Bugfix/service request refactor size check (#553)

* refactor service requests from service header

* add APDU size checking and length feature

* add unit tests to check for length when passing NULL buffer

---------

Co-authored-by: Steve Karg <skarg@users.sourceforge.net>

test/bacnet/dcc/src/main.c

@@ -20,60 +20,74 @@
  * @brief Test
  */
 static int dcc_decode_apdu(uint8_t *apdu,
-    unsigned apdu_len,
+    unsigned apdu_size,
     uint8_t *invoke_id,
     uint16_t *timeDuration,
     BACNET_COMMUNICATION_ENABLE_DISABLE *enable_disable,
     BACNET_CHARACTER_STRING *password)
 {
     int len = 0;
-    unsigned offset = 0;
+    unsigned apdu_len = 0;
 
-    if (!apdu)
-        return -1;
-    /* optional checking - most likely was already done prior to this call */
-    if (apdu[0] != PDU_TYPE_CONFIRMED_SERVICE_REQUEST)
-        return -1;
-    /*  apdu[1] = encode_max_segs_max_apdu(0, MAX_APDU); */
-    *invoke_id = apdu[2]; /* invoke id - filled in by net layer */
-    if (apdu[3] != SERVICE_CONFIRMED_DEVICE_COMMUNICATION_CONTROL)
-        return -1;
-    offset = 4;
-
-    if (apdu_len > offset) {
-        len = dcc_decode_service_request(&apdu[offset], apdu_len - offset,
+    if (!apdu) {
+        return BACNET_STATUS_ERROR;
+    }
+    if (apdu_size > 4) {
+        if (apdu[0] != PDU_TYPE_CONFIRMED_SERVICE_REQUEST) {
+            return BACNET_STATUS_ERROR;
+        }
+        /*  apdu[1] = encode_max_segs_max_apdu(0, MAX_APDU); */
+        *invoke_id = apdu[2]; /* invoke id - filled in by net layer */
+        if (apdu[3] != SERVICE_CONFIRMED_DEVICE_COMMUNICATION_CONTROL) {
+            return BACNET_STATUS_ERROR;
+        }
+        apdu_len = 4;
+    } else {
+        return BACNET_STATUS_ERROR;
+    }
+    if (apdu_size > apdu_len) {
+        len = dcc_decode_service_request(&apdu[apdu_len], apdu_size - apdu_len,
             timeDuration, enable_disable, password);
+        if (len > 0) {
+            apdu_len += len;
+        } else {
+            apdu_len = len;
+        }
     }
 
-    return len;
+    return apdu_len;
 }
 
-static void test_DeviceCommunicationControlData(
-    uint8_t invoke_id,
+static void test_DeviceCommunicationControlData(uint8_t invoke_id,
     uint16_t timeDuration,
     BACNET_COMMUNICATION_ENABLE_DISABLE enable_disable,
     BACNET_CHARACTER_STRING *password)
 {
     uint8_t apdu[480] = { 0 };
-    int len = 0;
-    int apdu_len = 0;
+    int apdu_size = 0, null_len = 0, test_len = 0;
     uint8_t test_invoke_id = 0;
     uint16_t test_timeDuration = 0;
     BACNET_COMMUNICATION_ENABLE_DISABLE test_enable_disable;
     BACNET_CHARACTER_STRING test_password;
 
-    len = dcc_encode_apdu(
+    null_len = dcc_encode_apdu(
+        NULL, invoke_id, timeDuration, enable_disable, password);
+    apdu_size = dcc_encode_apdu(
         &apdu[0], invoke_id, timeDuration, enable_disable, password);
-    zassert_not_equal(len, 0, NULL);
-    apdu_len = len;
+    zassert_equal(apdu_size, null_len, NULL);
+    zassert_not_equal(apdu_size, 0, NULL);
 
-    len = dcc_decode_apdu(&apdu[0], apdu_len, &test_invoke_id,
+    test_len = dcc_decode_apdu(&apdu[0], apdu_size, &test_invoke_id,
         &test_timeDuration, &test_enable_disable, &test_password);
-    zassert_not_equal(len, -1, NULL);
+    zassert_not_equal(test_len, -1, NULL);
     zassert_equal(test_invoke_id, invoke_id, NULL);
     zassert_equal(test_timeDuration, timeDuration, NULL);
     zassert_equal(test_enable_disable, enable_disable, NULL);
     zassert_true(characterstring_same(&test_password, password), NULL);
+    test_len = dcc_decode_apdu(apdu, 4, &test_invoke_id,
+        &test_timeDuration, &test_enable_disable, &test_password);
+    zassert_true(test_len < 0, "apdu_size=%d test_len=%d",
+        apdu_size, test_len);
 }
 
 #if defined(CONFIG_ZTEST_NEW_API)
@@ -149,16 +163,14 @@ static void test_DeviceCommunicationControlMalformedData(void)
  * @}
  */
 
-
 #if defined(CONFIG_ZTEST_NEW_API)
 ZTEST_SUITE(dcc_tests, NULL, NULL, NULL, NULL, NULL);
 #else
 void test_main(void)
 {
     ztest_test_suite(dcc_tests,
-     ztest_unit_test(test_DeviceCommunicationControl),
-     ztest_unit_test(test_DeviceCommunicationControlMalformedData)
-     );
+        ztest_unit_test(test_DeviceCommunicationControl),
+        ztest_unit_test(test_DeviceCommunicationControlMalformedData));
 
     ztest_run_test_suite(dcc_tests);
 }