Added a check for apdu_len exceeding MAX_APDU in apdu_handler() for confirmed service and ignore the message if the APDU portion of the message is too long. (#696)

2024-07-17 19:13:56 +02:00
parent a94917b106
commit a12c552601
1 changed files with 3 additions and 1 deletions
@@ -468,7 +468,9 @@ uint16_t apdu_decode_confirmed_service_request(uint8_t *apdu, /* APDU data */
                return 0;
            }
        }
-        if (apdu_len == (len + 1)) {
+        if (apdu_len > MAX_APDU){
+            return 0;
+        } else if (apdu_len == (len + 1)) {
            /* no request data as seen with Inneasoft BACnet Explorer */
            *service_choice = apdu[len++];
            *service_request = NULL;