Update mbed-coap to version 5.1.3

[ristohuhtala]

Description

Fix for overflow errors

Summary of changes

Added check that returned int16 value wont overflow when creating new CoAP message
Changed buffer handling when CoAP message is parsed. Now every time before pointer value increased, buffer size is checked to avoid overflow.

Impact of changes

Migration actions required

Documentation

---

Pull request type

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

---

Test results

[x] No Tests required for this change (E.g docs only update)
[] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

---

Reviewers

@anttiylitokola @yogpan01

---

[kjbracey]

BTW is this the best place to send mbed-coap updates? Isn't there still a master repo elsewhere?

[ciarmcom]

@ristohuhtala, thank you for your changes.
@anttiylitokola @yogpan01 @ARMmbed/mbed-os-maintainers please review.

[ristohuhtala]

BTW is this the best place to send mbed-coap updates? Isn't there still a master repo elsewhere?

As first timer in this, did this wrong way. Will create new version from mbed-coap and update this PR

[kjbracey]

I'll go and make some comments on the relevant PRs over in the mbed-coap repo. Some of it's just "style", but the changes have a couple of real issues. Would be good to address before taking an update.

[JanneKiiskila]

@bulislaw @adbridge @0xc0170 - for 5.15.1

[ristohuhtala]

Updated mbed-coap changelog.md file. Also did changes requested to logic to detect overflow. Also updated PR title to be in similar format as in previous mbed-coap update PRs.

[adbridge]

@ristohuhtala thank you for the PR. Instead of putting something like 'Fix for IOTCLT-3748 CVE-2019-17211 - mbed-coap integer overflow' in the summary of changes , could you instead please provide a brief summary of what the actual issue is and then add how it was fixed? Also please split this into 2 separate PRs. There should be only one fix per PR (https://os.mbed.com/docs/mbed-os/v5.15/contributing/workflow.html#guidelines-for-github-pull-requests) .

[ristohuhtala]

@ristohuhtala thank you for the PR. Instead of putting something like 'Fix for IOTCLT-3748 CVE-2019-17211 - mbed-coap integer overflow' in the summary of changes , could you instead please provide a brief summary of what the actual issue is and then add how it was fixed? Also please split this into 2 separate PRs. There should be only one fix per PR (https://os.mbed.com/docs/mbed-os/v5.15/contributing/workflow.html#guidelines-for-github-pull-requests) .

@adbridge Thanks for link. This was very first PR to mbed-os for me. Will put your link to my bookmarks.
I updated this PR to be updating mbed-coap to version 5.1.3. Also updated PR description.

[ristohuhtala]

Talked with @yogpan01 , would good to push each error fix as separate version. Will close this and create new for new ones

[0xc0170]

@ristohuhtala As this was an update from upstream repository, it was fine as it was (considering the upstream version was already updated). As the mbed-coap is in the different repository, changes should be applied there at first. An update to Mbed OS after.

I'll review the split PRs now to get them in.