commit | f6263d1e5a95e48e826bb56fe92eedb7f98b522a | [log] [tgz] |
---|---|---|
author | Alexander <alexanderkent@users.noreply.github.com> | Tue Nov 07 14:11:29 2023 -0800 |
committer | GitHub <noreply@github.com> | Tue Nov 07 14:11:29 2023 -0800 |
tree | eb4e42146c0a5726aefce9a5eef19883cf4c41e0 | |
parent | e7d42a4f69bfed9b2c1817ca5686dd721abfe1db [diff] |
[ot-client] fix buffer overflow in `OpenThreadClient::Execute` (#2083) This commit addresses a potential buffer overflow in the OpenThreadClient::Execute method. The original implementation did not properly check the size of the data being written to mBuffer, leading to potential buffer overflows. Changes: * Modified the vsnprintf function call to write to &mBuffer[1] with a size limit of sizeof(mBuffer) - 2, leaving room for newline characters at both ends. * Added a check to ensure that the total size of the data (including the two newline characters) does not exceed sizeof(mBuffer). * Improved error handling for the socket write operation (count != ret) instead of (count < ret) as the function seems to expect the entire command to be sent in one go (and logs an error otherwise). Testing: * Manually tested forming a network with various params * Added unit test for truncated network name in PSKc
Per the Thread Specification, a Thread Border Router connects a Thread network to other IP-based networks, such as Wi-Fi or Ethernet. A Thread network requires a Border Router to connect to other networks.
A Thread Border Router minimally supports the following functions:
OpenThread's implementation of a Border Router is called OpenThread Border Router (OTBR). OTBR is a Thread Certified Component on the Raspberry Pi 3B with a Nordic nRF52840 NCP.
OTBR includes a number of features, including:
More information about Thread can be found at threadgroup.org. Thread is a registered trademark of the Thread Group, Inc.
The quickest way to set up a Thread 1.3 compliant Border Router is to follow this codelab: Thread Border Router - Bidirectional IPv6 Connectivity and DNS-Based Service Discovery.
To run OTBR in a Docker container on any Linux-based system or a Raspberry Pi with either a physical or emulated NCP, please see the Docker Support guide on openthread.io for more info.
OTBR also runs directly on supported platforms like the Raspberry Pi. If you're interested in building and configuring OTBR directly, or to learn more about the OTBR architecture, then see the rest of our end-user documentation at openthread.io.
Note: For users in China, end-user documentation is available at openthread.google.cn.
If you're interested in contributing to OpenThread Border Router, read on.
We would love for you to contribute to OpenThread Border Router and help make it even better than it is today! See our Contributing Guidelines for more information.
Contributors are required to abide by our Code of Conduct and Coding Conventions and Style Guide.
We follow the philosophy of Scripts to Rule Them All.
OpenThread Border Router is released under the BSD 3-Clause license. See the LICENSE
file for more information.
Please only use the OpenThread name and marks when accurately referencing this software distribution. Do not use the marks in a way that suggests you are endorsed by or otherwise affiliated with Nest, Google, or The Thread Group.
OpenThread support is available on GitHub:
To learn more about OpenThread, see the OpenThread repository.