From 15398c9ab579defe4978ac7d75760cdf7bf5fb81 Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Wed, 3 Aug 2022 21:59:32 +0200
Subject: [PATCH] - MMS_SERVER: fixed bug in getNameList request handling when
 domain ID is too long (LIB61850-346)

---
 src/mms/iso_mms/server/mms_get_namelist_service.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/mms/iso_mms/server/mms_get_namelist_service.c b/src/mms/iso_mms/server/mms_get_namelist_service.c
index 77c13d5c..1feb90ba 100644
--- a/src/mms/iso_mms/server/mms_get_namelist_service.c
+++ b/src/mms/iso_mms/server/mms_get_namelist_service.c
@@ -525,7 +525,7 @@ mmsServer_handleGetNameListRequest(
         }
         else {
             if (DEBUG_MMS_SERVER)
-                printf("MMS_SERVER: getNameListRequest - continuer after variable name too long\n");
+                printf("MMS_SERVER: getNameListRequest - continuer after variable name too long (%i > 129)\n", continueAfterLength);
 
             mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
             return;
@@ -533,7 +533,15 @@ mmsServer_handleGetNameListRequest(
     }
 
     if (objectScope == OBJECT_SCOPE_DOMAIN) {
-        char domainSpecificName[130];
+        char domainSpecificName[65];
+
+        if (domainIdLength > 64) {
+            if (DEBUG_MMS_SERVER)
+                printf("MMS_SERVER: getNameListRequest - domain name too long (%i > 64)\n", domainIdLength);
+
+            mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+            return;
+        }
 
         memcpy(domainSpecificName, domainId, domainIdLength);
         domainSpecificName[domainIdLength] = 0;