Fix integer overflow in URI parsing

LukasWoodtli · LukasWoodtli · commit 21323a2c6e8a · 2023-08-15T15:35:38.000+02:00
If an ID exeeds the max. possible value we return early with an error
instead of continuing and checking for too big values at the end.
diff --git a/core/uri.c b/core/uri.c
@@ -71,6 +71,9 @@ static int prv_parseNumber(uint8_t * uriString,
         {
             result *= 10;
             result += uriString[*headP] - '0';
+            if (result > LWM2M_MAX_ID) {
+                return -1;
+            }
         }
         else
         {
diff --git a/tests/fuzzing/registration_handleRequest/crash_files/crash-4e842fc818f746482a3bfd0029ed4b5ed5b044d3 b/tests/fuzzing/registration_handleRequest/crash_files/crash-4e842fc818f746482a3bfd0029ed4b5ed5b044d3
@@ -0,0 +1 @@
+</37777777777>/>/

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,9 @@ static int prv_parseNumber(uint8_t * uriString,`
`71`	`71`	`{`
`72`	`72`	`result *= 10;`
`73`	`73`	`result += uriString[*headP] - '0';`
	`74`	`+ if (result > LWM2M_MAX_ID) {`
	`75`	`+ return -1;`
	`76`	`+ }`
`74`	`77`	`}`
`75`	`78`	`else`
`76`	`79`	`{`