- added type checks when using asn1c parsing results for whole MmsPdu (LIB61850-343)

3 years ago · 1615c8ea9a
parent aeb8cb6157
commit 1615c8ea9a
8 changed files with 99 additions and 66 deletions
--- a/src/mms/iso_mms/client/mms_client_connection.c
+++ b/src/mms/iso_mms/client/mms_client_connection.c
@ -66,7 +66,7 @@ static void
 handleUnconfirmedMmsPdu(MmsConnection self, ByteBuffer* message)
 {
    if (self->reportHandler != NULL) {
-        MmsPdu_t* mmsPdu = 0; /* allow asn1c to allocate structure */
+        MmsPdu_t* mmsPdu = NULL; /* allow asn1c to allocate structure */
        if (DEBUG_MMS_CLIENT)
            printf("MMS_CLIENT: report handler rcvd size:%i\n", ByteBuffer_getSize(message));
--- a/src/mms/iso_mms/client/mms_client_files.c
+++ b/src/mms/iso_mms/client/mms_client_files.c
@ -1,7 +1,7 @@
 /*
 *  mms_client_files.c
 *
- *  Copyright 2013 - 2016 Michael Zillgith
+ *  Copyright 2013 - 2022 Michael Zillgith
 *
 *  This file is part of libIEC61850.
 *
--- a/src/mms/iso_mms/client/mms_client_get_var_access.c
+++ b/src/mms/iso_mms/client/mms_client_get_var_access.c
@ -1,7 +1,7 @@
 /*
 *  mms_client_get_var_access.c
 *
- *  Copyright 2013-2018 Michael Zillgith
+ *  Copyright 2013-2022 Michael Zillgith
 *
 *  This file is part of libIEC61850.
 *
@ -132,7 +132,7 @@ createTypeSpecification(TypeSpecification_t* asnTypeSpec)
 MmsVariableSpecification*
 mmsClient_parseGetVariableAccessAttributesResponse(ByteBuffer* message, uint32_t* invokeId)
 {
-    MmsPdu_t* mmsPdu = 0; /* allow asn1c to allocate structure */
+    MmsPdu_t* mmsPdu = NULL; /* allow asn1c to allocate structure */
    MmsVariableSpecification* typeSpec = NULL;
    asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu,
--- a/src/mms/iso_mms/client/mms_client_named_variable_list.c
+++ b/src/mms/iso_mms/client/mms_client_named_variable_list.c
@ -119,7 +119,7 @@ mmsClient_createDeleteAssociationSpecificNamedVariableListRequest(
 bool
 mmsClient_parseDeleteNamedVariableListResponse(ByteBuffer* message, uint32_t* invokeId, long* numberDeleted, long* numberMatched)
 {
-    MmsPdu_t* mmsPdu = 0;
+    MmsPdu_t* mmsPdu = NULL;
    bool retVal = false;
@ -299,7 +299,7 @@ parseNamedVariableAttributes(GetNamedVariableListAttributesResponse_t* response,
 LinkedList /* <MmsVariableAccessSpecification*> */
 mmsClient_parseGetNamedVariableListAttributesResponse(ByteBuffer* message, bool* /*OUT*/deletable)
 {
-    MmsPdu_t* mmsPdu = 0;
+    MmsPdu_t* mmsPdu = NULL;
    LinkedList attributes = NULL;
@ -311,7 +311,7 @@ mmsClient_parseGetNamedVariableListAttributesResponse(ByteBuffer* message, bool*
            if (mmsPdu->choice.confirmedResponsePdu.confirmedServiceResponse.present ==
                    ConfirmedServiceResponse_PR_getNamedVariableListAttributes)
-                    {
+            {
                attributes = parseNamedVariableAttributes(
                        &(mmsPdu->choice.confirmedResponsePdu.confirmedServiceResponse.choice.getNamedVariableListAttributes),
                        deletable);
@ -430,7 +430,7 @@ mmsClient_createDefineNamedVariableListRequest(
 bool
 mmsClient_parseDefineNamedVariableResponse(ByteBuffer* message, uint32_t* invokeId)
 {
-    MmsPdu_t* mmsPdu = 0;
+    MmsPdu_t* mmsPdu = NULL;
    bool retVal = false;
    asn_dec_rval_t rval;
--- a/src/mms/iso_mms/client/mms_client_read.c
+++ b/src/mms/iso_mms/client/mms_client_read.c
@ -363,7 +363,7 @@ mmsClient_parseListOfAccessResults(AccessResult_t** accessResultList, int listSi
 MmsValue*
 mmsClient_parseReadResponse(ByteBuffer* message, uint32_t* invokeId, bool createArray)
 {
-    MmsPdu_t* mmsPdu = 0; /* allow asn1c to allocate structure */
+    MmsPdu_t* mmsPdu = NULL; /* allow asn1c to allocate structure */
    MmsValue* valueList = NULL;
--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
+++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
@ -120,9 +120,8 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection,
 {
    (void)bufPos;
-	DeleteNamedVariableListRequest_t* request = 0;
+    DeleteNamedVariableListRequest_t* request = NULL;
-
+    MmsPdu_t* mmsPdu = NULL;
    MmsPdu_t* mmsPdu = 0;
    asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, maxBufPos);
@ -131,8 +130,17 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection,
        goto exit_function;
    }
-    request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.deleteNamedVariableList);
+    if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) &&
-
+        (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present
        == ConfirmedServiceRequest_PR_deleteNamedVariableList))
    {
        request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.deleteNamedVariableList);
    }
    else {
        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
        goto exit_function;
    }
 	long scopeOfDelete = DeleteNamedVariableListRequest__scopeOfDelete_specific;
 	if (request->scopeOfDelete)
@ -458,44 +466,53 @@ mmsServer_handleDefineNamedVariableListRequest(
 	    goto exit_free_struct;
 	}
-	request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.defineNamedVariableList);
+    if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && 
        (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present 
            == ConfirmedServiceRequest_PR_defineNamedVariableList))
    {
        request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.defineNamedVariableList);
    }
    else {
        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
 	    goto exit_free_struct;
    }
-	MmsDevice* device = MmsServer_getDevice(connection->server);
+    MmsDevice* device = MmsServer_getDevice(connection->server);
-	if (request->variableListName.present == ObjectName_PR_domainspecific) {
+    if (request->variableListName.present == ObjectName_PR_domainspecific) {
-	    char domainName[65];
+        char domainName[65];
-	    if (request->variableListName.choice.domainspecific.domainId.size > 64) {
+        if (request->variableListName.choice.domainspecific.domainId.size > 64) {
-	        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
+            mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
-	        goto exit_free_struct;
+            goto exit_free_struct;
-	    }
+        }
-	    StringUtils_createStringFromBufferInBuffer(domainName,
+        StringUtils_createStringFromBufferInBuffer(domainName,
-	            request->variableListName.choice.domainspecific.domainId.buf,
+                request->variableListName.choice.domainspecific.domainId.buf,
-	            request->variableListName.choice.domainspecific.domainId.size);
+                request->variableListName.choice.domainspecific.domainId.size);
-		MmsDomain* domain = MmsDevice_getDomain(device, domainName);
+        MmsDomain* domain = MmsDevice_getDomain(device, domainName);
-		if (domain == NULL) {
+        if (domain == NULL) {
-			mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
+            mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
-			goto exit_free_struct;
+            goto exit_free_struct;
-		}
+        }
 #if (CONFIG_MMS_SERVER_CONFIG_SERVICES_AT_RUNTIME == 1)
-		if (LinkedList_size(domain->namedVariableLists) < connection->server->maxDomainSpecificDataSets) {
+        if (LinkedList_size(domain->namedVariableLists) < connection->server->maxDomainSpecificDataSets) {
 #else
-		if (LinkedList_size(domain->namedVariableLists) < CONFIG_MMS_MAX_NUMBER_OF_DOMAIN_SPECIFIC_DATA_SETS) {
+        if (LinkedList_size(domain->namedVariableLists) < CONFIG_MMS_MAX_NUMBER_OF_DOMAIN_SPECIFIC_DATA_SETS) {
 #endif
-		    char variableListName[65];
+            char variableListName[65];
-		    if (request->variableListName.choice.domainspecific.itemId.size > 64) {
+            if (request->variableListName.choice.domainspecific.itemId.size > 64) {
-		        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
+                mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
                goto exit_free_struct;
-		    }
+            }
-		    StringUtils_createStringFromBufferInBuffer(variableListName,
+            StringUtils_createStringFromBufferInBuffer(variableListName,
-		            request->variableListName.choice.domainspecific.itemId.buf,
+                    request->variableListName.choice.domainspecific.itemId.buf,
                    request->variableListName.choice.domainspecific.itemId.size);
            if (MmsDomain_getNamedVariableList(domain, variableListName) != NULL) {
--- a/src/mms/iso_mms/server/mms_read_service.c
+++ b/src/mms/iso_mms/server/mms_read_service.c
@ -911,43 +911,50 @@ mmsServer_handleReadRequest(
 		ByteBuffer* response)
 {
    (void)bufPos;
    (void)maxBufPos;
-	ReadRequest_t* request = 0; /* allow asn1c to allocate structure */
+    ReadRequest_t* request = NULL; /* allow asn1c to allocate structure */
    MmsPdu_t* mmsPdu = NULL;
-	MmsPdu_t* mmsPdu = 0;
+    asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, maxBufPos);
-	asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, CONFIG_MMS_MAXIMUM_PDU_SIZE);
+    if (rval.code != RC_OK) {
        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
        goto exit_function;
    }
-	if (rval.code != RC_OK) {
+    if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && 
-	    mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+        (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present 
            == ConfirmedServiceRequest_PR_read))
    {
        request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.read);
    }
    else {
        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
 	    goto exit_function;
-	}
+    }
 	request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.read);
-	if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) {
+    if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) {
-		MmsServer_lockModel(connection->server);
+        MmsServer_lockModel(connection->server);
-		handleReadListOfVariablesRequest(connection, request, invokeId, response);
+        handleReadListOfVariablesRequest(connection, request, invokeId, response);
-		MmsServer_unlockModel(connection->server);
+        MmsServer_unlockModel(connection->server);
-	}
+    }
 #if (MMS_DATA_SET_SERVICE == 1)
-	else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) {
+    else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) {
-		MmsServer_lockModel(connection->server);
+        MmsServer_lockModel(connection->server);
-		handleReadNamedVariableListRequest(connection, request, invokeId, response);
+        handleReadNamedVariableListRequest(connection, request, invokeId, response);
-		MmsServer_unlockModel(connection->server);
+        MmsServer_unlockModel(connection->server);
-	}
+    }
 #endif
-	else {
+    else {
-		mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED);
+        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED);   
-	}
+    }
 exit_function:	
-	asn_DEF_MmsPdu.free_struct(&asn_DEF_MmsPdu, mmsPdu, 0);
+    asn_DEF_MmsPdu.free_struct(&asn_DEF_MmsPdu, mmsPdu, 0);
 }
 void
--- a/src/mms/iso_mms/server/mms_write_service.c
+++ b/src/mms/iso_mms/server/mms_write_service.c
@ -488,22 +488,31 @@ mmsServer_handleWriteRequest(
 		ByteBuffer* response)
 {
    (void)bufPos;
    (void)maxBufPos;
-	MmsPdu_t* mmsPdu = 0;
+	MmsPdu_t* mmsPdu = NULL;
    WriteRequest_t* writeRequest = NULL;
 	asn_dec_rval_t rval; /* Decoder return value  */
-	rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, CONFIG_MMS_MAXIMUM_PDU_SIZE);
+	rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, maxBufPos);
 	if (rval.code != RC_OK) {
 	    mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
 	    goto exit_function;
 	}
-        MmsServer_lockModel(connection->server);
+    if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && 
        (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present 
            == ConfirmedServiceRequest_PR_write))
    {
         writeRequest = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.write);
    }
    else {
        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
 	    goto exit_function;
    }
-	WriteRequest_t* writeRequest = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.write);
+    MmsServer_lockModel(connection->server);
 	if (writeRequest->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) {
 	    handleWriteNamedVariableListRequest(connection, writeRequest, invokeId, response);