Fix bacdevobjpropref module decode buffer overflow reads (#541)
Co-authored-by: Steve Karg <skarg@users.sourceforge.net>
This commit is contained in:
Steve Karg
@@ -1,27 +1,27 @@
|
||||
/**************************************************************************
|
||||
*
|
||||
* Copyright (C) 2008 John Minack
|
||||
* Copyright (C) 2022 Steve Karg <skarg@users.sourceforge.net>
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining
|
||||
* a copy of this software and associated documentation files (the
|
||||
* "Software"), to deal in the Software without restriction, including
|
||||
* without limitation the rights to use, copy, modify, merge, publish,
|
||||
* distribute, sublicense, and/or sell copies of the Software, and to
|
||||
* permit persons to whom the Software is furnished to do so, subject to
|
||||
* the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included
|
||||
* in all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*********************************************************************/
|
||||
*
|
||||
* Copyright (C) 2008 John Minack
|
||||
* Copyright (C) 2022 Steve Karg <skarg@users.sourceforge.net>
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining
|
||||
* a copy of this software and associated documentation files (the
|
||||
* "Software"), to deal in the Software without restriction, including
|
||||
* without limitation the rights to use, copy, modify, merge, publish,
|
||||
* distribute, sublicense, and/or sell copies of the Software, and to
|
||||
* permit persons to whom the Software is furnished to do so, subject to
|
||||
* the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included
|
||||
* in all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*********************************************************************/
|
||||
#ifndef _BAC_DEV_PROP_REF_H_
|
||||
#define _BAC_DEV_PROP_REF_H_
|
||||
|
||||
@@ -32,6 +32,7 @@
|
||||
#include "bacnet/bacdef.h"
|
||||
#include "bacnet/bacint.h"
|
||||
#include "bacnet/bacenum.h"
|
||||
#include "bacnet/basic/sys/platform.h"
|
||||
|
||||
typedef struct BACnetDeviceObjectPropertyReference {
|
||||
/* number type first to avoid enum cast warning on = { 0 } */
|
||||
@@ -46,7 +47,7 @@ typedef struct BACnetDeviceObjectPropertyReference {
|
||||
* to an object inside this Device.
|
||||
*/
|
||||
typedef struct BACnetDeviceObjectReference {
|
||||
BACNET_OBJECT_ID deviceIdentifier; /**< Optional, for external device. */
|
||||
BACNET_OBJECT_ID deviceIdentifier; /**< Optional, for external device. */
|
||||
BACNET_OBJECT_ID objectIdentifier;
|
||||
} BACNET_DEVICE_OBJECT_REFERENCE;
|
||||
|
||||
@@ -71,73 +72,82 @@ typedef struct BACnet_Object_Property_Reference {
|
||||
extern "C" {
|
||||
#endif /* __cplusplus */
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_device_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_device_obj_property_ref(
|
||||
uint8_t *apdu, BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_context_device_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_context_device_obj_property_ref(uint8_t *apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_device_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_DEPRECATED(
|
||||
"Use bacnet_device_object_property_reference_decode() instead")
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_device_obj_property_ref(
|
||||
uint8_t *apdu, BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_context_device_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_DEPRECATED(
|
||||
"Use bacnet_device_object_property_reference_context_decode() instead")
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_context_device_obj_property_ref(uint8_t *apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_device_obj_ref(
|
||||
uint8_t * apdu,
|
||||
BACNET_DEVICE_OBJECT_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_device_obj_ref(
|
||||
uint8_t *apdu, BACNET_DEVICE_OBJECT_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_context_device_obj_ref(
|
||||
uint8_t * apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_context_device_obj_ref(
|
||||
uint8_t *apdu, uint8_t tag_number, BACNET_DEVICE_OBJECT_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_device_obj_ref(
|
||||
uint8_t * apdu,
|
||||
BACNET_DEVICE_OBJECT_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_device_obj_ref(
|
||||
uint8_t *apdu, BACNET_DEVICE_OBJECT_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_context_device_obj_ref(
|
||||
uint8_t * apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_context_device_obj_ref(
|
||||
uint8_t *apdu, uint8_t tag_number, BACNET_DEVICE_OBJECT_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
BACNET_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_obj_property_ref(
|
||||
uint8_t *apdu, BACNET_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_context_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
uint8_t tag_number,
|
||||
BACNET_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_encode_context_obj_property_ref(
|
||||
uint8_t *apdu, uint8_t tag_number, BACNET_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
uint16_t apdu_len_max,
|
||||
BACNET_OBJECT_PROPERTY_REFERENCE * value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_obj_property_ref(uint8_t *apdu,
|
||||
uint16_t apdu_len_max,
|
||||
BACNET_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_context_obj_property_ref(uint8_t *apdu,
|
||||
uint16_t apdu_len_max,
|
||||
uint8_t tag_number,
|
||||
BACNET_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacnet_device_object_property_reference_decode(uint8_t *apdu,
|
||||
uint32_t apdu_size,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE *value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacnet_device_object_property_reference_context_decode(uint8_t *apdu,
|
||||
uint32_t apdu_size,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_PROPERTY_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacnet_device_object_reference_decode(
|
||||
uint8_t *apdu, uint32_t apdu_size, BACNET_DEVICE_OBJECT_REFERENCE *value);
|
||||
BACNET_STACK_EXPORT
|
||||
int bacnet_device_object_reference_context_decode(uint8_t *apdu,
|
||||
uint32_t apdu_size,
|
||||
uint8_t tag_number,
|
||||
BACNET_DEVICE_OBJECT_REFERENCE *value);
|
||||
|
||||
BACNET_STACK_EXPORT
|
||||
int bacapp_decode_context_obj_property_ref(
|
||||
uint8_t * apdu,
|
||||
uint16_t apdu_len_max,
|
||||
uint8_t tag_number,
|
||||
BACNET_OBJECT_PROPERTY_REFERENCE * value);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user