dali/bacnet_stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bugfix/secure read range codec (#957)

Browse Source 
* Secured ReadRange service codecs. Added ReadRange unit testing. Secured ReadRange-ACK handler to enable APDU size checking.
This commit is contained in:
Steve Karg
2025-04-03 09:14:08 -05:00
committed by GitHub
parent 921264b2c2
commit 31af2507fb
13 changed files with 828 additions and 440 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bacnet/bacdcode.c
+4 -4
View File
@@ -1517,8 +1517,7 @@ int decode_bitstring(
* @param apdu - buffer to hold the bytes
* @param apdu_size - number of bytes in the buffer to decode
* @param len_value - number of bytes in the unsigned value encoding
* @param value - value to decode into
*
* @param value - value to decode into, or NULL for length checking
* @return number of bytes decoded, or zero if errors occur
*/
int bacnet_bitstring_decode(
@@ -1533,7 +1532,7 @@ int bacnet_bitstring_decode(
uint32_t bytes_used;
/* check to see if the APDU is long enough */
if (apdu && value && (len_value <= apdu_size)) {
if (apdu && (len_value <= apdu_size)) {
/* Init/empty the string. */
bitstring_init(value);
if (len_value > 0) {
@@ -1544,7 +1543,8 @@ int bacnet_bitstring_decode(
/* Copy the bytes in reversed bit order. */
for (i = 0; i < bytes_used; i++) {
bitstring_set_octet(
value, (uint8_t)i, byte_reverse_bits(apdu[len++]));
value, (uint8_t)i, byte_reverse_bits(apdu[len]));
len++;
}
/* Erase the remaining unused bits. */
unused_bits = (uint8_t)(apdu[0] & 0x07);
src/bacnet/basic/service/h_rr.c
+10 -9
View File
@@ -154,14 +154,16 @@ void handler_read_range(
len = Encode_RR_payload(&Temp_Buf[0], &data);
if (len >= 0) {
/* encode the APDU portion of the packet */
data.application_data = &Temp_Buf[0];
data.application_data_len = len;
/* FIXME: probably need a length limitation sent with encode */
len = rr_ack_encode_apdu(
&Handler_Transmit_Buffer[pdu_len], service_data->invoke_id,
&data);
debug_print("RR: Sending Ack!\n");
error = false;
len = rr_ack_encode_apdu(NULL, service_data->invoke_id, &data);
if (len < sizeof(Handler_Transmit_Buffer) - pdu_len) {
len = rr_ack_encode_apdu(
&Handler_Transmit_Buffer[pdu_len],
service_data->invoke_id, &data);
debug_print("RR: Sending Ack!\n");
error = false;
} else {
len = -2; /* too big */
}
}
if (error) {
if (len == -2) {
@@ -182,7 +184,6 @@ void handler_read_range(
}
}
}
pdu_len += len;
bytes_sent = datalink_send_pdu(
src, &npdu_data, &Handler_Transmit_Buffer[0], pdu_len);
src/bacnet/readrange.c
+415 -340
View File
@@ -205,188 +205,197 @@ int rr_encode_apdu(
/**
* Decode the received ReadRange request
*
* @param apdu Pointer to the APDU buffer.
* @param apdu_len Bytes valid in the APDU buffer.
* @param rrdata Pointer to the data used for encoding.
*
* @return Bytes encoded.
* @param apdu Pointer to the APDU buffer.
* @param apdu_size number of bytes in the APDU buffer.
* @param data Pointer to the data filled while decoding.
* @return Bytes decoded, or #BACNET_STATUS_ERROR
*/
int rr_decode_service_request(
const uint8_t *apdu, unsigned apdu_len, BACNET_READ_RANGE_DATA *rrdata)
const uint8_t *apdu, unsigned apdu_size, BACNET_READ_RANGE_DATA *data)
{
unsigned len = 0;
unsigned TagLen = 0;
uint8_t tag_number = 0;
uint32_t len_value_type = 0;
BACNET_OBJECT_TYPE type = OBJECT_NONE; /* for decoding */
uint32_t enum_value;
BACNET_UNSIGNED_INTEGER unsigned_value;
int len = 0, apdu_len = 0;
uint32_t value32 = 0;
int32_t signed_value = 0;
BACNET_OBJECT_TYPE object_type = OBJECT_NONE;
uint32_t enum_value = 0;
BACNET_UNSIGNED_INTEGER unsigned_value = 0;
BACNET_DATE *bdate = NULL;
BACNET_TIME *btime = NULL;
/* check for value pointers */
if ((apdu_len >= 5) && apdu && rrdata) {
/* Tag 0: Object ID */
if (!decode_is_context_tag(&apdu[len++], 0)) {
return -1;
}
len += decode_object_id(&apdu[len], &type, &rrdata->object_instance);
rrdata->object_type = type;
/* Tag 1: Property ID */
if (len >= apdu_len) {
return (-1);
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number != 1) {
return -1;
}
len += decode_enumerated(&apdu[len], len_value_type, &enum_value);
rrdata->object_property = (BACNET_PROPERTY_ID)enum_value;
rrdata->Overhead = RR_OVERHEAD; /* Start with the fixed overhead */
/* Tag 2: Optional Array Index - set to ALL if not present */
rrdata->array_index = BACNET_ARRAY_ALL; /* Assuming this is the most
common outcome... */
if (len < apdu_len) {
TagLen = (unsigned)decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number == 2) {
len += TagLen;
len += decode_unsigned(
&apdu[len], len_value_type, &unsigned_value);
rrdata->array_index = (BACNET_ARRAY_INDEX)unsigned_value;
rrdata->Overhead +=
RR_INDEX_OVERHEAD; /* Allow for this in the response */
}
}
/* And/or optional range selection- Tags 3, 6 and 7 */
rrdata->RequestType = RR_READ_ALL; /* Assume the worst to cut out
explicit checking later */
if (len < apdu_len) {
/*
* Note: We pick up the opening tag and then decode the
* parameter types we recognise. We deal with the count and the
* closing tag in each case statement even though it might
* appear that we could do them after the switch statement as
* common elements. This is so that if we receive a tag we don't
* recognise, we don't try to decode it blindly and make a mess
* of it.
*/
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
switch (tag_number) {
case 3: /* ReadRange by position */
rrdata->RequestType = RR_BY_POSITION;
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_unsigned(
&apdu[len], len_value_type, &unsigned_value);
rrdata->Range.RefIndex = (uint32_t)unsigned_value;
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_signed(
&apdu[len], len_value_type, &rrdata->Count);
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
break;
case 6: /* ReadRange by sequence number */
rrdata->RequestType = RR_BY_SEQUENCE;
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_unsigned(
&apdu[len], len_value_type, &unsigned_value);
rrdata->Range.RefSeqNum = (uint32_t)unsigned_value;
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_signed(
&apdu[len], len_value_type, &rrdata->Count);
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
/* Allow for this in the response */
rrdata->Overhead += RR_1ST_SEQ_OVERHEAD;
break;
case 7: /* ReadRange by time stamp */
rrdata->RequestType = RR_BY_TIME;
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_date(&apdu[len], &rrdata->Range.RefTime.date);
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_bacnet_time(
&apdu[len], &rrdata->Range.RefTime.time);
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (len >= apdu_len) {
break;
}
len += decode_signed(
&apdu[len], len_value_type, &rrdata->Count);
if (len >= apdu_len) {
break;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
/* Allow for this in the response */
rrdata->Overhead += RR_1ST_SEQ_OVERHEAD;
break;
default: /* If we don't recognise the tag then we do nothing
* here and try to return all elements of the array
*/
break;
}
if (!apdu) {
return BACNET_STATUS_ERROR;
}
/* objectIdentifier [0] BACnetObjectIdentifier */
len = bacnet_object_id_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 0, &object_type, &value32);
if (len > 0) {
apdu_len += len;
if (data) {
data->object_type = object_type;
data->object_instance = value32;
}
} else {
return (-1);
return BACNET_STATUS_ERROR;
}
/* propertyIdentifier [1] BACnetPropertyIdentifier */
len = bacnet_enumerated_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 1, &enum_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->object_property = (BACNET_PROPERTY_ID)enum_value;
data->Overhead = RR_OVERHEAD; /* Start with the fixed overhead */
}
} else {
return BACNET_STATUS_ERROR;
}
/* propertyArrayIndex [2] Unsigned OPTIONAL */
len = bacnet_unsigned_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 2, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->array_index = (BACNET_ARRAY_INDEX)unsigned_value;
data->Overhead += RR_INDEX_OVERHEAD;
}
} else if (len == 0) {
/* OPTIONAL missing - skip adding len */
if (data) {
data->array_index = BACNET_ARRAY_ALL;
}
} else {
return BACNET_STATUS_ERROR;
}
if (bacnet_is_opening_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 3, &len)) {
/*
byPosition [3] SEQUENCE {
referenceIndex Unsigned,
count INTEGER
}
*/
apdu_len += len;
if (data) {
data->RequestType = RR_BY_POSITION;
}
len = bacnet_unsigned_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->Range.RefIndex = (uint32_t)unsigned_value;
}
} else {
return BACNET_STATUS_ERROR;
}
len = bacnet_signed_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, &signed_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->Count = signed_value;
}
} else {
return BACNET_STATUS_ERROR;
}
if (bacnet_is_closing_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 3, &len)) {
apdu_len += len;
} else {
return BACNET_STATUS_ERROR;
}
} else if (bacnet_is_opening_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 6, &len)) {
/*
bySequenceNumber [6] SEQUENCE {
referenceIndex Unsigned,
count INTEGER
}
*/
apdu_len += len;
if (data) {
data->RequestType = RR_BY_SEQUENCE;
}
len = bacnet_unsigned_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->Range.RefSeqNum = (uint32_t)unsigned_value;
data->Overhead += RR_1ST_SEQ_OVERHEAD;
}
} else {
return BACNET_STATUS_ERROR;
}
len = bacnet_signed_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, &signed_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->Count = signed_value;
}
} else {
return BACNET_STATUS_ERROR;
}
if (bacnet_is_closing_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 6, &len)) {
apdu_len += len;
} else {
return BACNET_STATUS_ERROR;
}
} else if (bacnet_is_opening_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 7, &len)) {
/*
byTime [7] SEQUENCE {
referenceTime BACnetDateTime,
count INTEGER
}
*/
apdu_len += len;
if (data) {
data->RequestType = RR_BY_TIME;
bdate = &data->Range.RefTime.date;
btime = &data->Range.RefTime.time;
}
len = bacnet_date_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, bdate);
if (len > 0) {
apdu_len += len;
} else {
return BACNET_STATUS_ERROR;
}
len = bacnet_time_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, btime);
if (len > 0) {
apdu_len += len;
} else {
return BACNET_STATUS_ERROR;
}
len = bacnet_signed_application_decode(
&apdu[apdu_len], apdu_size - apdu_len, &signed_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->Count = signed_value;
}
} else {
return BACNET_STATUS_ERROR;
}
if (bacnet_is_closing_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 7, &len)) {
apdu_len += len;
} else {
return BACNET_STATUS_ERROR;
}
} else {
/* OPTIONAL range missing - skip adding len */
if (data) {
data->RequestType = RR_READ_ALL;
}
}
return (int)len;
return apdu_len;
}
/*
@@ -404,70 +413,134 @@ int rr_decode_service_request(
* }
*/
/**
* @brief Encode ReadRange-ACK service APDU
* @param apdu Pointer to the buffer, or NULL for length
* @param data Pointer to the data to encode.
* @return number of bytes encoded, or zero on error.
*/
int readrange_ack_encode(uint8_t *apdu, const BACNET_READ_RANGE_DATA *data)
{
int apdu_len = 0; /* total length of the apdu, return value */
int len = 0;
if (!data) {
return 0;
}
len = encode_context_object_id(
apdu, 0, data->object_type, data->object_instance);
apdu_len += len;
if (apdu) {
apdu += len;
}
len = encode_context_enumerated(apdu, 1, data->object_property);
apdu_len += len;
if (apdu) {
apdu += len;
}
/* context 2 array index is optional */
if (data->array_index != BACNET_ARRAY_ALL) {
len = encode_context_unsigned(apdu, 2, data->array_index);
apdu_len += len;
if (apdu) {
apdu += len;
}
}
/* Context 3 BACnet Result Flags */
len = encode_context_bitstring(apdu, 3, &data->ResultFlags);
apdu_len += len;
if (apdu) {
apdu += len;
}
/* Context 4 Item Count */
len = encode_context_unsigned(apdu, 4, data->ItemCount);
apdu_len += len;
if (apdu) {
apdu += len;
}
/* Context 5 Property list - reading the standard it looks like an
* empty list still requires an opening and closing tag as the
* tagged parameter is not optional
*/
len = encode_opening_tag(apdu, 5);
apdu_len += len;
if (apdu) {
apdu += len;
}
if (data->application_data_len > 0) {
for (len = 0; len < data->application_data_len; len++) {
if (apdu) {
apdu[len] = data->application_data[len];
}
}
apdu_len += len;
if (apdu) {
apdu += len;
}
}
len = encode_closing_tag(apdu, 5);
apdu_len += len;
if (apdu) {
apdu += len;
}
if ((data->ItemCount != 0) && (data->RequestType != RR_BY_POSITION) &&
(data->RequestType != RR_READ_ALL)) {
/* Context 6 Sequence number of first item */
len = encode_context_unsigned(apdu, 6, data->FirstSequence);
apdu_len += len;
}
return apdu_len;
}
/**
* @brief Encode the ReadRange-ACK service
* @param apdu Pointer to the buffer for encoding into, or NULL for length
* @param apdu_size number of bytes available in the buffer
* @param data Pointer to the service data to be encoded
* @return number of bytes encoded, or zero if unable to encode or too large
*/
size_t readrange_ack_service_encode(
uint8_t *apdu, size_t apdu_size, const BACNET_READ_RANGE_DATA *data)
{
size_t apdu_len = 0; /* total length of the apdu, return value */
apdu_len = readrange_ack_encode(NULL, data);
if (apdu_len > apdu_size) {
apdu_len = 0;
} else {
apdu_len = readrange_ack_encode(apdu, data);
}
return apdu_len;
}
/**
* Build a ReadRange response packet
*
* @param apdu Pointer to the buffer.
* @param invoke_id ID invoked.
* @param rrdata Pointer to the read range data structure used for
* encoding.
*
* @return The count of encoded bytes.
* @param invoke_id original invoke id for request
* @param data Pointer to the property data to be encoded
* @return number of bytes encoded
*/
int rr_ack_encode_apdu(
uint8_t *apdu, uint8_t invoke_id, const BACNET_READ_RANGE_DATA *rrdata)
uint8_t *apdu, uint8_t invoke_id, const BACNET_READ_RANGE_DATA *data)
{
int imax = 0;
int len = 0; /* length of each encoding */
int apdu_len = 0; /* total length of the apdu, return value */
int len = 0;
if (apdu) {
apdu[0] = PDU_TYPE_COMPLEX_ACK; /* complex ACK service */
apdu[1] = invoke_id; /* original invoke id from request */
apdu[2] = SERVICE_CONFIRMED_READ_RANGE; /* service choice */
apdu_len = 3;
/* service ack follows */
apdu_len += encode_context_object_id(
&apdu[apdu_len], 0, rrdata->object_type, rrdata->object_instance);
apdu_len += encode_context_enumerated(
&apdu[apdu_len], 1, rrdata->object_property);
/* context 2 array index is optional */
if (rrdata->array_index != BACNET_ARRAY_ALL) {
apdu_len += encode_context_unsigned(
&apdu[apdu_len], 2, rrdata->array_index);
}
/* Context 3 BACnet Result Flags */
apdu_len +=
encode_context_bitstring(&apdu[apdu_len], 3, &rrdata->ResultFlags);
/* Context 4 Item Count */
apdu_len +=
encode_context_unsigned(&apdu[apdu_len], 4, rrdata->ItemCount);
/* Context 5 Property list - reading the standard it looks like an
* empty list still requires an opening and closing tag as the
* tagged parameter is not optional
*/
apdu_len += encode_opening_tag(&apdu[apdu_len], 5);
if (rrdata->ItemCount != 0) {
imax = rrdata->application_data_len;
if (imax > (MAX_APDU - apdu_len - 2 /*closing*/)) {
imax = (MAX_APDU - apdu_len - 2);
}
for (len = 0; len < imax; len++) {
apdu[apdu_len++] = rrdata->application_data[len];
}
}
apdu_len += encode_closing_tag(&apdu[apdu_len], 5);
if ((rrdata->ItemCount != 0) &&
(rrdata->RequestType != RR_BY_POSITION) &&
(rrdata->RequestType != RR_READ_ALL)) {
/* Context 6 Sequence number of first item */
if (apdu_len < (MAX_APDU - 4)) {
apdu_len += encode_context_unsigned(
&apdu[apdu_len], 6, rrdata->FirstSequence);
}
}
}
len = 3;
apdu_len += len;
if (apdu) {
apdu += len;
}
len = readrange_ack_encode(apdu, data);
apdu_len += len;
return apdu_len;
}
@@ -475,137 +548,139 @@ int rr_ack_encode_apdu(
/**
* Decode the received ReadRange response
*
* @param apdu Pointer to the APDU buffer.
* @param apdu_len Bytes valid in the APDU buffer.
* @param rrdata Pointer to the data filled while decoding.
*
* @return Bytes decoded.
* @param apdu Pointer to the APDU buffer.
* @param apdu_size Number of bytes in the APDU buffer.
* @param data Pointer to the data filled while decoding (can be NULL).
* @return number of bytes decoded, or #BACNET_STATUS_ERROR
*/
int rr_ack_decode_service_request(
uint8_t *apdu,
int apdu_len, /* total length of the apdu */
BACNET_READ_RANGE_DATA *rrdata)
uint8_t *apdu, int apdu_size, BACNET_READ_RANGE_DATA *data)
{
uint8_t tag_number = 0;
uint32_t len_value_type = 0;
int tag_len = 0; /* length of tag decode */
int len = 0; /* total length of decodes */
int start_len;
BACNET_OBJECT_TYPE object_type = OBJECT_NONE; /* object type */
uint32_t property = 0; /* for decoding */
int apdu_len = 0;
int len = 0;
int data_len = 0;
BACNET_OBJECT_TYPE object_type = OBJECT_NONE;
uint32_t value32 = 0;
BACNET_UNSIGNED_INTEGER unsigned_value;
BACNET_BIT_STRING *bitstring = NULL;
/* Check apdu_len against the len during decode. */
if (apdu && (apdu_len >= 5 /* minimum */)) {
/* Tag 0: Object ID */
if (!decode_is_context_tag(&apdu[0], 0)) {
return -1;
if (!apdu) {
return BACNET_STATUS_ERROR;
}
/* objectIdentifier [0] BACnetObjectIdentifier */
len = bacnet_object_id_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 0, &object_type, &value32);
if (len > 0) {
apdu_len += len;
if (data) {
data->object_type = object_type;
data->object_instance = value32;
}
len = 1;
len += decode_object_id(
&apdu[len], &object_type, &rrdata->object_instance);
rrdata->object_type = object_type;
/* Tag 1: Property ID */
if (len >= apdu_len) {
return -1;
} else {
return BACNET_STATUS_ERROR;
}
/* propertyIdentifier [1] BACnetPropertyIdentifier */
len = bacnet_enumerated_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 1, &value32);
if (len > 0) {
apdu_len += len;
if (data) {
data->object_property = (BACNET_PROPERTY_ID)value32;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number != 1) {
return -1;
} else {
return BACNET_STATUS_ERROR;
}
/* propertyArrayIndex [2] Unsigned OPTIONAL */
len = bacnet_unsigned_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 2, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->array_index = (BACNET_ARRAY_INDEX)unsigned_value;
}
len += decode_enumerated(&apdu[len], len_value_type, &property);
rrdata->object_property = (BACNET_PROPERTY_ID)property;
/* Tag 2: Optional Array Index */
if (len >= apdu_len) {
return -1;
} else if (len == 0) {
/* OPTIONAL missing - skip adding len */
if (data) {
data->array_index = BACNET_ARRAY_ALL;
}
tag_len = decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number == 2) {
len += tag_len;
len += decode_unsigned(&apdu[len], len_value_type, &unsigned_value);
rrdata->array_index = (BACNET_ARRAY_INDEX)unsigned_value;
} else {
rrdata->array_index = BACNET_ARRAY_ALL;
} else {
return BACNET_STATUS_ERROR;
}
/* resultFlags [3] BACnetResultFlags */
if (data) {
bitstring = &data->ResultFlags;
}
len = bacnet_bitstring_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 3, bitstring);
if (len > 0) {
apdu_len += len;
} else {
return BACNET_STATUS_ERROR;
}
/* itemCount [4] Unsigned */
len = bacnet_unsigned_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 4, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->ItemCount = (uint32_t)unsigned_value;
}
/* Tag 3: Result Flags */
if (len >= apdu_len) {
return -1;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number != 3) {
return -1;
}
if (len >= apdu_len) {
return -1;
}
len +=
decode_bitstring(&apdu[len], len_value_type, &rrdata->ResultFlags);
/* Tag 4: Item count */
if (len >= apdu_len) {
return -1;
}
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number != 4) {
return -1;
}
if (len >= apdu_len) {
return -1;
}
len += decode_unsigned(&apdu[len], len_value_type, &unsigned_value);
rrdata->ItemCount = (uint32_t)unsigned_value;
if (len >= apdu_len) {
return -1;
}
if (decode_is_opening_tag_number(&apdu[len], 5)) {
len++; /* A tag number of 5 is not extended so only one octet
* Setup the start position and length of the data
* returned from the request don't decode the application
* tag number or its data here. */
rrdata->application_data = &apdu[len];
start_len = len;
while (len < apdu_len) {
if (IS_CONTEXT_SPECIFIC(apdu[len]) &&
(decode_is_closing_tag_number(&apdu[len], 5))) {
rrdata->application_data_len = len - start_len;
len++; /* Step over single byte closing tag */
break;
} else {
/* Don't care about tag number, just skipping over
* anyway */
len += decode_tag_number_and_value(
&apdu[len], NULL, &len_value_type);
len += len_value_type; /* Skip over data value as well */
if (len >= apdu_len) { /* APDU is exhausted so we have
* failed to find closing tag */
return (-1);
}
}
} else {
return BACNET_STATUS_ERROR;
}
/* itemData [5] SEQUENCE OF ABSTRACT-SYNTAX.&TYPE */
if (!bacnet_is_opening_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 5, &len)) {
return BACNET_STATUS_ERROR;
}
/* determine the length of the data blob
note: APDU must include the opening tag in order to find
the matching closing tag */
data_len =
bacnet_enclosed_data_length(&apdu[apdu_len], apdu_size - apdu_len);
if (data_len == BACNET_STATUS_ERROR) {
return BACNET_STATUS_ERROR;
}
/* count the opening tag number length AFTER getting the data length */
apdu_len += len;
/* sanity check */
if (data_len > MAX_APDU) {
/* not enough size in application_data to store the data chunk */
return BACNET_STATUS_ERROR;
} else if (data) {
/* don't decode the application tag number or its data here */
data->application_data = &apdu[apdu_len];
data->application_data_len = data_len;
}
apdu_len += data_len;
if (!bacnet_is_closing_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 5, &len)) {
return BACNET_STATUS_ERROR;
}
/* count the closing tag number length */
apdu_len += len;
/* firstSequenceNumber [6] Unsigned32 OPTIONAL
-- used only if 'Item Count' > 0 and
-- the request was either of type 'By Sequence Number'
-- or 'By Time' */
if (apdu_len < apdu_size) {
len = bacnet_unsigned_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 6, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (data) {
data->FirstSequence = (uint32_t)unsigned_value;
}
} else if (len == 0) {
/* OPTIONAL missing - skip adding len */
if (data) {
data->FirstSequence = 0;
}
} else {
return -1;
}
if (len < apdu_len) { /* Still something left to look at? */
/* Tag 6: FirstSequence */
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number != 6) {
return -1;
}
if (len < apdu_len) {
len += decode_unsigned(
&apdu[len], len_value_type, &unsigned_value);
rrdata->FirstSequence = (uint32_t)unsigned_value;
}
return BACNET_STATUS_ERROR;
}
}
return len;
return apdu_len;
}
src/bacnet/readrange.h
+9 -5
View File
@@ -44,14 +44,13 @@ typedef struct BACnet_Read_Range_Data {
/** Defines to indicate which type of read range request it is.
Not really a bit map but we do it like this to allow quick
checking of request against capabilities for the property */
#define RR_BY_POSITION 1
#define RR_BY_SEQUENCE 2
#define RR_BY_TIME 4
#define RR_READ_ALL \
8 /**< Read all of array - so don't send any range in the request */
#define RR_ARRAY_OF_LISTS \
16 /**< For info functionality indicates array of lists if set */
/**< Read all of the list, and don't encode OPTIONAL range in the request */
#define RR_READ_ALL 8
/**< For info functionality indicates array of lists if set */
#define RR_ARRAY_OF_LISTS 16
/** Bit String Enumerations */
typedef enum {
@@ -135,6 +134,11 @@ int rr_decode_service_request(
BACNET_STACK_EXPORT
int rr_ack_encode_apdu(
uint8_t *apdu, uint8_t invoke_id, const BACNET_READ_RANGE_DATA *rrdata);
BACNET_STACK_EXPORT
int readrange_ack_encode(uint8_t *apdu, const BACNET_READ_RANGE_DATA *data);
BACNET_STACK_EXPORT
size_t readrange_ack_service_encode(
uint8_t *apdu, size_t apdu_size, const BACNET_READ_RANGE_DATA *data);
BACNET_STACK_EXPORT
int rr_ack_decode_service_request(