Codrio BLE: ignore packet if data allocation fails (CVE-2024-48985)

[Diff-fusion]

Summary of changes

hciTrSerialRxIncoming parses incoming hci packets. It takes two bytes from the packet header and tries to allocate a buffer based on the packet size contained in those bytes. There is no logic to account for the case of an allocate failing. If WSF_ASSERT is not enabled (it isn't by default), the packet isn't dropped either.

• mbed-os/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c

  Line 200 in 54e8693

  pPktRx = (uint8_t*)WsfMsgDataAlloc(hdrLen + dataLen, 0);

This means that the function will stay in it's HCI_RX_STATE_HEADER state for longer than intended. Because every iteration of the loop writes another byte to hdrRx and the intended exit condition for this state has been passed, it will continue writing to hdrRx past it's bounds, causing a buffer overflow.

This fix handles the failed allocation by resetting the parser and exiting the function, similar to #374.

Impact of changes

Migration actions required

Documentation

None

---

Pull request type

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

---

Test results

[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

---

[Diff-fusion]

This PR fixes CVE-2024-48985

[multiplemonomials]

Thanks for the fix!