be oversized to avoid undefined behavior, as incoming request length is usually not fully predictable at compile-time.

Environment (please complete the following information):

@pdgendt
Copy link
Collaborator

pdgendt commented Jan 9, 2025

Please test #83758 if this fixes your issue.
One comment though, is that the "4.13 Request Entity Too Large" is a response code which should still be done with an ACK in case of a confirmable message, I think.

@martinjaeger
Copy link
Member Author

Wow, thank you very much for the quick fix. Yeah, sure, you're right. It's still an ACK, but with an error code.

I will test it tomorrow and let you know the result.

@martinjaeger martinjaeger changed the title CoAP server should not silently truncate and ACK too long requests CoAP server should not silently truncate too long requests Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: Networking bug The issue is a bug, or the PR is fixing a bug
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants