diff --git a/Makefile b/Makefile index 6a094273..3f6f95ba 100644 --- a/Makefile +++ b/Makefile @@ -225,13 +225,16 @@ lint: SPLINT_OPTIONS := -weak +posixlib +quiet \ -D__signed__=signed -D__gnuc_va_list=va_list \ - -Iinclude -Idemo/object -Iports/linux \ - +matchanyintegral +ignoresigns -unrecog -preproc -fullinitblock \ + -Isrc -Iports/linux \ + +matchanyintegral +ignoresigns -unrecog -preproc \ +error-stream-stderr +warning-stream-stderr -warnposix \ + -bufferoverflowhigh + +SPLINT_FIND_OPTIONS := ./src -path ./src/bacnet/basic/ucix -prune -o -name "*.c" .PHONY: splint splint: - find ./src -name "*.c" -exec splint $(SPLINT_OPTIONS) {} \; + find $(SPLINT_FIND_OPTIONS) -exec splint $(SPLINT_OPTIONS) {} \; CPPCHECK_OPTIONS = --enable=warning,portability CPPCHECK_OPTIONS += --template=gcc diff --git a/src/bacnet/basic/bbmd/h_bbmd.c b/src/bacnet/basic/bbmd/h_bbmd.c index 127fbe66..34021deb 100644 --- a/src/bacnet/basic/bbmd/h_bbmd.c +++ b/src/bacnet/basic/bbmd/h_bbmd.c @@ -592,8 +592,8 @@ int bvlc_send_pdu(BACNET_ADDRESS *dest, #if BBMD_ENABLED if (mtu_len > 0) { bip_get_addr(&bip_src); - bbmd_fdt_forward_npdu(&bip_src, pdu, pdu_len, true); - bbmd_bdt_forward_npdu(&bip_src, pdu, pdu_len, true); + (void)bbmd_fdt_forward_npdu(&bip_src, pdu, pdu_len, true); + (void)bbmd_bdt_forward_npdu(&bip_src, pdu, pdu_len, true); } #endif } @@ -928,7 +928,7 @@ int bvlc_bbmd_enabled_handler(BACNET_IP_ADDRESS *addr, /* In addition, the constructed BVLL Forwarded-NPDU message shall be unicast to each foreign device in the BBMD's FDT. */ - bbmd_fdt_forward_npdu(&fwd_address, mtu, mtu_len, false); + (void)bbmd_fdt_forward_npdu(&fwd_address, mtu, mtu_len, false); /* prepare the message for me! */ bvlc_ip_address_to_bacnet_local(src, &fwd_address); offset = header_len + function_len - npdu_len; @@ -1032,8 +1032,8 @@ int bvlc_bbmd_enabled_handler(BACNET_IP_ADDRESS *addr, attempt was unsuccessful */ npdu_len = bbmd_forward_npdu(addr, pdu, pdu_len); if (npdu_len > 0) { - bbmd_fdt_forward_npdu(addr, pdu, pdu_len, false); - bbmd_bdt_forward_npdu(addr, pdu, pdu_len, false); + (void)bbmd_fdt_forward_npdu(addr, pdu, pdu_len, false); + (void)bbmd_bdt_forward_npdu(addr, pdu, pdu_len, false); } else { result_code = BVLC_RESULT_DISTRIBUTE_BROADCAST_TO_NETWORK_NAK; send_result = true; @@ -1099,8 +1099,8 @@ int bvlc_bbmd_enabled_handler(BACNET_IP_ADDRESS *addr, "Original-Broadcast-NPDU: " "Confirmed Service! Discard!"); } else { - bbmd_fdt_forward_npdu(addr, npdu, npdu_len, true); - bbmd_bdt_forward_npdu(addr, npdu, npdu_len, true); + (void)bbmd_fdt_forward_npdu(addr, npdu, npdu_len, true); + (void)bbmd_bdt_forward_npdu(addr, npdu, npdu_len, true); debug_print_npdu("Original-Broadcast-NPDU", offset, npdu_len); } diff --git a/src/bacnet/basic/bbmd6/h_bbmd6.c b/src/bacnet/basic/bbmd6/h_bbmd6.c index 85326230..3f197655 100644 --- a/src/bacnet/basic/bbmd6/h_bbmd6.c +++ b/src/bacnet/basic/bbmd6/h_bbmd6.c @@ -181,18 +181,19 @@ static bool bbmd6_add_vmac(uint32_t device_id, BACNET_IP6_ADDRESS *addr) bool status = false; struct vmac_data *vmac; struct vmac_data new_vmac; + unsigned i = 0; if (addr) { vmac = VMAC_Find_By_Key(device_id); if (vmac) { /* already exists - replace? */ PRINTF("VMAC existing %u [", (unsigned int)device_id); - for (unsigned i = 0; i < vmac->mac_len; i++) { + for (i = 0; i < vmac->mac_len; i++) { PRINTF("%02X", vmac->mac[i]); } PRINTF("]\n"); PRINTF("VMAC ignoring %u [", (unsigned int)device_id); - for (unsigned i = 0; i < IP6_ADDRESS_MAX; i++) { + for (i = 0; i < IP6_ADDRESS_MAX; i++) { PRINTF("%02X", addr->address[i]); } PRINTF("%04X", addr->port); diff --git a/src/bacnet/basic/bbmd6/vmac.c b/src/bacnet/basic/bbmd6/vmac.c index 8fd1f92a..05bfc263 100644 --- a/src/bacnet/basic/bbmd6/vmac.c +++ b/src/bacnet/basic/bbmd6/vmac.c @@ -258,6 +258,7 @@ void VMAC_Cleanup(void) struct vmac_data *pVMAC; uint32_t device_id; const int index = 0; + unsigned i = 0; if (VMAC_List) { do { @@ -266,7 +267,7 @@ void VMAC_Cleanup(void) if (pVMAC) { PRINTF("VMAC List: %lu [", (unsigned long)device_id); /* print the MAC */ - for (unsigned i = 0; i < pVMAC->mac_len; i++) { + for (i = 0; i < pVMAC->mac_len; i++) { PRINTF("%02X", pVMAC->mac[i]); } PRINTF("]\n"); diff --git a/src/bacnet/basic/object/ai.c b/src/bacnet/basic/object/ai.c index bc09cebe..e7334302 100644 --- a/src/bacnet/basic/object/ai.c +++ b/src/bacnet/basic/object/ai.c @@ -238,10 +238,10 @@ bool Analog_Input_Object_Name( */ unsigned Analog_Input_Event_State(uint32_t object_instance) { - unsigned index = 0; unsigned state = EVENT_STATE_NORMAL; - #if defined(INTRINSIC_REPORTING) + unsigned index = 0; + index = Analog_Input_Instance_To_Index(object_instance); if (index < MAX_ANALOG_INPUTS) { state = AI_Descr[index].Event_State; diff --git a/src/bacnet/basic/object/ao.c b/src/bacnet/basic/object/ao.c index bffd1dad..16ca6975 100644 --- a/src/bacnet/basic/object/ao.c +++ b/src/bacnet/basic/object/ao.c @@ -154,7 +154,7 @@ float Analog_Output_Present_Value(uint32_t object_instance) if (index < MAX_ANALOG_OUTPUTS) { for (i = 0; i < BACNET_MAX_PRIORITY; i++) { if (Analog_Output_Level[index][i] != AO_LEVEL_NULL) { - value = Analog_Output_Level[index][i]; + value = (float)Analog_Output_Level[index][i]; break; } } @@ -342,7 +342,8 @@ int Analog_Output_Read_Property(BACNET_READ_PROPERTY_DATA *rpdata) if (Analog_Output_Level[object_index][i] == AO_LEVEL_NULL) { len = encode_application_null(&apdu[apdu_len]); } else { - real_value = Analog_Output_Level[object_index][i]; + real_value = + (float)Analog_Output_Level[object_index][i]; len = encode_application_real( &apdu[apdu_len], real_value); } @@ -365,7 +366,7 @@ int Analog_Output_Read_Property(BACNET_READ_PROPERTY_DATA *rpdata) apdu_len = encode_application_null(&apdu[0]); } else { real_value = - Analog_Output_Level[object_index] + (float)Analog_Output_Level[object_index] [rpdata->array_index - 1]; apdu_len = encode_application_real(&apdu[0], real_value); diff --git a/src/bacnet/basic/object/av.c b/src/bacnet/basic/object/av.c index 39f11a62..8b1d2622 100644 --- a/src/bacnet/basic/object/av.c +++ b/src/bacnet/basic/object/av.c @@ -299,10 +299,10 @@ bool Analog_Value_Object_Name( */ unsigned Analog_Value_Event_State(uint32_t object_instance) { - unsigned index = 0; unsigned state = EVENT_STATE_NORMAL; - #if defined(INTRINSIC_REPORTING) + unsigned index = 0; + index = Analog_Value_Instance_To_Index(object_instance); if (index < MAX_ANALOG_VALUES) { state = AV_Descr[index].Event_State; diff --git a/src/bacnet/basic/object/channel.c b/src/bacnet/basic/object/channel.c index d6ed11b2..fa87acf2 100644 --- a/src/bacnet/basic/object/channel.c +++ b/src/bacnet/basic/object/channel.c @@ -850,7 +850,7 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, apdu_len = BACNET_STATUS_ERROR; } } else if (tag == BACNET_APPLICATION_TAG_DOUBLE) { - double_value = value->type.Unsigned_Int; + double_value = (double)value->type.Unsigned_Int; apdu_len = encode_application_double(&apdu[0], double_value); } else if (tag == BACNET_APPLICATION_TAG_ENUMERATED) { @@ -892,7 +892,7 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, apdu_len = BACNET_STATUS_ERROR; } } else if (tag == BACNET_APPLICATION_TAG_DOUBLE) { - double_value = value->type.Signed_Int; + double_value = (double)value->type.Signed_Int; apdu_len = encode_application_double(&apdu[0], double_value); } else if (tag == BACNET_APPLICATION_TAG_ENUMERATED) { @@ -907,14 +907,14 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, #if defined(BACAPP_REAL) case BACNET_APPLICATION_TAG_REAL: if (tag == BACNET_APPLICATION_TAG_BOOLEAN) { - if (value->type.Real) { + if (value->type.Real != 0.0F) { boolean_value = true; } apdu_len = encode_application_boolean(&apdu[0], boolean_value); } else if (tag == BACNET_APPLICATION_TAG_UNSIGNED_INT) { - if ((value->type.Real >= 0.0) && - (value->type.Real <= 2147483000.0)) { + if ((value->type.Real >= 0.0F) && + (value->type.Real <= 2147483000.0F)) { unsigned_value = (uint32_t)value->type.Real; apdu_len = encode_application_unsigned( &apdu[0], unsigned_value); @@ -922,8 +922,8 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, apdu_len = BACNET_STATUS_ERROR; } } else if (tag == BACNET_APPLICATION_TAG_SIGNED_INT) { - if ((value->type.Real >= -2147483000.0) && - (value->type.Real <= 214783000.0)) { + if ((value->type.Real >= -2147483000.0F) && + (value->type.Real <= 214783000.0F)) { signed_value = (int32_t)value->type.Real; apdu_len = encode_application_signed(&apdu[0], signed_value); @@ -938,8 +938,8 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, apdu_len = encode_application_double(&apdu[0], double_value); } else if (tag == BACNET_APPLICATION_TAG_ENUMERATED) { - if ((value->type.Real >= 0.0) && - (value->type.Real <= 2147483000.0)) { + if ((value->type.Real >= 0.0F) && + (value->type.Real <= 2147483000.0F)) { unsigned_value = (uint32_t)value->type.Real; apdu_len = encode_application_enumerated( &apdu[0], unsigned_value); @@ -954,7 +954,7 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, #if defined(BACAPP_DOUBLE) case BACNET_APPLICATION_TAG_DOUBLE: if (tag == BACNET_APPLICATION_TAG_BOOLEAN) { - if (value->type.Double) { + if (value->type.Double != 0.0) { boolean_value = true; } apdu_len = @@ -1033,7 +1033,7 @@ int Channel_Coerce_Data_Encode(uint8_t *apdu, apdu_len = BACNET_STATUS_ERROR; } } else if (tag == BACNET_APPLICATION_TAG_DOUBLE) { - double_value = value->type.Enumerated; + double_value = (double)value->type.Enumerated; apdu_len = encode_application_double(&apdu[0], double_value); } else if (tag == BACNET_APPLICATION_TAG_ENUMERATED) { diff --git a/src/bacnet/basic/object/iv.c b/src/bacnet/basic/object/iv.c index f863b902..fbf670de 100644 --- a/src/bacnet/basic/object/iv.c +++ b/src/bacnet/basic/object/iv.c @@ -333,7 +333,7 @@ int Integer_Value_Read_Property(BACNET_READ_PROPERTY_DATA *rpdata) BACNET_CHARACTER_STRING char_string; uint8_t *apdu = NULL; uint32_t units = 0; - int32_t integer_value = 0.0; + int32_t integer_value = 0; bool state = false; if ((rpdata == NULL) || (rpdata->application_data == NULL) || diff --git a/src/bacnet/basic/object/msv.c b/src/bacnet/basic/object/msv.c index a5de79e5..fc082ffd 100644 --- a/src/bacnet/basic/object/msv.c +++ b/src/bacnet/basic/object/msv.c @@ -372,7 +372,7 @@ bool Multistate_Value_Encode_Value_List( const bool fault = false; const bool overridden = false; bool out_of_service = false; - uint32_t present_value = 0.0; + uint32_t present_value = 0; unsigned index = 0; index = Multistate_Value_Instance_To_Index(object_instance); diff --git a/src/bacnet/datalink/bacsec.c b/src/bacnet/datalink/bacsec.c index 62da7786..09c28892 100644 --- a/src/bacnet/datalink/bacsec.c +++ b/src/bacnet/datalink/bacsec.c @@ -38,122 +38,125 @@ BACNET_KEY_IDENTIFIER_KEY_NUMBER key_number(uint16_t id) return (BACNET_KEY_IDENTIFIER_KEY_NUMBER)(id & 0xFF); } -// int encode_security_wrapper( -// int bytes_before, uint8_t *apdu, BACNET_SECURITY_WRAPPER *wrapper) -// { -// int curr = 0; -// int enc_begin = 0; -// BACNET_KEY_ENTRY key; -// BACNET_SECURITY_RESPONSE_CODE res = SEC_RESP_SUCCESS; +#if 0 +/* FIXME: please fix? */ +int encode_security_wrapper( + int bytes_before, uint8_t *apdu, BACNET_SECURITY_WRAPPER *wrapper) +{ + int curr = 0; + int enc_begin = 0; + BACNET_KEY_ENTRY key; + BACNET_SECURITY_RESPONSE_CODE res = SEC_RESP_SUCCESS; -// apdu[curr] = 0; -// /* control byte */ -// if (wrapper->payload_net_or_bvll_flag) { -// apdu[curr] |= 1 << 7; -// } -// /* encryption flag will be set after signature calculation */ -// /* bit 5 is reserved and shall be 0 */ -// if (wrapper->authentication_flag) { -// apdu[curr] |= 1 << 4; -// } -// if (wrapper->do_not_unwrap_flag) { -// apdu[curr] |= 1 << 3; -// } -// if (wrapper->do_not_decrypt_flag) { -// apdu[curr] |= 1 << 2; -// } -// if (wrapper->non_trusted_source_flag) { -// apdu[curr] |= 1 << 1; -// } -// if (wrapper->secured_by_router_flag) { -// apdu[curr] |= 1; -// } -// curr++; -// /* basic integrity checks */ -// if (wrapper->do_not_decrypt_flag && !wrapper->do_not_unwrap_flag) { -// return -SEC_RESP_MALFORMED_MESSAGE; -// } -// if (!wrapper->encrypted_flag && wrapper->do_not_decrypt_flag) { -// return -SEC_RESP_MALFORMED_MESSAGE; -// } -// /* key */ -// apdu[curr++] = wrapper->key_revision; -// curr += encode_unsigned16(&apdu[curr], wrapper->key_identifier); -// /* find appropriate key */ -// key.key_identifier = wrapper->key_identifier; -// res = bacnet_find_key(wrapper->key_revision, &key); -// if (res != SEC_RESP_SUCCESS) { -// return -res; -// } -// /* source device instance */ -// curr += encode_unsigned24(&apdu[curr], wrapper->source_device_instance); -// /* message id */ -// curr += encode_unsigned32(&apdu[curr], wrapper->message_id); -// /* timestamp */ -// curr += encode_unsigned32(&apdu[curr], wrapper->timestamp); -// /* begin encryption starting from destination device instance */ -// enc_begin = curr; -// /* destination device instance */ -// curr += -// encode_unsigned24(&apdu[curr], wrapper->destination_device_instance); -// /* dst address */ -// curr += encode_unsigned16(&apdu[curr], wrapper->dnet); -// apdu[curr++] = wrapper->dlen; -// memcpy(&apdu[curr], wrapper->dadr, wrapper->dlen); -// curr += wrapper->dlen; -// /* src address */ -// curr += encode_unsigned16(&apdu[curr], wrapper->snet); -// apdu[curr++] = wrapper->slen; -// memcpy(&apdu[curr], wrapper->sadr, wrapper->slen); -// curr += wrapper->slen; -// /* authentication */ -// if (wrapper->authentication_flag) { -// apdu[curr++] = wrapper->authentication_mechanism; -// /* authentication data */ -// curr += encode_unsigned16(&apdu[curr], wrapper->user_id); -// apdu[curr++] = wrapper->user_role; -// if ((wrapper->authentication_mechanism >= 1) && -// (wrapper->authentication_mechanism <= 199)) { -// curr += encode_unsigned16( -// &apdu[curr], wrapper->authentication_data_length + 5); -// memcpy(&apdu[curr], wrapper->authentication_data, -// wrapper->authentication_data_length); -// curr += wrapper->authentication_data_length; -// } else if (wrapper->authentication_mechanism >= 200) { -// curr += encode_unsigned16( -// &apdu[curr], wrapper->authentication_data_length + 7); -// curr += encode_unsigned16(&apdu[curr], wrapper->vendor_id); -// memcpy(&apdu[curr], wrapper->authentication_data, -// wrapper->authentication_data_length); -// curr += wrapper->authentication_data_length; -// } -// } -// memcpy(&apdu[curr], wrapper->service_data, wrapper->service_data_len); -// curr += wrapper->service_data_len; -// /* signature calculation */ -// key_sign_msg(&key, &apdu[-bytes_before], (uint32_t)(bytes_before + curr), -// wrapper->signature); -// /* padding and encryption */ -// if (wrapper->encrypted_flag) { -// /* set encryption flag, signing is done */ -// apdu[0] |= 1 << 6; -// /* handle padding */ -// key_set_padding( -// &key, curr - enc_begin, &wrapper->padding_len, wrapper->padding); -// if (wrapper->padding_len > 2) { -// memcpy(&apdu[curr], wrapper->padding, wrapper->padding_len - 2); -// curr += wrapper->padding_len - 2; -// } -// curr += encode_unsigned16(&apdu[curr], wrapper->padding_len); -// /* encryption */ -// key_encrypt_msg(&key, &apdu[enc_begin], (uint32_t)(curr - enc_begin), -// wrapper->signature); -// } -// memcpy(&apdu[curr], wrapper->signature, SIGNATURE_LEN); -// curr += SIGNATURE_LEN; + apdu[curr] = 0; + /* control byte */ + if (wrapper->payload_net_or_bvll_flag) { + apdu[curr] |= 1 << 7; + } + /* encryption flag will be set after signature calculation */ + /* bit 5 is reserved and shall be 0 */ + if (wrapper->authentication_flag) { + apdu[curr] |= 1 << 4; + } + if (wrapper->do_not_unwrap_flag) { + apdu[curr] |= 1 << 3; + } + if (wrapper->do_not_decrypt_flag) { + apdu[curr] |= 1 << 2; + } + if (wrapper->non_trusted_source_flag) { + apdu[curr] |= 1 << 1; + } + if (wrapper->secured_by_router_flag) { + apdu[curr] |= 1; + } + curr++; + /* basic integrity checks */ + if (wrapper->do_not_decrypt_flag && !wrapper->do_not_unwrap_flag) { + return -SEC_RESP_MALFORMED_MESSAGE; + } + if (!wrapper->encrypted_flag && wrapper->do_not_decrypt_flag) { + return -SEC_RESP_MALFORMED_MESSAGE; + } + /* key */ + apdu[curr++] = wrapper->key_revision; + curr += encode_unsigned16(&apdu[curr], wrapper->key_identifier); + /* find appropriate key */ + key.key_identifier = wrapper->key_identifier; + res = bacnet_find_key(wrapper->key_revision, &key); + if (res != SEC_RESP_SUCCESS) { + return -res; + } + /* source device instance */ + curr += encode_unsigned24(&apdu[curr], wrapper->source_device_instance); + /* message id */ + curr += encode_unsigned32(&apdu[curr], wrapper->message_id); + /* timestamp */ + curr += encode_unsigned32(&apdu[curr], wrapper->timestamp); + /* begin encryption starting from destination device instance */ + enc_begin = curr; + /* destination device instance */ + curr += + encode_unsigned24(&apdu[curr], wrapper->destination_device_instance); + /* dst address */ + curr += encode_unsigned16(&apdu[curr], wrapper->dnet); + apdu[curr++] = wrapper->dlen; + memcpy(&apdu[curr], wrapper->dadr, wrapper->dlen); + curr += wrapper->dlen; + /* src address */ + curr += encode_unsigned16(&apdu[curr], wrapper->snet); + apdu[curr++] = wrapper->slen; + memcpy(&apdu[curr], wrapper->sadr, wrapper->slen); + curr += wrapper->slen; + /* authentication */ + if (wrapper->authentication_flag) { + apdu[curr++] = wrapper->authentication_mechanism; + /* authentication data */ + curr += encode_unsigned16(&apdu[curr], wrapper->user_id); + apdu[curr++] = wrapper->user_role; + if ((wrapper->authentication_mechanism >= 1) && + (wrapper->authentication_mechanism <= 199)) { + curr += encode_unsigned16( + &apdu[curr], wrapper->authentication_data_length + 5); + memcpy(&apdu[curr], wrapper->authentication_data, + wrapper->authentication_data_length); + curr += wrapper->authentication_data_length; + } else if (wrapper->authentication_mechanism >= 200) { + curr += encode_unsigned16( + &apdu[curr], wrapper->authentication_data_length + 7); + curr += encode_unsigned16(&apdu[curr], wrapper->vendor_id); + memcpy(&apdu[curr], wrapper->authentication_data, + wrapper->authentication_data_length); + curr += wrapper->authentication_data_length; + } + } + memcpy(&apdu[curr], wrapper->service_data, wrapper->service_data_len); + curr += wrapper->service_data_len; + /* signature calculation */ + key_sign_msg(&key, &apdu[-bytes_before], (uint32_t)(bytes_before + curr), + wrapper->signature); + /* padding and encryption */ + if (wrapper->encrypted_flag) { + /* set encryption flag, signing is done */ + apdu[0] |= 1 << 6; + /* handle padding */ + key_set_padding( + &key, curr - enc_begin, &wrapper->padding_len, wrapper->padding); + if (wrapper->padding_len > 2) { + memcpy(&apdu[curr], wrapper->padding, wrapper->padding_len - 2); + curr += wrapper->padding_len - 2; + } + curr += encode_unsigned16(&apdu[curr], wrapper->padding_len); + /* encryption */ + key_encrypt_msg(&key, &apdu[enc_begin], (uint32_t)(curr - enc_begin), + wrapper->signature); + } + memcpy(&apdu[curr], wrapper->signature, SIGNATURE_LEN); + curr += SIGNATURE_LEN; -// return curr; -// } + return curr; +} +#endif int encode_challenge_request(uint8_t *apdu, BACNET_CHALLENGE_REQUEST *bc_req) { @@ -375,114 +378,117 @@ int encode_set_master_key(uint8_t *apdu, BACNET_SET_MASTER_KEY *set_master_key) return encode_key_entry(apdu, &set_master_key->key); } -// int decode_security_wrapper_safe(int bytes_before, -// uint8_t *apdu, -// uint32_t apdu_len_remaining, -// BACNET_SECURITY_WRAPPER *wrapper) -// { -// int curr = 0; -// int enc_begin = 0; -// int real_len = (int)(apdu_len_remaining - SIGNATURE_LEN); -// BACNET_KEY_ENTRY key; -// BACNET_SECURITY_RESPONSE_CODE res = SEC_RESP_SUCCESS; +#if 0 +/* FIXME: please fix? */ +int decode_security_wrapper_safe(int bytes_before, + uint8_t *apdu, + uint32_t apdu_len_remaining, + BACNET_SECURITY_WRAPPER *wrapper) +{ + int curr = 0; + int enc_begin = 0; + int real_len = (int)(apdu_len_remaining - SIGNATURE_LEN); + BACNET_KEY_ENTRY key; + BACNET_SECURITY_RESPONSE_CODE res = SEC_RESP_SUCCESS; -// if (apdu_len_remaining < 40) { -// return -SEC_RESP_MALFORMED_MESSAGE; -// } -// wrapper->payload_net_or_bvll_flag = ((apdu[curr] & (1 << 7)) != 0); -// wrapper->encrypted_flag = ((apdu[curr] & (1 << 6)) != 0); -// wrapper->authentication_flag = ((apdu[curr] & (1 << 4)) != 0); -// wrapper->do_not_unwrap_flag = ((apdu[curr] & (1 << 3)) != 0); -// wrapper->do_not_decrypt_flag = ((apdu[curr] & (1 << 2)) != 0); -// wrapper->non_trusted_source_flag = ((apdu[curr] & (1 << 1)) != 0); -// wrapper->secured_by_router_flag = ((apdu[curr] & 1) != 0); -// /* basic integrity checks */ -// if (wrapper->do_not_decrypt_flag && !wrapper->do_not_unwrap_flag) { -// return -SEC_RESP_MALFORMED_MESSAGE; -// } -// if (!wrapper->encrypted_flag && wrapper->do_not_decrypt_flag) { -// return -SEC_RESP_MALFORMED_MESSAGE; -// } -// /* remove encryption flag for signature validation */ -// apdu[curr] &= ~((uint8_t)(1 << 6)); -// curr++; -// /* key */ -// wrapper->key_revision = apdu[curr++]; -// curr += decode_unsigned16(&apdu[curr], &wrapper->key_identifier); -// /* find appropriate key */ -// key.key_identifier = wrapper->key_identifier; -// res = bacnet_find_key(wrapper->key_revision, &key); -// if (res != SEC_RESP_SUCCESS) { -// return -res; -// } -// /* source device instance */ -// curr += decode_unsigned24(&apdu[curr], &wrapper->source_device_instance); -// /* message id */ -// curr += decode_unsigned32(&apdu[curr], &wrapper->message_id); -// /* timestamp */ -// curr += decode_unsigned32(&apdu[curr], &wrapper->timestamp); -// /* begin decryption starting from destination device instance */ -// enc_begin = curr; -// /* read signature */ -// memcpy(wrapper->signature, &apdu[real_len], SIGNATURE_LEN); -// if (wrapper->encrypted_flag) { -// if (!key_decrypt_msg(&key, &apdu[enc_begin], -// (uint32_t)(real_len - enc_begin), wrapper->signature)) { -// return -SEC_RESP_MALFORMED_MESSAGE; -// } -// curr += decode_unsigned16(&apdu[real_len - 2], -// &wrapper->padding_len); real_len -= wrapper->padding_len; -// memcpy(wrapper->padding, &apdu[wrapper->padding_len], -// wrapper->padding_len - 2); -// } -// /* destination device instance */ -// curr += -// decode_unsigned24(&apdu[curr], -// &wrapper->destination_device_instance); -// /* dst address */ -// curr += decode_unsigned16(&apdu[curr], &wrapper->dnet); -// wrapper->dlen = apdu[curr++]; -// memcpy(wrapper->dadr, &apdu[curr], wrapper->dlen); -// curr += wrapper->dlen; -// /* src address */ -// curr += decode_unsigned16(&apdu[curr], &wrapper->snet); -// wrapper->slen = apdu[curr++]; -// memcpy(wrapper->sadr, &apdu[curr], wrapper->slen); -// curr += wrapper->slen; -// /* authentication */ -// if (wrapper->authentication_flag) { -// wrapper->authentication_mechanism = apdu[curr++]; -// /* authentication data */ -// curr += decode_unsigned16(&apdu[curr], &wrapper->user_id); -// wrapper->user_role = apdu[curr++]; -// if ((wrapper->authentication_mechanism >= 1) && -// (wrapper->authentication_mechanism <= 199)) { -// curr += decode_unsigned16( -// &apdu[curr], &wrapper->authentication_data_length); -// wrapper->authentication_data_length -= 5; -// memcpy(wrapper->authentication_data, &apdu[curr], -// wrapper->authentication_data_length); -// curr += wrapper->authentication_data_length; -// } else if (wrapper->authentication_mechanism >= 200) { -// curr += decode_unsigned16( -// &apdu[curr], &wrapper->authentication_data_length); -// wrapper->authentication_data_length -= 7; -// curr += decode_unsigned16(&apdu[curr], &wrapper->vendor_id); -// memcpy(wrapper->authentication_data, &apdu[curr], -// wrapper->authentication_data_length); -// curr += wrapper->authentication_data_length; -// } -// } -// wrapper->service_data_len = (uint16_t)(real_len - curr); -// memcpy(wrapper->service_data, &apdu[curr], wrapper->service_data_len); -// curr += wrapper->service_data_len; -// if (!key_verify_sign_msg(&key, &apdu[-bytes_before], -// (uint32_t)(bytes_before + real_len), wrapper->signature)) { -// return -SEC_RESP_BAD_SIGNATURE; -// } + if (apdu_len_remaining < 40) { + return -SEC_RESP_MALFORMED_MESSAGE; + } + wrapper->payload_net_or_bvll_flag = ((apdu[curr] & (1 << 7)) != 0); + wrapper->encrypted_flag = ((apdu[curr] & (1 << 6)) != 0); + wrapper->authentication_flag = ((apdu[curr] & (1 << 4)) != 0); + wrapper->do_not_unwrap_flag = ((apdu[curr] & (1 << 3)) != 0); + wrapper->do_not_decrypt_flag = ((apdu[curr] & (1 << 2)) != 0); + wrapper->non_trusted_source_flag = ((apdu[curr] & (1 << 1)) != 0); + wrapper->secured_by_router_flag = ((apdu[curr] & 1) != 0); + /* basic integrity checks */ + if (wrapper->do_not_decrypt_flag && !wrapper->do_not_unwrap_flag) { + return -SEC_RESP_MALFORMED_MESSAGE; + } + if (!wrapper->encrypted_flag && wrapper->do_not_decrypt_flag) { + return -SEC_RESP_MALFORMED_MESSAGE; + } + /* remove encryption flag for signature validation */ + apdu[curr] &= ~((uint8_t)(1 << 6)); + curr++; + /* key */ + wrapper->key_revision = apdu[curr++]; + curr += decode_unsigned16(&apdu[curr], &wrapper->key_identifier); + /* find appropriate key */ + key.key_identifier = wrapper->key_identifier; + res = bacnet_find_key(wrapper->key_revision, &key); + if (res != SEC_RESP_SUCCESS) { + return -res; + } + /* source device instance */ + curr += decode_unsigned24(&apdu[curr], &wrapper->source_device_instance); + /* message id */ + curr += decode_unsigned32(&apdu[curr], &wrapper->message_id); + /* timestamp */ + curr += decode_unsigned32(&apdu[curr], &wrapper->timestamp); + /* begin decryption starting from destination device instance */ + enc_begin = curr; + /* read signature */ + memcpy(wrapper->signature, &apdu[real_len], SIGNATURE_LEN); + if (wrapper->encrypted_flag) { + if (!key_decrypt_msg(&key, &apdu[enc_begin], + (uint32_t)(real_len - enc_begin), wrapper->signature)) { + return -SEC_RESP_MALFORMED_MESSAGE; + } + curr += decode_unsigned16(&apdu[real_len - 2], + &wrapper->padding_len); real_len -= wrapper->padding_len; + memcpy(wrapper->padding, &apdu[wrapper->padding_len], + wrapper->padding_len - 2); + } + /* destination device instance */ + curr += + decode_unsigned24(&apdu[curr], + &wrapper->destination_device_instance); + /* dst address */ + curr += decode_unsigned16(&apdu[curr], &wrapper->dnet); + wrapper->dlen = apdu[curr++]; + memcpy(wrapper->dadr, &apdu[curr], wrapper->dlen); + curr += wrapper->dlen; + /* src address */ + curr += decode_unsigned16(&apdu[curr], &wrapper->snet); + wrapper->slen = apdu[curr++]; + memcpy(wrapper->sadr, &apdu[curr], wrapper->slen); + curr += wrapper->slen; + /* authentication */ + if (wrapper->authentication_flag) { + wrapper->authentication_mechanism = apdu[curr++]; + /* authentication data */ + curr += decode_unsigned16(&apdu[curr], &wrapper->user_id); + wrapper->user_role = apdu[curr++]; + if ((wrapper->authentication_mechanism >= 1) && + (wrapper->authentication_mechanism <= 199)) { + curr += decode_unsigned16( + &apdu[curr], &wrapper->authentication_data_length); + wrapper->authentication_data_length -= 5; + memcpy(wrapper->authentication_data, &apdu[curr], + wrapper->authentication_data_length); + curr += wrapper->authentication_data_length; + } else if (wrapper->authentication_mechanism >= 200) { + curr += decode_unsigned16( + &apdu[curr], &wrapper->authentication_data_length); + wrapper->authentication_data_length -= 7; + curr += decode_unsigned16(&apdu[curr], &wrapper->vendor_id); + memcpy(wrapper->authentication_data, &apdu[curr], + wrapper->authentication_data_length); + curr += wrapper->authentication_data_length; + } + } + wrapper->service_data_len = (uint16_t)(real_len - curr); + memcpy(wrapper->service_data, &apdu[curr], wrapper->service_data_len); + curr += wrapper->service_data_len; + if (!key_verify_sign_msg(&key, &apdu[-bytes_before], + (uint32_t)(bytes_before + real_len), wrapper->signature)) { + return -SEC_RESP_BAD_SIGNATURE; + } -// return curr; -// } + return curr; +} +#endif int decode_challenge_request_safe(uint8_t *apdu, uint32_t apdu_len_remaining, diff --git a/src/bacnet/datalink/bvlc.c b/src/bacnet/datalink/bvlc.c index 65784326..b4eff1bc 100644 --- a/src/bacnet/datalink/bvlc.c +++ b/src/bacnet/datalink/bvlc.c @@ -661,7 +661,7 @@ int bvlc_broadcast_distribution_table_decode(uint8_t *apdu, if (len > apdu_len) { return BACNET_STATUS_REJECT; } - octetstring_copy_value(&bdt_entry->dest_address.address[0], + (void)octetstring_copy_value(&bdt_entry->dest_address.address[0], IP_ADDRESS_MAX, &octet_string); /* host [0] BACnetHostAddress - closing */ if (!decode_is_closing_tag_number(&apdu[len++], 0)) { @@ -721,7 +721,7 @@ int bvlc_broadcast_distribution_table_decode(uint8_t *apdu, if (len > apdu_len) { return BACNET_STATUS_REJECT; } - octetstring_copy_value(&bdt_entry->broadcast_mask.address[0], + (void)octetstring_copy_value(&bdt_entry->broadcast_mask.address[0], IP_ADDRESS_MAX, &octet_string); bdt_entry->valid = true; /* next entry */ diff --git a/src/bacnet/datalink/cobs.c b/src/bacnet/datalink/cobs.c index df8c6b61..2413c391 100644 --- a/src/bacnet/datalink/cobs.c +++ b/src/bacnet/datalink/cobs.c @@ -193,7 +193,7 @@ size_t cobs_frame_encode( * Prepare the Encoded CRC-32K field for transmission. */ crc32K = ~crc32K; - cobs_crc32k_encode(crc_buffer, sizeof(crc_buffer), crc32K); + (void)cobs_crc32k_encode(crc_buffer, sizeof(crc_buffer), crc32K); cobs_crc_len = cobs_encode((uint8_t *)(buffer + cobs_data_len), buffer_size - cobs_data_len, crc_buffer, sizeof(crc_buffer), MSTP_PREAMBLE_X55);