Corrected ReadPropertyMultiple for some objects. Added catch for case where malformed RPM-Ack is received.

2009-05-12 20:23:01 +00:00
parent bbc87574b9
commit fa3607d948
4 changed files with 33 additions and 7 deletions
@@ -235,6 +235,7 @@ int RPM_Encode_Property(
    int32_t array_index)
 {
    int len = 0;
    size_t copy_len = 0;
    int apdu_len = 0;
    BACNET_ERROR_CLASS error_class = ERROR_CLASS_OBJECT;
    BACNET_ERROR_CODE error_code = ERROR_CODE_UNKNOWN_OBJECT;
@@ -242,8 +243,8 @@ int RPM_Encode_Property(
    len =
        rpm_ack_encode_apdu_object_property(&Temp_Buf[0], object_property,
        array_index);
-    len = memcopy(&apdu[0], &Temp_Buf[0], offset, len, max_apdu);
+    copy_len = memcopy(&apdu[0], &Temp_Buf[0], offset, len, max_apdu);
-    if (!len) {
+    if (copy_len == 0) {
        return 0;
    }
    apdu_len += len;
@@ -255,9 +256,9 @@ int RPM_Encode_Property(
        len =
            rpm_ack_encode_apdu_object_property_error(&Temp_Buf[0],
            error_class, error_code);
-        len =
+        copy_len =
            memcopy(&apdu[0], &Temp_Buf[0], offset + apdu_len, len, max_apdu);
-        if (!len) {
+        if (copy_len == 0) {
            return 0;
        }
    } else if ((offset + apdu_len + 1 + len + 1) < max_apdu) {
@@ -124,6 +124,10 @@ static int rpm_ack_decode_service_request(
                        apdu++;
                        break;
                    } else {
                        /* nothing decoded and no closing tag, so malformed */
                        if (len == 0) {
                            return -1;
                        }
                        old_value = value;
                        value =
                            calloc(1, sizeof(BACNET_APPLICATION_DATA_VALUE));
@@ -299,5 +303,26 @@ void handler_read_property_multiple_ack(
            rpm_data = rpm_data->next;
            free(old_rpm_data);
        }
    } else {
 #if 1
        fprintf(stderr, "RPM Ack Malformed! Freeing memory...\n");
 #endif
        while (rpm_data) {
            rpm_property = rpm_data->listOfProperties;
            while (rpm_property) {
                value = rpm_property->value;
                while (value) {
                    old_value = value;
                    value = value->next;
                    free(old_value);
                }
                old_rpm_property = rpm_property;
                rpm_property = rpm_property->next;
                free(old_rpm_property);
            }
            old_rpm_data = rpm_data;
            rpm_data = rpm_data->next;
            free(old_rpm_data);
        }
    }
 }
@@ -81,7 +81,7 @@ int Encode_Property_APDU(
        case OBJECT_ANALOG_VALUE:
            if (Analog_Value_Valid_Instance(object_instance)) {
                apdu_len =
-                    Analog_Value_Encode_Property_APDU(&Temp_Buf[0],
+                    Analog_Value_Encode_Property_APDU(&apdu[0],
                    object_instance, property, array_index, error_class,
                    error_code);
            }
@@ -97,7 +97,7 @@ int Encode_Property_APDU(
        case OBJECT_BINARY_VALUE:
            if (Binary_Value_Valid_Instance(object_instance)) {
                apdu_len =
-                    Binary_Value_Encode_Property_APDU(&Temp_Buf[0],
+                    Binary_Value_Encode_Property_APDU(&apdu[0],
                    object_instance, property, array_index, error_class,
                    error_code);
            }
@@ -88,7 +88,7 @@ int Encode_Property_APDU(
        case OBJECT_BINARY_OUTPUT:
            if (Binary_Output_Valid_Instance(object_instance)) {
                apdu_len =
-                    Binary_Output_Encode_Property_APDU(&Temp_Buf[0],
+                    Binary_Output_Encode_Property_APDU(&apdu[0],
                    object_instance, property, array_index, error_class,
                    error_code);
            }