Merge pull request #7082 from anttiylitokola/master

Update mbed-coap to version 4.4.4

Author: Cruz Monrreal

features/frameworks/mbed-coap/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## [v4.4.4](https://github.com/ARMmbed/mbed-coap/releases/tag/v4.4.4) 
+**Closed issues:**
+ - IOTCLT-2638 [GitHub] hardfault during reconnection retry with Thread
+
+-[Full Changelog](https://github.com/ARMmbed/mbed-coap/compare/v4.4.3...v4.4.4)
+
 ## [v4.4.3](https://github.com/ARMmbed/mbed-coap/releases/tag/v4.4.3) 
 **Closed issues:**
  - IOTCLT-2506 [GitHub] Cannot set registration time if server does not use max age option

features/frameworks/mbed-coap/module.json

@@ -1,6 +1,6 @@
 {
   "name": "mbed-coap",
-  "version": "4.4.3",
+  "version": "4.4.4",
   "description": "COAP library",
   "keywords": [
     "coap",

features/frameworks/mbed-coap/source/sn_coap_protocol.c

@@ -265,12 +265,6 @@ void sn_coap_protocol_clear_sent_blockwise_messages(struct coap_s *handle)
 
     /* Loop all stored Blockwise messages in Linked list */
     ns_list_foreach_safe(coap_blockwise_msg_s, removed_blocwise_msg_ptr, &handle->linked_list_blockwise_sent_msgs) {
-        if (removed_blocwise_msg_ptr->coap_msg_ptr) {
-            handle->sn_coap_protocol_free(removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr);
-            removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr = 0;
-            sn_coap_parser_release_allocated_coap_msg_mem(handle, removed_blocwise_msg_ptr->coap_msg_ptr);
-            removed_blocwise_msg_ptr->coap_msg_ptr = 0;
-        }
         sn_coap_protocol_linked_list_blockwise_msg_remove(handle, removed_blocwise_msg_ptr);
     }
 #endif
@@ -1472,27 +1466,28 @@ static void sn_coap_protocol_handle_blockwise_timout(struct coap_s *handle)
     ns_list_foreach_safe(coap_blockwise_msg_s, removed_blocwise_msg_ptr, &handle->linked_list_blockwise_sent_msgs) {
         if ((handle->system_time - removed_blocwise_msg_ptr->timestamp)  > SN_COAP_BLOCKWISE_MAX_TIME_DATA_STORED) {
 
+            // Item must be removed from the list before calling the rx_callback function.
+            // Callback could actually clear the list and free the item and cause a use after free when callback returns.
+            ns_list_remove(&handle->linked_list_blockwise_sent_msgs, removed_blocwise_msg_ptr);
+
             /* * * * This messages has timed out, remove it from Linked list * * * */
             if( removed_blocwise_msg_ptr->coap_msg_ptr ){
-
                 if (handle->sn_coap_rx_callback) {
                     /* Notify the application about the time out */
                     removed_blocwise_msg_ptr->coap_msg_ptr->coap_status = COAP_STATUS_BUILDER_BLOCK_SENDING_FAILED;
                     removed_blocwise_msg_ptr->coap_msg_ptr->msg_id = removed_blocwise_msg_ptr->msg_id;
                     handle->sn_coap_rx_callback(removed_blocwise_msg_ptr->coap_msg_ptr, NULL, removed_blocwise_msg_ptr->param);
                 }
 
-                if(removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr){
-                    handle->sn_coap_protocol_free(removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr);
-                    removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr = 0;
-                }
+                handle->sn_coap_protocol_free(removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr);
                 sn_coap_parser_release_allocated_coap_msg_mem(handle, removed_blocwise_msg_ptr->coap_msg_ptr);
-                removed_blocwise_msg_ptr->coap_msg_ptr = 0;
             }
-            sn_coap_protocol_linked_list_blockwise_msg_remove(handle, removed_blocwise_msg_ptr);
+
+            handle->sn_coap_protocol_free(removed_blocwise_msg_ptr);
         }
     }
 
+
     /* Loop all incoming Blockwise messages */
     ns_list_foreach_safe(coap_blockwise_payload_s, removed_blocwise_payload_ptr, &handle->linked_list_blockwise_received_payloads) {
         if ((handle->system_time - removed_blocwise_payload_ptr->timestamp)  > SN_COAP_BLOCKWISE_MAX_TIME_DATA_STORED) {