Skip to content

Commit 8d84ebe

Browse files
fdesbiensfdesbiens
authored
Merge pull request #343 from eclipse-threadx/dev
Merge changes in preparation of the v6.4.4.202503 release.
2 parents 5af33d7 + 582a360 commit 8d84ebe

24 files changed

+861
-593
lines changed

addons/dhcp/nxd_dhcpv6_client.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5811,6 +5811,12 @@ ULONG temp_lsw = 0;
58115811
index += 4;
58125812
}
58135813

5814+
/* Check option length for 4 bytes lsw. */
5815+
if (index + 4 > option_length)
5816+
{
5817+
return(NX_DHCPV6_INVALID_SERVER_DUID);
5818+
}
5819+
58145820
/* Yes; Extract the link local address lsw which should be the next 4 bytes. */
58155821
_nx_dhcpv6_utility_get_data((option_data + index), 4, &temp_lsw);
58165822

addons/snmp/nxd_snmp.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18586,7 +18586,26 @@ INT buffer_length;
1858618586
/* The buffer pointer is moved by the length. Update buffer size */
1858718587
buffer_length -= (INT)length;
1858818588

18589+
/* GHSA-v474-mv4g-v8cx */
18590+
if (buffer_length < 2) {
18591+
return;
18592+
}
18593+
1858918594
/**** Now we are positioned in front of the security parameters field. ****/
18595+
if (buffer_length < 2)
18596+
{
18597+
/* Increment the invalid packet error counter. */
18598+
agent_ptr -> nx_snmp_agent_invalid_packets++;
18599+
18600+
/* Increment the internal error counter. */
18601+
agent_ptr -> nx_snmp_agent_internal_errors++;
18602+
18603+
/* Release the packet. */
18604+
nx_packet_release(packet_ptr);
18605+
18606+
/* Return to caller. */
18607+
return;
18608+
}
1859018609

1859118610
/* Determine if there are security parameters. */
1859218611
if ((buffer_ptr[0] == NX_SNMP_ANS1_OCTET_STRING) && (buffer_ptr[1]))

addons/web/nx_web_http_client.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,7 @@ static NX_WEB_HTTP_CLIENT_STATUS_MAP _nx_web_http_client_status_maps[] =
8080
{"415", NX_WEB_HTTP_STATUS_CODE_UNSUPPORTED_MEDIA},
8181
{"416", NX_WEB_HTTP_STATUS_CODE_RANGE_NOT_SATISFY},
8282
{"417", NX_WEB_HTTP_STATUS_CODE_EXPECTATION_FAILED},
83+
{"429", NX_WEB_HTTP_STATUS_CODE_TOO_MANY_REQUESTS},
8384
{"500", NX_WEB_HTTP_STATUS_CODE_INTERNAL_ERROR},
8485
{"501", NX_WEB_HTTP_STATUS_CODE_NOT_IMPLEMENTED},
8586
{"502", NX_WEB_HTTP_STATUS_CODE_BAD_GATEWAY},
@@ -6472,7 +6473,7 @@ UINT version = 0;
64726473
field_name_length = 0;
64736474

64746475
/* Look for the ':' that separates the field name from its value. */
6475-
while(*buffer_ptr != ':')
6476+
while((buffer_ptr < (CHAR *)packet_ptr -> nx_packet_append_ptr) && (*buffer_ptr != ':'))
64766477
{
64776478
buffer_ptr++;
64786479
field_name_length++;

addons/web/nx_web_http_common.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,7 @@ extern "C" {
178178
#define NX_WEB_HTTP_STATUS_CODE_SERVICE_UNAVAILABLE 0x3003E /* "503 Service Unavailable" */
179179
#define NX_WEB_HTTP_STATUS_CODE_GATEWAY_TIMEOUT 0x3003F /* "504 Gateway Time-out" */
180180
#define NX_WEB_HTTP_STATUS_CODE_VERSION_ERROR 0x30040 /* "505 HTTP Version not supported" */
181+
#define NX_WEB_HTTP_STATUS_CODE_TOO_MANY_REQUESTS 0x30041 /* "429 Too Many Requests" */
181182
#define NX_WEB_HTTP_AUTHENTICATION_ERROR NX_WEB_HTTP_STATUS_CODE_UNAUTHORIZED /* HTTP client authentication failed */
182183

183184
/* Define the HTTP Server TCP port number */

addons/websocket/nx_websocket_client.c

Lines changed: 46 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -327,6 +327,8 @@ UINT _nx_websocket_client_delete(NX_WEBSOCKET_CLIENT *client_ptr)
327327
/* uri_path_length Length of uri path */
328328
/* protocol Pointer to protocol */
329329
/* protocol_length Length of protocol */
330+
/* bearer Pointer to bearer */
331+
/* bearer_length Length of bearer */
330332
/* wait_option Wait option */
331333
/* */
332334
/* OUTPUT */
@@ -351,7 +353,8 @@ UINT _nx_websocket_client_delete(NX_WEBSOCKET_CLIENT *client_ptr)
351353
UINT _nxe_websocket_client_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_TCP_SOCKET *socket_ptr,
352354
UCHAR *host, UINT host_length,
353355
UCHAR *uri_path, UINT uri_path_length,
354-
UCHAR *protocol, UINT protocol_length,UINT wait_option)
356+
UCHAR *protocol, UINT protocol_length,
357+
UCHAR *bearer, UINT bearer_length, UINT wait_option)
355358
{
356359

357360
UINT status;
@@ -361,14 +364,13 @@ UINT status;
361364
if ((client_ptr == NX_NULL) || (client_ptr -> nx_websocket_client_id != NX_WEBSOCKET_CLIENT_ID) ||
362365
(socket_ptr == NX_NULL) || (socket_ptr -> nx_tcp_socket_id != NX_TCP_ID) ||
363366
(host == NX_NULL) || (host_length == 0) ||
364-
(uri_path == NX_NULL) || (uri_path_length == 0) ||
365-
(protocol == NX_NULL) || (protocol_length == 0))
367+
(uri_path == NX_NULL) || (uri_path_length == 0))
366368
{
367369
return(NX_PTR_ERROR);
368370
}
369371

370372
/* Call actual connect function. */
371-
status = _nx_websocket_client_connect(client_ptr, socket_ptr, host, host_length, uri_path, uri_path_length, protocol, protocol_length, wait_option);
373+
status = _nx_websocket_client_connect(client_ptr, socket_ptr, host, host_length, uri_path, uri_path_length, protocol, protocol_length, bearer, bearer_length, wait_option);
372374

373375
/* Return completion status. */
374376
return(status);
@@ -400,6 +402,8 @@ UINT status;
400402
/* uri_path_length Length of uri path */
401403
/* protocol Pointer to protocol */
402404
/* protocol_length Length of protocol */
405+
/* bearer Pointer to bearer */
406+
/* bearer_length Length of bearer */
403407
/* wait_option Wait option */
404408
/* */
405409
/* OUTPUT */
@@ -424,7 +428,8 @@ UINT status;
424428
UINT _nx_websocket_client_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_TCP_SOCKET *socket_ptr,
425429
UCHAR *host, UINT host_length,
426430
UCHAR *resource, UINT resource_length,
427-
UCHAR *protocol, UINT protocol_length,UINT wait_option)
431+
UCHAR *protocol, UINT protocol_length,
432+
UCHAR *bearer, UINT bearer_length, UINT wait_option)
428433
{
429434

430435
UINT status;
@@ -463,7 +468,7 @@ UINT status;
463468
client_ptr -> nx_websocket_client_use_tls = NX_FALSE;
464469
#endif /* NX_SECURE_ENABLE */
465470

466-
status = _nx_websocket_client_connect_internal(client_ptr, host, host_length, resource, resource_length, protocol, protocol_length, wait_option);
471+
status = _nx_websocket_client_connect_internal(client_ptr, host, host_length, resource, resource_length, protocol, protocol_length, bearer, bearer_length, wait_option);
467472

468473
/* Release the mutex and return */
469474
tx_mutex_put(&(client_ptr -> nx_websocket_client_mutex));
@@ -494,6 +499,8 @@ UINT status;
494499
/* uri_path_length Length of uri path */
495500
/* protocol Pointer to protocol */
496501
/* protocol_length Length of protocol */
502+
/* bearer Pointer to bearer */
503+
/* bearer_length Length of bearer */
497504
/* wait_option Wait option */
498505
/* */
499506
/* OUTPUT */
@@ -529,7 +536,8 @@ UINT status;
529536
UINT _nx_websocket_client_connect_internal(NX_WEBSOCKET_CLIENT *client_ptr,
530537
UCHAR *host, UINT host_length,
531538
UCHAR *uri_path, UINT uri_path_length,
532-
UCHAR *protocol, UINT protocol_length,UINT wait_option)
539+
UCHAR *protocol, UINT protocol_length,
540+
UCHAR *bearer, UINT bearer_length, UINT wait_option)
533541
{
534542

535543
UINT i;
@@ -630,15 +638,26 @@ NX_PACKET *packet_ptr;
630638
status += nx_packet_data_append(packet_ptr, client_ptr -> nx_websocket_client_key, client_ptr -> nx_websocket_client_key_size, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
631639
status += nx_packet_data_append(packet_ptr, NX_WEBSOCKET_CRLF, NX_WEBSOCKET_CRLF_SIZE, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
632640

633-
/* Place the connection in the header. */
634-
status += nx_packet_data_append(packet_ptr, "Sec-WebSocket-Protocol: ", sizeof("Sec-WebSocket-Protocol: ") - 1, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
635-
status += nx_packet_data_append(packet_ptr, protocol, protocol_length, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
636-
status += nx_packet_data_append(packet_ptr, NX_WEBSOCKET_CRLF, NX_WEBSOCKET_CRLF_SIZE, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
641+
/* Place the Sec-WebSocket-Protocol in the header. */
642+
if ((protocol != NX_NULL) && (protocol_length != 0))
643+
{
644+
status += nx_packet_data_append(packet_ptr, "Sec-WebSocket-Protocol: ", sizeof("Sec-WebSocket-Protocol: ") - 1, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
645+
status += nx_packet_data_append(packet_ptr, protocol, protocol_length, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
646+
status += nx_packet_data_append(packet_ptr, NX_WEBSOCKET_CRLF, NX_WEBSOCKET_CRLF_SIZE, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
647+
}
637648

638-
/* Place the connection in the header. */
649+
/* Place the Sec-WebSocket-Version in the header. */
639650
status += nx_packet_data_append(packet_ptr, "Sec-WebSocket-Version: 13", sizeof("Sec-WebSocket-Version: 13") - 1, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
640651
status += nx_packet_data_append(packet_ptr, NX_WEBSOCKET_CRLF, NX_WEBSOCKET_CRLF_SIZE, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
641652

653+
/* Place the Bearer in the header. */
654+
if ((bearer != NX_NULL) && (bearer_length != 0))
655+
{
656+
status += nx_packet_data_append(packet_ptr, "Authorization: Bearer ", sizeof("Authorization: Bearer ") - 1, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
657+
status += nx_packet_data_append(packet_ptr, bearer, bearer_length, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
658+
status += nx_packet_data_append(packet_ptr, NX_WEBSOCKET_CRLF, NX_WEBSOCKET_CRLF_SIZE, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
659+
}
660+
642661
/* Fill the last \r\n. */
643662
status += nx_packet_data_append(packet_ptr, NX_WEBSOCKET_CRLF, NX_WEBSOCKET_CRLF_SIZE, client_ptr -> nx_websocket_client_packet_pool_ptr, wait_option);
644663

@@ -732,6 +751,8 @@ NX_PACKET *packet_ptr;
732751
/* uri_path_length Length of uri path */
733752
/* protocol Pointer to protocol */
734753
/* protocol_length Length of protocol */
754+
/* bearer Pointer to bearer */
755+
/* bearer_length Length of bearer */
735756
/* wait_option Wait option */
736757
/* */
737758
/* OUTPUT */
@@ -756,7 +777,8 @@ NX_PACKET *packet_ptr;
756777
UINT _nxe_websocket_client_secure_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_SECURE_TLS_SESSION *tls_session,
757778
UCHAR *host, UINT host_length,
758779
UCHAR *uri_path, UINT uri_path_length,
759-
UCHAR *protocol, UINT protocol_length,UINT wait_option)
780+
UCHAR *protocol, UINT protocol_length,
781+
UCHAR *bearer, UINT bearer_length, UINT wait_option)
760782
{
761783

762784
UINT status;
@@ -766,14 +788,13 @@ UINT status;
766788
if ((client_ptr == NX_NULL) || (client_ptr -> nx_websocket_client_id != NX_WEBSOCKET_CLIENT_ID) ||
767789
(tls_session == NX_NULL) ||
768790
(host == NX_NULL) || (host_length == 0) ||
769-
(uri_path == NX_NULL) || (uri_path_length == 0) ||
770-
(protocol == NX_NULL) || (protocol_length == 0))
791+
(uri_path == NX_NULL) || (uri_path_length == 0))
771792
{
772793
return(NX_PTR_ERROR);
773794
}
774795

775796
/* Call actual secure connect function. */
776-
status = _nx_websocket_client_secure_connect(client_ptr, tls_session, host, host_length, uri_path, uri_path_length, protocol, protocol_length, wait_option);
797+
status = _nx_websocket_client_secure_connect(client_ptr, tls_session, host, host_length, uri_path, uri_path_length, protocol, protocol_length, bearer, bearer_length, wait_option);
777798

778799
/* Return completion status. */
779800
return(status);
@@ -805,6 +826,8 @@ UINT status;
805826
/* uri_path_length Length of uri path */
806827
/* protocol Pointer to protocol */
807828
/* protocol_length Length of protocol */
829+
/* bearer Pointer to bearer */
830+
/* bearer_length Length of bearer */
808831
/* wait_option Wait option */
809832
/* */
810833
/* OUTPUT */
@@ -829,7 +852,8 @@ UINT status;
829852
UINT _nx_websocket_client_secure_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_SECURE_TLS_SESSION *tls_session,
830853
UCHAR *host, UINT host_length,
831854
UCHAR *uri_path, UINT uri_path_length,
832-
UCHAR *protocol, UINT protocol_length,UINT wait_option)
855+
UCHAR *protocol, UINT protocol_length,
856+
UCHAR *bearer, UINT bearer_length, UINT wait_option)
833857
{
834858

835859
UINT status;
@@ -865,7 +889,7 @@ UINT status;
865889
client_ptr -> nx_websocket_client_tls_session_ptr = tls_session;
866890
client_ptr -> nx_websocket_client_use_tls = NX_TRUE;
867891

868-
status = _nx_websocket_client_connect_internal(client_ptr, host, host_length, uri_path, uri_path_length, protocol, protocol_length, wait_option);
892+
status = _nx_websocket_client_connect_internal(client_ptr, host, host_length, uri_path, uri_path_length, protocol, protocol_length, bearer, bearer_length, wait_option);
869893

870894
/* Release the mutex and return */
871895
tx_mutex_put(&(client_ptr -> nx_websocket_client_mutex));
@@ -919,7 +943,8 @@ UINT _nx_websocket_client_name_compare(UCHAR *src, ULONG src_length, UCHAR *des
919943
UCHAR ch;
920944

921945
/* Compare the length. */
922-
if(src_length != dest_length)
946+
if((src_length != dest_length) ||
947+
(src == NX_NULL) || (dest == NX_NULL))
923948
{
924949
return(NX_WEBSOCKET_ERROR);
925950
}
@@ -1009,7 +1034,6 @@ UCHAR key[NX_WEBSOCKET_ACCEPT_KEY_SIZE + 1];
10091034
UINT key_size = 0;
10101035
UCHAR upgrade_flag = NX_FALSE;
10111036
UCHAR connection_flag = NX_FALSE;
1012-
UCHAR protocol_cnt = 0;
10131037
UCHAR accept_cnt = 0;
10141038

10151039
NX_PARAMETER_NOT_USED(client_ptr);
@@ -1135,8 +1159,6 @@ UCHAR accept_cnt = 0;
11351159
{
11361160
return(NX_WEBSOCKET_INVALID_PACKET);
11371161
}
1138-
1139-
protocol_cnt++;
11401162
}
11411163
else if (_nx_websocket_client_name_compare((UCHAR *)field_name, field_name_length, (UCHAR *)"Sec-WebSocket-Accept", sizeof("Sec-WebSocket-Accept") - 1) == NX_SUCCESS)
11421164
{
@@ -1162,8 +1184,8 @@ UCHAR accept_cnt = 0;
11621184
/* Check if the all fields are processed and found as required. */
11631185
if ((offset != packet_ptr -> nx_packet_length) ||
11641186
(upgrade_flag != NX_TRUE) || (connection_flag != NX_TRUE) ||
1165-
(protocol_cnt != 1) || (accept_cnt != 1)) /* Both sec-websocket-protocol field and sec-websocket-accept field are allowed occur once only.
1166-
Reference in RFC 6455, Section 11.3.3 and 11.3.4, Page 59-60 */
1187+
(accept_cnt != 1)) /* Sec-WebSocket-Accept field is allowed occur once only.
1188+
Reference in RFC 6455, Section 11.3.3 and 11.3.4, Page 59-60 */
11671189
{
11681190
return(NX_WEBSOCKET_INVALID_PACKET);
11691191
}

addons/websocket/nx_websocket_client.h

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -291,11 +291,13 @@ UINT _nx_websocket_client_packet_allocate(NX_WEBSOCKET_CLIENT *client_ptr, NX_P
291291
UINT _nxe_websocket_client_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_TCP_SOCKET *socket_ptr,
292292
UCHAR *host, UINT host_length,
293293
UCHAR *uri_path, UINT uri_path_length,
294-
UCHAR *protocol, UINT protocol_length,UINT wait_option);
294+
UCHAR *protocol, UINT protocol_length,
295+
UCHAR *bearer, UINT bearer_length, UINT wait_option);
295296
UINT _nx_websocket_client_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_TCP_SOCKET *socket_ptr,
296297
UCHAR *host, UINT host_length,
297298
UCHAR *uri_path, UINT uri_path_length,
298-
UCHAR *protocol, UINT protocol_length,UINT wait_option);
299+
UCHAR *protocol, UINT protocol_length,
300+
UCHAR *bearer, UINT bearer_length, UINT wait_option);
299301
#ifdef NX_SECURE_ENABLE
300302
UINT _nxe_websocket_client_secure_connect(NX_WEBSOCKET_CLIENT *client_ptr, NX_SECURE_TLS_SESSION *tls_session,
301303
UCHAR *host, UINT host_length,
@@ -323,7 +325,8 @@ UINT _nx_websocket_client_connection_status_callback_set(NX_WEBSOCKET_CLIENT *c
323325
UINT _nx_websocket_client_connect_internal(NX_WEBSOCKET_CLIENT *client_ptr,
324326
UCHAR *host, UINT host_length,
325327
UCHAR *uri_path, UINT uri_path_length,
326-
UCHAR *protocol, UINT protocol_length,UINT wait_option);
328+
UCHAR *protocol, UINT protocol_length,
329+
UCHAR *bearer, UINT bearer_length, UINT wait_option);
327330
UINT _nx_websocket_client_name_compare(UCHAR *src, ULONG src_length, UCHAR *dest, ULONG dest_length);
328331
UINT _nx_websocket_client_connect_response_process(NX_WEBSOCKET_CLIENT *client_ptr, NX_PACKET *packet_ptr);
329332
UINT _nx_websocket_client_packet_trim(NX_WEBSOCKET_CLIENT *client_ptr, NX_PACKET **packet_ptr, ULONG trim_size);

common/inc/nx_api.h

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -529,7 +529,9 @@ VOID _nx_trace_event_update(TX_TRACE_BUFFER_ENTRY *event, ULONG timestamp, ULONG
529529
#define AZURE_RTOS_NETXDUO
530530
#define NETXDUO_MAJOR_VERSION 6
531531
#define NETXDUO_MINOR_VERSION 4
532-
#define NETXDUO_PATCH_VERSION 3
532+
#define NETXDUO_PATCH_VERSION 4
533+
#define NETXDUO_BUILD_VERSION 202503
534+
#define NETXDUO_HOTFIX_VERSION ''
533535

534536
/* Define the following symbols for backward compatibility */
535537
#define EL_PRODUCT_NETXDUO

common/src/nx_icmpv6_validate_options.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,10 @@ UINT _nx_icmpv6_validate_options(NX_ICMPV6_OPTION *option, INT length, INT addit
8181
UINT option_len;
8282

8383
/* Parse all option headers from the ICMPv6 header. */
84-
while (length > 0)
84+
/* GHSA-rf32-h832-hg8r:
85+
Verify that the length is at least 2 to cover nx_icmpv6_option_length and
86+
nx_icmpv6_option_type. */
87+
while (length > 2)
8588
{
8689
/* Verify that the option length is not zero. */
8790
if (option -> nx_icmpv6_option_length == 0)

0 commit comments

Comments
 (0)