File _service:obs_scm:0001-coap_pdu.c-Fix-UndefinedB... of Package libcoap

File _service:obs_scm:0001-coap_pdu.c-Fix-UndefinedBehaviorSanitizer-undefined-.patch of Package libcoap

From acb9e78e124db83f5485cf7d4c3d2283b2685351 Mon Sep 17 00:00:00 2001
From: Wei Jiangang <wei_jiangang@hoperun.com>
Date: Wed, 14 Aug 2024 09:57:36 +0800
Subject: [PATCH] coap_pdu.c: Fix UndefinedBehaviorSanitizer:
 undefined-behavior This fixes a reported error in coap_update_token() where a
 size_t calculation is overflowed (but all ends up with the correct value).

Instead of adding an overflowed size_t, now subtract the reversed
size_t calculation as appropriate.

coap_update_option() and coap_insert_option() similarily updated.

Fix CVE-2024-31031, refer to
https://github.com/obgm/libcoap/commit/1abc64cc3f774d3316374db5e6328f9409da5f40

Signed-off-by: Wei Jiangang <wei_jiangang@hoperun.com>
---
 src/coap_pdu.c | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git src/coap_pdu.c src/coap_pdu.c
index afe445c..e3be3f0 100644
--- src/coap_pdu.c
+++ src/coap_pdu.c
@@ -389,12 +389,15 @@ coap_update_token(coap_pdu_t *pdu, size_t len, const uint8_t *data) {
     memmove(&pdu->token[(len + bias) - pdu->e_token_length],
             pdu->token, pdu->used_size);
     pdu->used_size += len + bias - pdu->e_token_length;
+    if (pdu->data) {
+      pdu->data += (len + bias) - pdu->e_token_length;
+    }
   } else {
     pdu->used_size -= pdu->e_token_length - (len + bias);
     memmove(pdu->token, &pdu->token[pdu->e_token_length - (len + bias)], pdu->used_size);
-  }
-  if (pdu->data) {
-    pdu->data += (len + bias) - pdu->e_token_length;
+    if (pdu->data) {
+      pdu->data -= pdu->e_token_length - (len + bias);
+    }
   }
 
   pdu->actual_token.length = len;
@@ -641,9 +644,15 @@ coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len,
                        number - prev_number, data, len))
     return 0;
 
-  pdu->used_size += shift - shrink;
-  if (pdu->data)
-    pdu->data += shift - shrink;
+  if (shift >= shrink) {
+    pdu->used_size += shift - shrink;
+    if (pdu->data)
+      pdu->data += shift - shrink;
+  } else {
+    pdu->used_size -= shrink - shift;
+    if (pdu->data)
+      pdu->data -= shrink - shift;
+  }
   return shift;
 }
 
@@ -681,9 +690,15 @@ coap_update_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len,
                        decode.delta, data, len))
     return 0;
 
-  pdu->used_size += new_length - old_length;
-  if (pdu->data)
-    pdu->data += new_length - old_length;
+  if (new_length >= old_length) {
+    pdu->used_size += new_length - old_length;
+    if (pdu->data)
+      pdu->data += new_length - old_length;
+  } else {
+    pdu->used_size -= old_length - new_length;
+    if (pdu->data)
+      pdu->data -= old_length - new_length;
+  }
   return 1;
 }
 
-- 
2.39.1