nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery()

benpicco · benpicco · commit 0fa04a3d57a4 · 2023-10-20T12:59:42.000+02:00
If uri contains no path but only a query "?foo=bar" `len` would underflow. Fix this by detecting if there is no path. Reported by @Yu3H0
diff --git a/sys/net/application_layer/nanocoap/nanocoap.c b/sys/net/application_layer/nanocoap/nanocoap.c
@@ -902,8 +902,15 @@ size_t coap_opt_put_string_with_len(uint8_t *buf, uint16_t lastonum, uint16_t op
 
 size_t coap_opt_put_uri_pathquery(uint8_t *buf, uint16_t *lastonum, const char *uri)
 {
+    size_t len;
     const char *query = strchr(uri, '?');
-    size_t len = query ? (size_t)(query - uri - 1) : strlen(uri);
+
+    if (query) {
+        len = (query == uri) ? 0 : (query - uri - 1);
+    } else {
+        len = strlen(uri);
+    }
+
     size_t bytes_out = coap_opt_put_string_with_len(buf, *lastonum,
                                                     COAP_OPT_URI_PATH,
                                                     uri, len, '/');
