Added apdu length checking in who-is decode. Now returning standard error define.
This commit is contained in:
skarg
@@ -60,17 +60,19 @@ void handler_who_is(
|
|||||||
len =
|
len =
|
||||||
whois_decode_service_request(service_request, service_len, &low_limit,
|
whois_decode_service_request(service_request, service_len, &low_limit,
|
||||||
&high_limit);
|
&high_limit);
|
||||||
if (len == 0)
|
if (len == 0) {
|
||||||
Send_I_Am(&Handler_Transmit_Buffer[0]);
|
Send_I_Am(&Handler_Transmit_Buffer[0]);
|
||||||
else if (len != -1) {
|
} else if (len != BACNET_STATUS_ERROR) {
|
||||||
/* is my device id within the limits? */
|
/* is my device id within the limits? */
|
||||||
|
/* or */
|
||||||
|
/* BACnet wildcard is the max instance number - everyone responds */
|
||||||
if (((Device_Object_Instance_Number() >= (uint32_t) low_limit) &&
|
if (((Device_Object_Instance_Number() >= (uint32_t) low_limit) &&
|
||||||
(Device_Object_Instance_Number() <= (uint32_t) high_limit))
|
(Device_Object_Instance_Number() <= (uint32_t) high_limit))
|
||||||
||
|
||
|
||||||
/* BACnet wildcard is the max instance number - everyone responds */
|
|
||||||
((BACNET_MAX_INSTANCE >= (uint32_t) low_limit) &&
|
((BACNET_MAX_INSTANCE >= (uint32_t) low_limit) &&
|
||||||
(BACNET_MAX_INSTANCE <= (uint32_t) high_limit)))
|
(BACNET_MAX_INSTANCE <= (uint32_t) high_limit))) {
|
||||||
Send_I_Am(&Handler_Transmit_Buffer[0]);
|
Send_I_Am(&Handler_Transmit_Buffer[0]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|||||||
+75
-28
@@ -81,22 +81,46 @@ int whois_decode_service_request(
|
|||||||
if (apdu_len) {
|
if (apdu_len) {
|
||||||
len +=
|
len +=
|
||||||
decode_tag_number_and_value(&apdu[len], &tag_number, &len_value);
|
decode_tag_number_and_value(&apdu[len], &tag_number, &len_value);
|
||||||
if (tag_number != 0)
|
if (tag_number != 0) {
|
||||||
return -1;
|
return BACNET_STATUS_ERROR;
|
||||||
len += decode_unsigned(&apdu[len], len_value, &decoded_value);
|
|
||||||
if (decoded_value <= BACNET_MAX_INSTANCE) {
|
|
||||||
if (pLow_limit)
|
|
||||||
*pLow_limit = decoded_value;
|
|
||||||
}
|
}
|
||||||
len +=
|
if (apdu_len > len) {
|
||||||
decode_tag_number_and_value(&apdu[len], &tag_number, &len_value);
|
len += decode_unsigned(&apdu[len], len_value, &decoded_value);
|
||||||
if (tag_number != 1)
|
if (decoded_value <= BACNET_MAX_INSTANCE) {
|
||||||
return -1;
|
if (pLow_limit) {
|
||||||
len += decode_unsigned(&apdu[len], len_value, &decoded_value);
|
*pLow_limit = decoded_value;
|
||||||
if (decoded_value <= BACNET_MAX_INSTANCE) {
|
}
|
||||||
if (pHigh_limit)
|
}
|
||||||
*pHigh_limit = decoded_value;
|
if (apdu_len > len) {
|
||||||
|
len +=
|
||||||
|
decode_tag_number_and_value(&apdu[len], &tag_number, &len_value);
|
||||||
|
if (tag_number != 1) {
|
||||||
|
return BACNET_STATUS_ERROR;
|
||||||
|
}
|
||||||
|
if (apdu_len > len) {
|
||||||
|
len += decode_unsigned(&apdu[len], len_value, &decoded_value);
|
||||||
|
if (decoded_value <= BACNET_MAX_INSTANCE) {
|
||||||
|
if (pHigh_limit) {
|
||||||
|
*pHigh_limit = decoded_value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return BACNET_STATUS_ERROR;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return BACNET_STATUS_ERROR;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return BACNET_STATUS_ERROR;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if (pLow_limit) {
|
||||||
|
*pLow_limit = -1;
|
||||||
|
}
|
||||||
|
if (pHigh_limit) {
|
||||||
|
*pHigh_limit = -1;
|
||||||
|
}
|
||||||
|
len = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return len;
|
return len;
|
||||||
@@ -115,15 +139,18 @@ int whois_decode_apdu(
|
|||||||
{
|
{
|
||||||
int len = 0;
|
int len = 0;
|
||||||
|
|
||||||
if (!apdu)
|
if (!apdu) {
|
||||||
return -1;
|
return BACNET_STATUS_ERROR;
|
||||||
/* optional checking - most likely was already done prior to this call */
|
}
|
||||||
if (apdu[0] != PDU_TYPE_UNCONFIRMED_SERVICE_REQUEST)
|
|
||||||
return -1;
|
|
||||||
if (apdu[1] != SERVICE_UNCONFIRMED_WHO_IS)
|
|
||||||
return -1;
|
|
||||||
/* optional limits - must be used as a pair */
|
/* optional limits - must be used as a pair */
|
||||||
if (apdu_len > 2) {
|
if (apdu_len >= 2) {
|
||||||
|
/* optional checking - most likely was already done prior to this call */
|
||||||
|
if (apdu[0] != PDU_TYPE_UNCONFIRMED_SERVICE_REQUEST) {
|
||||||
|
return BACNET_STATUS_ERROR;
|
||||||
|
}
|
||||||
|
if (apdu[1] != SERVICE_UNCONFIRMED_WHO_IS) {
|
||||||
|
return BACNET_STATUS_ERROR;
|
||||||
|
}
|
||||||
len =
|
len =
|
||||||
whois_decode_service_request(&apdu[2], apdu_len - 2, pLow_limit,
|
whois_decode_service_request(&apdu[2], apdu_len - 2, pLow_limit,
|
||||||
pHigh_limit);
|
pHigh_limit);
|
||||||
@@ -140,35 +167,55 @@ void testWhoIs(
|
|||||||
int apdu_len = 0;
|
int apdu_len = 0;
|
||||||
int32_t low_limit = -1;
|
int32_t low_limit = -1;
|
||||||
int32_t high_limit = -1;
|
int32_t high_limit = -1;
|
||||||
int32_t test_low_limit = -1;
|
int32_t test_low_limit = 0;
|
||||||
int32_t test_high_limit = -1;
|
int32_t test_high_limit = 0;
|
||||||
|
|
||||||
|
/* normal who-is without limits */
|
||||||
len = whois_encode_apdu(&apdu[0], low_limit, high_limit);
|
len = whois_encode_apdu(&apdu[0], low_limit, high_limit);
|
||||||
ct_test(pTest, len != 0);
|
ct_test(pTest, len > 0);
|
||||||
apdu_len = len;
|
apdu_len = len;
|
||||||
|
|
||||||
len =
|
len =
|
||||||
whois_decode_apdu(&apdu[0], apdu_len, &test_low_limit,
|
whois_decode_apdu(&apdu[0], apdu_len, &test_low_limit,
|
||||||
&test_high_limit);
|
&test_high_limit);
|
||||||
ct_test(pTest, len != -1);
|
ct_test(pTest, len != BACNET_STATUS_ERROR);
|
||||||
ct_test(pTest, test_low_limit == low_limit);
|
ct_test(pTest, test_low_limit == low_limit);
|
||||||
ct_test(pTest, test_high_limit == high_limit);
|
ct_test(pTest, test_high_limit == high_limit);
|
||||||
|
|
||||||
|
/* normal who-is with limits - complete range */
|
||||||
for (low_limit = 0; low_limit <= BACNET_MAX_INSTANCE;
|
for (low_limit = 0; low_limit <= BACNET_MAX_INSTANCE;
|
||||||
low_limit += (BACNET_MAX_INSTANCE / 4)) {
|
low_limit += (BACNET_MAX_INSTANCE / 4)) {
|
||||||
for (high_limit = 0; high_limit <= BACNET_MAX_INSTANCE;
|
for (high_limit = 0; high_limit <= BACNET_MAX_INSTANCE;
|
||||||
high_limit += (BACNET_MAX_INSTANCE / 4)) {
|
high_limit += (BACNET_MAX_INSTANCE / 4)) {
|
||||||
len = whois_encode_apdu(&apdu[0], low_limit, high_limit);
|
len = whois_encode_apdu(&apdu[0], low_limit, high_limit);
|
||||||
apdu_len = len;
|
apdu_len = len;
|
||||||
ct_test(pTest, len != 0);
|
ct_test(pTest, len > 0);
|
||||||
len =
|
len =
|
||||||
whois_decode_apdu(&apdu[0], apdu_len, &test_low_limit,
|
whois_decode_apdu(&apdu[0], apdu_len, &test_low_limit,
|
||||||
&test_high_limit);
|
&test_high_limit);
|
||||||
ct_test(pTest, len != -1);
|
ct_test(pTest, len != BACNET_STATUS_ERROR);
|
||||||
ct_test(pTest, test_low_limit == low_limit);
|
ct_test(pTest, test_low_limit == low_limit);
|
||||||
ct_test(pTest, test_high_limit == high_limit);
|
ct_test(pTest, test_high_limit == high_limit);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* abnormal case:
|
||||||
|
who-is with no limits, but with APDU containing 2 limits */
|
||||||
|
low_limit = 0;
|
||||||
|
high_limit = 0;
|
||||||
|
len = whois_encode_apdu(&apdu[0], low_limit, high_limit);
|
||||||
|
ct_test(pTest, len > 0);
|
||||||
|
apdu_len = len;
|
||||||
|
low_limit = -1;
|
||||||
|
high_limit = -1;
|
||||||
|
len = whois_encode_apdu(&apdu[0], low_limit, high_limit);
|
||||||
|
ct_test(pTest, len > 0);
|
||||||
|
apdu_len = len;
|
||||||
|
len =
|
||||||
|
whois_decode_apdu(&apdu[0], apdu_len, &test_low_limit,
|
||||||
|
&test_high_limit);
|
||||||
|
ct_test(pTest, len != BACNET_STATUS_ERROR);
|
||||||
|
ct_test(pTest, test_low_limit == low_limit);
|
||||||
|
ct_test(pTest, test_high_limit == high_limit);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef TEST_WHOIS
|
#ifdef TEST_WHOIS
|
||||||
|
|||||||
Reference in New Issue
Block a user