[Coverity CID: 236604] Untrusted value as argument in subsys/net/lib/lwm2m/lwm2m_engine.c

[zephyrbot]

Static code scan issues found in file:

https:/zephyrproject-rtos/zephyr/tree/d25e5c20a07203443b2e9fafe30bf8eef852ed23/subsys/net/lib/lwm2m/lwm2m_engine.c#L4601

Category: Insecure data handling
Function: socket_recv_message
Component: Networking
CID: 236604

Details:

zephyr/subsys/net/lib/lwm2m/lwm2m_engine.c

Line 4601 in d25e5c2

lwm2m_udp_receive(client_ctx, in_buf, len, &from_addr, handle_request);

4595         if (len == 0) {
4596             LOG_ERR("Zero length recv");
4597             return 0;
4598         }
4599    
4600         in_buf[len] = 0U;
>>>     CID 236604:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "in_buf" to "lwm2m_udp_receive", which uses it as an offset.
4601         lwm2m_udp_receive(client_ctx, in_buf, len, &from_addr, handle_request);
4602    
4603         return 0;
4604     }
4605    
4606     static int socket_send_message(struct lwm2m_ctx *client_ctx)

For more information about the violation, check the Coverity Reference. CWE-20

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v29271/p12996

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.

[rlubos]

False positive, similar case to #33040.