From 1ead6acea55028dcf2e6ba0fec8b0127a993d8a5 Mon Sep 17 00:00:00 2001 From: Steve Karg Date: Wed, 15 Apr 2020 00:03:21 -0500 Subject: [PATCH] Fix BACnet IPv4 decode to allow for NULL (#72) Co-authored-by: Steve Karg --- src/bacnet/basic/bbmd/h_bbmd.c | 10 ++++- src/bacnet/datalink/bvlc.c | 68 ++++++++++++++-------------------- 2 files changed, 37 insertions(+), 41 deletions(-) diff --git a/src/bacnet/basic/bbmd/h_bbmd.c b/src/bacnet/basic/bbmd/h_bbmd.c index 51449aa6..fd042b1b 100644 --- a/src/bacnet/basic/bbmd/h_bbmd.c +++ b/src/bacnet/basic/bbmd/h_bbmd.c @@ -1042,6 +1042,9 @@ int bvlc_bbmd_enabled_handler(BACNET_IP_ADDRESS *addr, bvlc_ip_address_to_bacnet_local(src, addr); offset = header_len + function_len - npdu_len; debug_print_npdu("Original-Unicast-NPDU", offset, npdu_len); + } else { + debug_print_string( + "Original-Broadcast-NPDU: Unable to decode!"); } break; case BVLC_ORIGINAL_BROADCAST_NPDU: @@ -1074,6 +1077,9 @@ int bvlc_bbmd_enabled_handler(BACNET_IP_ADDRESS *addr, bbmd_fdt_forward_npdu(addr, npdu, npdu_len, true); bbmd_bdt_forward_npdu(addr, npdu, npdu_len, true); debug_print_npdu("Original-Broadcast-NPDU", offset, npdu_len); + } else { + debug_print_string( + "Original-Broadcast-NPDU: Unable to decode!"); } break; case BVLC_SECURE_BVLL: @@ -1245,10 +1251,12 @@ void bvlc_disable_nat(void) void bvlc_init(void) { - debug_print_string("Initializing."); #if BBMD_ENABLED + debug_print_string("Initializing (BBMD Enabled)."); bvlc_broadcast_distribution_table_link_array( &BBMD_Table[0], MAX_BBMD_ENTRIES); bvlc_foreign_device_table_link_array(&FD_Table[0], MAX_FD_ENTRIES); +#else + debug_print_string("Initializing (BBMD Disabled)."); #endif } diff --git a/src/bacnet/datalink/bvlc.c b/src/bacnet/datalink/bvlc.c index 448c125a..7094a2c5 100644 --- a/src/bacnet/datalink/bvlc.c +++ b/src/bacnet/datalink/bvlc.c @@ -1385,19 +1385,15 @@ int bvlc_decode_distribute_broadcast_to_network(uint8_t *pdu, int bytes_consumed = 0; uint16_t i = 0; - if (pdu) { - if ((pdu_len > 0) && (pdu_len <= npdu_size)) { - if (npdu) { - for (i = 0; i < pdu_len; i++) { - npdu[i] = pdu[i]; - } - } + if (pdu && npdu && (pdu_len > 0) && (pdu_len <= npdu_size)) { + for (i = 0; i < pdu_len; i++) { + npdu[i] = pdu[i]; } - if (npdu_len) { - *npdu_len = pdu_len; - } - bytes_consumed = (int)pdu_len; } + if (npdu_len) { + *npdu_len = pdu_len; + } + bytes_consumed = (int)pdu_len; return bytes_consumed; } @@ -1464,17 +1460,15 @@ int bvlc_decode_original_unicast(uint8_t *pdu, int bytes_consumed = 0; uint16_t i = 0; - if (pdu_len <= npdu_size) { - if (pdu && npdu) { - for (i = 0; i < pdu_len; i++) { - npdu[i] = pdu[i]; - } + if (pdu && npdu && (pdu_len > 0) && (pdu_len <= npdu_size)) { + for (i = 0; i < pdu_len; i++) { + npdu[i] = pdu[i]; } - if (npdu_len) { - *npdu_len = pdu_len; - } - bytes_consumed = (int)pdu_len; } + if (npdu_len) { + *npdu_len = pdu_len; + } + bytes_consumed = (int)pdu_len; return bytes_consumed; } @@ -1541,17 +1535,15 @@ int bvlc_decode_original_broadcast(uint8_t *pdu, int bytes_consumed = 0; uint16_t i = 0; - if (pdu_len <= npdu_size) { - if (pdu && npdu) { - for (i = 0; i < pdu_len; i++) { - npdu[i] = pdu[i]; - } + if (pdu && npdu && (pdu_len > 0) && (pdu_len <= npdu_size)) { + for (i = 0; i < pdu_len; i++) { + npdu[i] = pdu[i]; } - if (npdu_len) { - *npdu_len = pdu_len; - } - bytes_consumed = (int)pdu_len; } + if (npdu_len) { + *npdu_len = pdu_len; + } + bytes_consumed = (int)pdu_len; return bytes_consumed; } @@ -1618,19 +1610,15 @@ int bvlc_decode_secure_bvll(uint8_t *pdu, int bytes_consumed = 0; uint16_t i = 0; - if (pdu) { - if (sbuf_len) { - *sbuf_len = pdu_len; + if (pdu && sbuf && (pdu_len > 0) && (pdu_len <= sbuf_size)) { + for (i = 0; i < pdu_len; i++) { + sbuf[i] = pdu[i]; } - if (pdu_len) { - if (sbuf) { - for (i = 0; i < pdu_len; i++) { - sbuf[i] = pdu[i]; - } - } - } - bytes_consumed = (int)pdu_len; } + if (sbuf_len) { + *sbuf_len = pdu_len; + } + bytes_consumed = (int)pdu_len; return bytes_consumed; }