When forming packets, the head provides a length field. Before the packet is formed, it should be asserted that the length field does indeed match the length of the CBOR payload.
Zephyr asserts this in smp.c
/* Read the management header and strip it from the request. */
rc = smp_read_hdr(req, &req_hdr);
if (rc != 0) {
rc = MGMT_ERR_ECORRUPT;
break;
} else {
valid_hdr = true;
}
/* Does buffer contain whole message? */
if (req->len < (req_hdr.nh_len + MGMT_HDR_SIZE)) {
rc = MGMT_ERR_ECORRUPT;
break;
}
When forming packets, the head provides a length field. Before the packet is formed, it should be asserted that the length field does indeed match the length of the CBOR payload.
Zephyr asserts this in smp.c