dali/bacnet_stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a check for apdu_len exceeding MAX_APDU in apdu_handler() for confirmed service and ignore the message if the APDU portion of the message is too long. (#696)

Browse Source
This commit is contained in:
GauiStori
2024-07-17 19:13:56 +02:00
committed by GitHub
parent a94917b106
commit a12c552601
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bacnet/basic/service/h_apdu.c
+3 -1
View File
@@ -468,7 +468,9 @@ uint16_t apdu_decode_confirmed_service_request(uint8_t *apdu, /* APDU data */
return 0; return 0;
} }
} }
if (apdu_len == (len + 1)) { if (apdu_len > MAX_APDU){
return 0;
} else if (apdu_len == (len + 1)) {
/* no request data as seen with Inneasoft BACnet Explorer */ /* no request data as seen with Inneasoft BACnet Explorer */
*service_choice = apdu[len++]; *service_choice = apdu[len++];
*service_request = NULL; *service_request = NULL;