From fa3607d94827b0e5f104da41a23f1ff501580073 Mon Sep 17 00:00:00 2001 From: skarg Date: Tue, 12 May 2009 20:23:01 +0000 Subject: [PATCH] Corrected ReadPropertyMultiple for some objects. Added catch for case where malformed RPM-Ack is received. --- bacnet-stack/demo/handler/h_rpm.c | 9 +++++---- bacnet-stack/demo/handler/h_rpm_a.c | 25 ++++++++++++++++++++++++ bacnet-stack/ports/at91sam7s/h_rp.c | 4 ++-- bacnet-stack/ports/bdk-atxx4-mstp/h_rp.c | 2 +- 4 files changed, 33 insertions(+), 7 deletions(-) diff --git a/bacnet-stack/demo/handler/h_rpm.c b/bacnet-stack/demo/handler/h_rpm.c index 00c295e1..a25f7298 100644 --- a/bacnet-stack/demo/handler/h_rpm.c +++ b/bacnet-stack/demo/handler/h_rpm.c @@ -235,6 +235,7 @@ int RPM_Encode_Property( int32_t array_index) { int len = 0; + size_t copy_len = 0; int apdu_len = 0; BACNET_ERROR_CLASS error_class = ERROR_CLASS_OBJECT; BACNET_ERROR_CODE error_code = ERROR_CODE_UNKNOWN_OBJECT; @@ -242,8 +243,8 @@ int RPM_Encode_Property( len = rpm_ack_encode_apdu_object_property(&Temp_Buf[0], object_property, array_index); - len = memcopy(&apdu[0], &Temp_Buf[0], offset, len, max_apdu); - if (!len) { + copy_len = memcopy(&apdu[0], &Temp_Buf[0], offset, len, max_apdu); + if (copy_len == 0) { return 0; } apdu_len += len; @@ -255,9 +256,9 @@ int RPM_Encode_Property( len = rpm_ack_encode_apdu_object_property_error(&Temp_Buf[0], error_class, error_code); - len = + copy_len = memcopy(&apdu[0], &Temp_Buf[0], offset + apdu_len, len, max_apdu); - if (!len) { + if (copy_len == 0) { return 0; } } else if ((offset + apdu_len + 1 + len + 1) < max_apdu) { diff --git a/bacnet-stack/demo/handler/h_rpm_a.c b/bacnet-stack/demo/handler/h_rpm_a.c index e34e2b10..5f43477d 100644 --- a/bacnet-stack/demo/handler/h_rpm_a.c +++ b/bacnet-stack/demo/handler/h_rpm_a.c @@ -124,6 +124,10 @@ static int rpm_ack_decode_service_request( apdu++; break; } else { + /* nothing decoded and no closing tag, so malformed */ + if (len == 0) { + return -1; + } old_value = value; value = calloc(1, sizeof(BACNET_APPLICATION_DATA_VALUE)); @@ -299,5 +303,26 @@ void handler_read_property_multiple_ack( rpm_data = rpm_data->next; free(old_rpm_data); } + } else { +#if 1 + fprintf(stderr, "RPM Ack Malformed! Freeing memory...\n"); +#endif + while (rpm_data) { + rpm_property = rpm_data->listOfProperties; + while (rpm_property) { + value = rpm_property->value; + while (value) { + old_value = value; + value = value->next; + free(old_value); + } + old_rpm_property = rpm_property; + rpm_property = rpm_property->next; + free(old_rpm_property); + } + old_rpm_data = rpm_data; + rpm_data = rpm_data->next; + free(old_rpm_data); + } } } diff --git a/bacnet-stack/ports/at91sam7s/h_rp.c b/bacnet-stack/ports/at91sam7s/h_rp.c index c54a57a8..341f61ab 100644 --- a/bacnet-stack/ports/at91sam7s/h_rp.c +++ b/bacnet-stack/ports/at91sam7s/h_rp.c @@ -81,7 +81,7 @@ int Encode_Property_APDU( case OBJECT_ANALOG_VALUE: if (Analog_Value_Valid_Instance(object_instance)) { apdu_len = - Analog_Value_Encode_Property_APDU(&Temp_Buf[0], + Analog_Value_Encode_Property_APDU(&apdu[0], object_instance, property, array_index, error_class, error_code); } @@ -97,7 +97,7 @@ int Encode_Property_APDU( case OBJECT_BINARY_VALUE: if (Binary_Value_Valid_Instance(object_instance)) { apdu_len = - Binary_Value_Encode_Property_APDU(&Temp_Buf[0], + Binary_Value_Encode_Property_APDU(&apdu[0], object_instance, property, array_index, error_class, error_code); } diff --git a/bacnet-stack/ports/bdk-atxx4-mstp/h_rp.c b/bacnet-stack/ports/bdk-atxx4-mstp/h_rp.c index db3b742c..740625e3 100644 --- a/bacnet-stack/ports/bdk-atxx4-mstp/h_rp.c +++ b/bacnet-stack/ports/bdk-atxx4-mstp/h_rp.c @@ -88,7 +88,7 @@ int Encode_Property_APDU( case OBJECT_BINARY_OUTPUT: if (Binary_Output_Valid_Instance(object_instance)) { apdu_len = - Binary_Output_Encode_Property_APDU(&Temp_Buf[0], + Binary_Output_Encode_Property_APDU(&apdu[0], object_instance, property, array_index, error_class, error_code); }