Invalid Code

[sabor12345]

Environment

• Build System: [Make]
• Operating System: [Linux]
• Operating System Version: [Debian GNU/Linux 12]
• Hosted Environment: [None]

libcoap Configuration Summary

$ ./configure --prefix=/home/libcoap_2023_10_22/libcoap/build --disable-manpages
libcoap configuration summary:
libcoap package version : "4.3.1"
libcoap library version : "3.0.0"
libcoap API version : "3"
libcoap DTLS lib extn : "-openssl"
host system : "x86_64-pc-linux-gnu"
configure:17721: result: build with server support: "yes"
configure:17728: result: build with client support: "yes"
configure:17735: result: build with TCP support : "yes"
configure:17752: result: build DTLS support : "yes"
configure:17754: result: --> OpenSSL around : "yes" (found OpenSSL 3.0.11)
configure:17756: result: OPENSSL_CFLAGS : ""
configure:17758: result: OPENSSL_LIBS : "-lssl -lcrypto "
configure:17791: result: add default names : "yes"
configure:17798: result: build using epoll : "yes"
configure:17801: result: enable small stack size : "no"
configure:17804: result: enable separate responses: "yes"
configure:17811: result: build doxygen pages : "yes"
configure:17813: result: --> Doxygen around : "yes" (/usr/bin/doxygen 1.9.4)
configure:17819: result: --> dot around : "yes" (/usr/bin/dot 2.43.0)
configure:17832: result: build man pages : "no"
configure:17839: result: build unit test binary : "no"
configure:17843: result: build examples : "yes"
configure:17850: result: install examples source : "yes"
configure:17860: result: build with gcov support : "no"
configure:17864: result: build shared library : "yes"
configure:17871: result: build static library : "yes"

Problem Description

It is possible to send a request or a response with an invalid Code where the recipient is not rejecting the message. With invalid Code i mean Code that is not valid and also uses reserved classes.

Expected Behavior

According to RFC7252:

"The class can indicate a request (0), a success response (2), a client error response (4), or a server error response (5). (All other class values are reserved.) As a special case, Code 0.00 indicates an Empty message."

It also says that;
A recipient MUST either (a) acknowledge a Confirmable message with an Acknowledgement message or (b) reject the message if the recipient lacks context to process the message properly, including situations where the message is Empty, uses a code with a reserved class (1, 6, or 7), or has a message format error. Rejecting a Confirmable message is effected by sending a matching Reset message and otherwise ignoring it

Actual Behavior

The recipient is not rejecting the message with invalid code.

Code to reproduce this issue

Use the server-client example in the example folder. Do a get CON request to the resource .well-known/core.
You can set the Code field to 193 in the request and send it to the server who will not reject it.

You can send a response to the client, where the Code is set to 197 and the client will not reject it.

Debug Logs

Client receives this:
recv  159 bytes
v:1 t:ACK c:6.05 i:6080 {31} [ Content-Format:application/link-format ] :: '</>;title="General Info";ct=0,</time>;if="clock";rt="ticks";title="Internal Clock";ct=0;obs,</async>;ct=0,</example_data>;title="Example Data";ct=0;obs'
Dec 14 18:42:38.645 DEBG ** [::1]:60993 <-> [::1]:5683 UDP : mid=0x6080: removed (1)

Server receives this:
recv   29 bytes
v:1 t:CON c:6.01 i:607f {31} [ Uri-Path:.well-known, Uri-Path:core, Request-Tag:0xe7f8c787 ]
and produces this:
v:1 t:ACK c:0.00 i:607f {} [ ]

[mrdeep1]

@sabor12345 Thanks for raising this. Please check #1301 to see that this fixes what you are seeing.

You can send a response to the client, where the Code is set to 197 and the client will not reject it.

In your example, the client receives an ACK. #1301 will not sent back a RST here, but does create a COAP_NACK_BAD_RESPONSE nack event.

[mrdeep1]

@sabor12345 Any feedback?