Secure BACnet decoders and service requests (#1244)
* Secured BACnetAssignedAccessRights decoder. * Secured BACnetPropertyState decoder. * Secured BACnetCredentialAuthenticationFactor decoder. * Secured BACnetEventState change-of-state [1] SEQUENCE decoder. * Secured I-Have-Request service decoder. * Secured Add/Remove ListElement service request decoder. * Secured ConfirmedPrivateTransfer-Request and UnconfirmedPrivateTransfer-Request decoders. * Secured ReadPropertyMultiple-Request and -Ack decoders. * Secured TimeSynchronization-Request decoder. * Secured WritePropertyMultiple service decoders * Secured Trend Log object TL_fetch_property() function. * Secured ReadProperty-Ack decider, * Refactor BACnet time sync recipient handling by moving timesync linked list structure into bacdest where the recipient encoder and decoder already existed. * Secured decoding of BACnetPropertyState. * Secured decoding in the LifeSafetyOperation-Request service. * Secured BACnetAuthenticationFactor decoding in the Credential Data Input object. * Fixed WriteProperty decoder to avoid read buffer overrun. Improved WriteProperty error reporting by adding specific reject codes during decoding similar to WritePropertyMultiple. Deduplicated the WriteProperty handling of abort, reject and error codes. * Added BACNET_STACK_DEPRECATED_DISABLE guards around all of the deprecated decoding functions to ensure they are not used except intentionally for legacy code bases. * Changed version to 1.5.0.rc5 for security fix tracking in branch.
This commit is contained in:
Steve Karg
@@ -558,6 +558,53 @@ int bacnet_recipient_encode(uint8_t *apdu, const BACNET_RECIPIENT *recipient)
|
||||
return apdu_len;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Encode a list of BACnetRecipient complex data types
|
||||
* @param apdu Pointer to the buffer for encoding.
|
||||
* @param list_head Pointer to the head of the linked list of BACnetRecipient
|
||||
* @return bytes encoded or zero if nothing is encoded
|
||||
*/
|
||||
int bacnet_recipient_list_encode(
|
||||
uint8_t *apdu, BACNET_RECIPIENT_LIST *list_head)
|
||||
{
|
||||
int apdu_len = 0, len = 0;
|
||||
BACNET_RECIPIENT_LIST *list_entry;
|
||||
|
||||
if (!list_head) {
|
||||
/* encoded nothing */
|
||||
return 0;
|
||||
}
|
||||
/* how big? */
|
||||
list_entry = list_head;
|
||||
while (list_entry != NULL) {
|
||||
len = bacnet_recipient_encode(apdu, &list_entry->recipient);
|
||||
apdu_len += len;
|
||||
if (apdu) {
|
||||
apdu += len;
|
||||
}
|
||||
list_entry = list_entry->next;
|
||||
}
|
||||
|
||||
return apdu_len;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Convert an array of BACnetRecipient to linked list
|
||||
* @param array pointer to element zero of the array
|
||||
* @param size number of elements in the array
|
||||
*/
|
||||
void bacnet_recipient_list_link_array(BACNET_RECIPIENT_LIST *array, size_t size)
|
||||
{
|
||||
size_t i = 0;
|
||||
|
||||
for (i = 0; i < size; i++) {
|
||||
if (i > 0) {
|
||||
array[i - 1].next = &array[i];
|
||||
}
|
||||
array[i].next = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Encode a BACnetRecipient complex data type
|
||||
* @param apdu - the APDU buffer
|
||||
|
||||
Reference in New Issue
Block a user