dali/bacnet_stack
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Bugfix/fix write property decode deprecated (#499)

Browse Source 
* fixed WriteProperty to use secure decode. Improve unit testing.

---------

Co-authored-by: Steve Karg <skarg@users.sourceforge.net>
This commit is contained in:
Steve Karg
2023-09-16 10:23:08 -05:00
committed by GitHub
parent 75286cffe4
commit b0749572f6
5 changed files with 238 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bacnet/bacapp.c
+1 -1
View File
@@ -1531,7 +1531,7 @@ bool bacapp_copy(BACNET_APPLICATION_DATA_VALUE *dest_value,
* @param apdu_len_max Bytes valid in the buffer
* @param property ID of the property to get the length for.
*
* @return Length in bytes or BACNET_STATUS_ERROR.
* @return Length in bytes 0..N, or BACNET_STATUS_ERROR.
*/
int bacapp_data_len(
uint8_t *apdu, unsigned apdu_len_max, BACNET_PROPERTY_ID property)
src/bacnet/wp.c
+164 -97
View File
@@ -40,9 +40,22 @@
/** @file wp.c Encode/Decode BACnet Write Property APDUs */
#if BACNET_SVC_WP_A
/** Initialize the APDU for encode service.
/**
* @brief Initialize the APDU for encode service.
*
* @param apdu Pointer to the buffer.
* WriteProperty-Request ::= SEQUENCE {
* object-identifier [0] BACnetObjectIdentifier,
* property-identifier [1] BACnetPropertyIdentifier,
* property-array-index [2] Unsigned OPTIONAL,
* -- used only with array datatype
* -- if omitted with an array the entire
* -- array is referenced
* property-value [3] ABSTRACT-SYNTAX.&Type,
* priority [4] Unsigned (1..16) OPTIONAL
* - used only when property is commandable
* }
*
* @param apdu Pointer to the buffer, or NULL for length
* @param invoke_id ID of service invoked.
* @param wpdata Pointer to the write property data.
*
@@ -55,66 +68,96 @@ int wp_encode_apdu(
int len = 0; /* total length of the apdu, return value */
int imax = 0; /* maximum application data length */
if (!wpdata) {
return BACNET_STATUS_ERROR;
}
if (apdu) {
apdu[0] = PDU_TYPE_CONFIRMED_SERVICE_REQUEST;
apdu[1] = encode_max_segs_max_apdu(0, MAX_APDU);
apdu[2] = invoke_id;
apdu[3] = SERVICE_CONFIRMED_WRITE_PROPERTY; /* service choice */
apdu_len = 4;
len = encode_context_object_id(
&apdu[apdu_len], 0, wpdata->object_type, wpdata->object_instance);
}
len = 4;
apdu_len += len;
if (apdu) {
apdu += len;
}
len = encode_context_object_id(
apdu, 0, wpdata->object_type, wpdata->object_instance);
apdu_len += len;
if (apdu) {
apdu += len;
}
len = encode_context_enumerated(apdu, 1, wpdata->object_property);
apdu_len += len;
if (apdu) {
apdu += len;
}
/* optional array index; ALL is -1 which is assumed when missing */
if (wpdata->array_index != BACNET_ARRAY_ALL) {
len = encode_context_unsigned(apdu, 2, wpdata->array_index);
apdu_len += len;
len = encode_context_enumerated(
&apdu[apdu_len], 1, wpdata->object_property);
if (apdu) {
apdu += len;
}
}
/* propertyValue */
len = encode_opening_tag(apdu, 3);
apdu_len += len;
if (apdu) {
apdu += len;
}
for (len = 0; len < wpdata->application_data_len; len++) {
if (apdu) {
*apdu = wpdata->application_data[len];
apdu += 1;
}
apdu_len++;
}
len = encode_closing_tag(apdu, 3);
apdu_len += len;
if (apdu) {
apdu += len;
}
/* optional priority - 0 if not set, 1..16 if set */
if (wpdata->priority != BACNET_NO_PRIORITY) {
len = encode_context_unsigned(apdu, 4, wpdata->priority);
apdu_len += len;
/* optional array index; ALL is -1 which is assumed when missing */
if (wpdata->array_index != BACNET_ARRAY_ALL) {
len = encode_context_unsigned(
&apdu[apdu_len], 2, wpdata->array_index);
apdu_len += len;
}
/* propertyValue */
len = encode_opening_tag(&apdu[apdu_len], 3);
apdu_len += len;
imax = wpdata->application_data_len;
if (imax > (MAX_APDU - 2 /*closing*/ - apdu_len)) {
imax = MAX_APDU - 2 - apdu_len;
}
for (len = 0; len < imax; len++) {
apdu[apdu_len + len] = wpdata->application_data[len];
}
apdu_len += imax;
len = encode_closing_tag(&apdu[apdu_len], 3);
apdu_len += len;
/* optional priority - 0 if not set, 1..16 if set */
if (wpdata->priority != BACNET_NO_PRIORITY) {
len = encode_context_unsigned(&apdu[apdu_len], 4, wpdata->priority);
apdu_len += len;
}
}
return apdu_len;
}
#endif
/** Decode the service request only
/**
* @brief Decode the service request only
*
* FIXME: there could be various error messages returned
* using unique values less than zero.
* WriteProperty-Request ::= SEQUENCE {
* object-identifier [0] BACnetObjectIdentifier,
* property-identifier [1] BACnetPropertyIdentifier,
* property-array-index [2] Unsigned OPTIONAL,
* -- used only with array datatype
* -- if omitted with an array the entire
* -- array is referenced
* property-value [3] ABSTRACT-SYNTAX.&Type,
* priority [4] Unsigned (1..16) OPTIONAL
* - used only when property is commandable
* }
*
* @param apdu Pointer to the buffer.
* @param apdu_len Valid bytes in the buffer
* @param apdu_size Valid bytes in the buffer
* @param wpdata Pointer to the write property data.
*
* @return Bytes encoded or a negative value as error.
* @return number of bytes decoded, or #BACNET_STATUS_ERROR
*/
int wp_decode_service_request(
uint8_t *apdu, unsigned apdu_len, BACNET_WRITE_PROPERTY_DATA *wpdata)
uint8_t *apdu, unsigned apdu_size, BACNET_WRITE_PROPERTY_DATA *wpdata)
{
int len = 0;
int apdu_len = 0;
int tag_len = 0;
uint8_t tag_number = 0;
uint32_t len_value_type = 0;
uint32_t instance = 0;
BACNET_OBJECT_TYPE type = OBJECT_NONE; /* for decoding */
uint32_t property = 0; /* for decoding */
BACNET_UNSIGNED_INTEGER unsigned_value = 0;
@@ -122,80 +165,104 @@ int wp_decode_service_request(
int imax = 0; /* max application data length */
/* check for value pointers */
if (apdu_len && wpdata) {
/* Tag 0: Object ID */
if (!decode_is_context_tag(&apdu[len++], 0)) {
return -1;
if (!apdu) {
return BACNET_STATUS_ERROR;
}
/* object-identifier [0] BACnetObjectIdentifier */
len = bacnet_object_id_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 0, &type, &instance);
if (len > 0) {
if (instance > BACNET_MAX_INSTANCE) {
return BACNET_STATUS_ERROR;
}
len += decode_object_id(&apdu[len], &type, &wpdata->object_instance);
wpdata->object_type = type;
/* Tag 1: Property ID */
len += decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number != 1) {
return -1;
apdu_len += len;
if (wpdata) {
wpdata->object_type = type;
wpdata->object_instance = instance;
}
len += decode_enumerated(&apdu[len], len_value_type, &property);
wpdata->object_property = (BACNET_PROPERTY_ID)property;
/* Tag 2: Optional Array Index */
/* note: decode without incrementing len so we can check for opening tag
*/
tag_len = decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number == 2) {
len += tag_len;
len += decode_unsigned(&apdu[len], len_value_type, &unsigned_value);
} else {
return BACNET_STATUS_ERROR;
}
/* property-identifier [1] BACnetPropertyIdentifier */
len = bacnet_enumerated_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 1, &property);
if (len > 0) {
apdu_len += len;
if (wpdata) {
wpdata->object_property = (BACNET_PROPERTY_ID)property;
}
} else {
return BACNET_STATUS_ERROR;
}
/* property-array-index [2] Unsigned OPTIONAL */
len = bacnet_unsigned_context_decode(
&apdu[apdu_len], apdu_size - apdu_len, 2, &unsigned_value);
if (len > 0) {
apdu_len += len;
if (wpdata) {
wpdata->array_index = unsigned_value;
} else {
}
} else {
/* wrong tag - skip apdu_len increment and go to next field */
if (wpdata) {
wpdata->array_index = BACNET_ARRAY_ALL;
}
/* Tag 3: opening context tag */
if (!decode_is_opening_tag_number(&apdu[len], 3)) {
return -1;
}
/* determine the length of the data blob */
imax = bacapp_data_len(
&apdu[len], apdu_len - len, (BACNET_PROPERTY_ID)property);
if (imax == BACNET_STATUS_ERROR) {
return -2;
}
/* a tag number of 3 is not extended so only one octet */
len++;
/* copy the data from the APDU */
if (imax > (MAX_APDU - len - 1 /*closing*/)) {
imax = (MAX_APDU - len - 1);
}
}
/* property-value [3] ABSTRACT-SYNTAX.&Type */
if (!bacnet_is_opening_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 3, &len)) {
return BACNET_STATUS_ERROR;
}
/* determine the length of the data blob */
imax = bacapp_data_len(
&apdu[apdu_len], apdu_size - apdu_len, (BACNET_PROPERTY_ID)property);
if (imax == BACNET_STATUS_ERROR) {
return BACNET_STATUS_ERROR;
}
/* count the opening tag number length */
apdu_len += len;
/* copy the data from the APDU */
if (imax > MAX_APDU) {
/* not enough size in application_data to store the data chunk */
return BACNET_STATUS_ERROR;
} else if (wpdata) {
for (i = 0; i < imax; i++) {
wpdata->application_data[i] = apdu[len + i];
wpdata->application_data[i] = apdu[apdu_len + i];
}
wpdata->application_data_len = imax;
/* add on the data length */
len += imax;
if (!decode_is_closing_tag_number(&apdu[len], 3)) {
return -2;
}
/* a tag number of 3 is not extended so only one octet */
len++;
/* Tag 4: optional Priority - assumed MAX if not explicitly set */
}
/* add on the data length */
apdu_len += imax;
if (!bacnet_is_closing_tag_number(
&apdu[apdu_len], apdu_size - apdu_len, 3, &len)) {
return BACNET_STATUS_ERROR;
}
/* count the closing tag number length */
apdu_len += len;
/* priority [4] Unsigned (1..16) OPTIONAL */
/* assumed MAX priority if not explicitly set */
if (wpdata) {
wpdata->priority = BACNET_MAX_PRIORITY;
if ((unsigned)len < apdu_len) {
tag_len = decode_tag_number_and_value(
&apdu[len], &tag_number, &len_value_type);
if (tag_number == 4) {
len += tag_len;
len = decode_unsigned(
&apdu[len], len_value_type, &unsigned_value);
if ((unsigned_value >= BACNET_MIN_PRIORITY) &&
(unsigned_value <= BACNET_MAX_PRIORITY)) {
}
if ((unsigned)apdu_len < apdu_size) {
len = bacnet_unsigned_context_decode(
&apdu[apdu_len], apdu_len - apdu_size, 4, &unsigned_value);
if (len > 0) {
apdu_len += len;
if ((unsigned_value >= BACNET_MIN_PRIORITY) &&
(unsigned_value <= BACNET_MAX_PRIORITY)) {
if (wpdata) {
wpdata->priority = (uint8_t)unsigned_value;
} else {
return -5;
}
} else {
return BACNET_STATUS_ERROR;
}
} else {
return BACNET_STATUS_ERROR;
}
}
return len;
return apdu_len;
}
/**