diff --git a/src/mms/iso_mms/client/mms_client_connection.c b/src/mms/iso_mms/client/mms_client_connection.c index d9b5a5cd..de7db996 100644 --- a/src/mms/iso_mms/client/mms_client_connection.c +++ b/src/mms/iso_mms/client/mms_client_connection.c @@ -66,7 +66,7 @@ static void handleUnconfirmedMmsPdu(MmsConnection self, ByteBuffer* message) { if (self->reportHandler != NULL) { - MmsPdu_t* mmsPdu = 0; /* allow asn1c to allocate structure */ + MmsPdu_t* mmsPdu = NULL; /* allow asn1c to allocate structure */ if (DEBUG_MMS_CLIENT) printf("MMS_CLIENT: report handler rcvd size:%i\n", ByteBuffer_getSize(message)); diff --git a/src/mms/iso_mms/client/mms_client_files.c b/src/mms/iso_mms/client/mms_client_files.c index 307ab534..eda9bb1f 100644 --- a/src/mms/iso_mms/client/mms_client_files.c +++ b/src/mms/iso_mms/client/mms_client_files.c @@ -1,7 +1,7 @@ /* * mms_client_files.c * - * Copyright 2013 - 2016 Michael Zillgith + * Copyright 2013 - 2022 Michael Zillgith * * This file is part of libIEC61850. * diff --git a/src/mms/iso_mms/client/mms_client_get_var_access.c b/src/mms/iso_mms/client/mms_client_get_var_access.c index 8c0951e5..8df3a640 100644 --- a/src/mms/iso_mms/client/mms_client_get_var_access.c +++ b/src/mms/iso_mms/client/mms_client_get_var_access.c @@ -1,7 +1,7 @@ /* * mms_client_get_var_access.c * - * Copyright 2013-2018 Michael Zillgith + * Copyright 2013-2022 Michael Zillgith * * This file is part of libIEC61850. * @@ -132,7 +132,7 @@ createTypeSpecification(TypeSpecification_t* asnTypeSpec) MmsVariableSpecification* mmsClient_parseGetVariableAccessAttributesResponse(ByteBuffer* message, uint32_t* invokeId) { - MmsPdu_t* mmsPdu = 0; /* allow asn1c to allocate structure */ + MmsPdu_t* mmsPdu = NULL; /* allow asn1c to allocate structure */ MmsVariableSpecification* typeSpec = NULL; asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, diff --git a/src/mms/iso_mms/client/mms_client_named_variable_list.c b/src/mms/iso_mms/client/mms_client_named_variable_list.c index 8b960a2f..8e8d0ee8 100644 --- a/src/mms/iso_mms/client/mms_client_named_variable_list.c +++ b/src/mms/iso_mms/client/mms_client_named_variable_list.c @@ -119,7 +119,7 @@ mmsClient_createDeleteAssociationSpecificNamedVariableListRequest( bool mmsClient_parseDeleteNamedVariableListResponse(ByteBuffer* message, uint32_t* invokeId, long* numberDeleted, long* numberMatched) { - MmsPdu_t* mmsPdu = 0; + MmsPdu_t* mmsPdu = NULL; bool retVal = false; @@ -299,7 +299,7 @@ parseNamedVariableAttributes(GetNamedVariableListAttributesResponse_t* response, LinkedList /* */ mmsClient_parseGetNamedVariableListAttributesResponse(ByteBuffer* message, bool* /*OUT*/deletable) { - MmsPdu_t* mmsPdu = 0; + MmsPdu_t* mmsPdu = NULL; LinkedList attributes = NULL; @@ -311,7 +311,7 @@ mmsClient_parseGetNamedVariableListAttributesResponse(ByteBuffer* message, bool* if (mmsPdu->choice.confirmedResponsePdu.confirmedServiceResponse.present == ConfirmedServiceResponse_PR_getNamedVariableListAttributes) - { + { attributes = parseNamedVariableAttributes( &(mmsPdu->choice.confirmedResponsePdu.confirmedServiceResponse.choice.getNamedVariableListAttributes), deletable); @@ -430,7 +430,7 @@ mmsClient_createDefineNamedVariableListRequest( bool mmsClient_parseDefineNamedVariableResponse(ByteBuffer* message, uint32_t* invokeId) { - MmsPdu_t* mmsPdu = 0; + MmsPdu_t* mmsPdu = NULL; bool retVal = false; asn_dec_rval_t rval; diff --git a/src/mms/iso_mms/client/mms_client_read.c b/src/mms/iso_mms/client/mms_client_read.c index caba0a8b..bf0bc018 100644 --- a/src/mms/iso_mms/client/mms_client_read.c +++ b/src/mms/iso_mms/client/mms_client_read.c @@ -365,7 +365,7 @@ mmsClient_parseListOfAccessResults(AccessResult_t** accessResultList, int listSi MmsValue* mmsClient_parseReadResponse(ByteBuffer* message, uint32_t* invokeId, bool createArray) { - MmsPdu_t* mmsPdu = 0; /* allow asn1c to allocate structure */ + MmsPdu_t* mmsPdu = NULL; /* allow asn1c to allocate structure */ MmsValue* valueList = NULL; diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c index dbe35ffb..3a27061c 100644 --- a/src/mms/iso_mms/server/mms_named_variable_list_service.c +++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c @@ -120,9 +120,8 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection, { (void)bufPos; - DeleteNamedVariableListRequest_t* request = 0; - - MmsPdu_t* mmsPdu = 0; + DeleteNamedVariableListRequest_t* request = NULL; + MmsPdu_t* mmsPdu = NULL; asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, maxBufPos); @@ -131,8 +130,17 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection, goto exit_function; } - request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.deleteNamedVariableList); - + if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && + (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present + == ConfirmedServiceRequest_PR_deleteNamedVariableList)) + { + request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.deleteNamedVariableList); + } + else { + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); + goto exit_function; + } + long scopeOfDelete = DeleteNamedVariableListRequest__scopeOfDelete_specific; if (request->scopeOfDelete) @@ -458,44 +466,53 @@ mmsServer_handleDefineNamedVariableListRequest( goto exit_free_struct; } - request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.defineNamedVariableList); + if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && + (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present + == ConfirmedServiceRequest_PR_defineNamedVariableList)) + { + request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.defineNamedVariableList); + } + else { + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); + goto exit_free_struct; + } - MmsDevice* device = MmsServer_getDevice(connection->server); + MmsDevice* device = MmsServer_getDevice(connection->server); - if (request->variableListName.present == ObjectName_PR_domainspecific) { + if (request->variableListName.present == ObjectName_PR_domainspecific) { - char domainName[65]; + char domainName[65]; - if (request->variableListName.choice.domainspecific.domainId.size > 64) { - mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); - goto exit_free_struct; - } + if (request->variableListName.choice.domainspecific.domainId.size > 64) { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); + goto exit_free_struct; + } - StringUtils_createStringFromBufferInBuffer(domainName, - request->variableListName.choice.domainspecific.domainId.buf, - request->variableListName.choice.domainspecific.domainId.size); + StringUtils_createStringFromBufferInBuffer(domainName, + request->variableListName.choice.domainspecific.domainId.buf, + request->variableListName.choice.domainspecific.domainId.size); - MmsDomain* domain = MmsDevice_getDomain(device, domainName); + MmsDomain* domain = MmsDevice_getDomain(device, domainName); - if (domain == NULL) { - mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); - goto exit_free_struct; - } + if (domain == NULL) { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); + goto exit_free_struct; + } #if (CONFIG_MMS_SERVER_CONFIG_SERVICES_AT_RUNTIME == 1) - if (LinkedList_size(domain->namedVariableLists) < connection->server->maxDomainSpecificDataSets) { + if (LinkedList_size(domain->namedVariableLists) < connection->server->maxDomainSpecificDataSets) { #else - if (LinkedList_size(domain->namedVariableLists) < CONFIG_MMS_MAX_NUMBER_OF_DOMAIN_SPECIFIC_DATA_SETS) { + if (LinkedList_size(domain->namedVariableLists) < CONFIG_MMS_MAX_NUMBER_OF_DOMAIN_SPECIFIC_DATA_SETS) { #endif - char variableListName[65]; + char variableListName[65]; - if (request->variableListName.choice.domainspecific.itemId.size > 64) { - mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); + if (request->variableListName.choice.domainspecific.itemId.size > 64) { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); goto exit_free_struct; - } + } - StringUtils_createStringFromBufferInBuffer(variableListName, - request->variableListName.choice.domainspecific.itemId.buf, + StringUtils_createStringFromBufferInBuffer(variableListName, + request->variableListName.choice.domainspecific.itemId.buf, request->variableListName.choice.domainspecific.itemId.size); if (MmsDomain_getNamedVariableList(domain, variableListName) != NULL) { diff --git a/src/mms/iso_mms/server/mms_read_service.c b/src/mms/iso_mms/server/mms_read_service.c index 5fc3827d..2638bc0b 100644 --- a/src/mms/iso_mms/server/mms_read_service.c +++ b/src/mms/iso_mms/server/mms_read_service.c @@ -840,43 +840,50 @@ mmsServer_handleReadRequest( ByteBuffer* response) { (void)bufPos; - (void)maxBufPos; - ReadRequest_t* request = 0; /* allow asn1c to allocate structure */ + ReadRequest_t* request = NULL; /* allow asn1c to allocate structure */ + MmsPdu_t* mmsPdu = NULL; - MmsPdu_t* mmsPdu = 0; + asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, maxBufPos); - asn_dec_rval_t rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, CONFIG_MMS_MAXIMUM_PDU_SIZE); + if (rval.code != RC_OK) { + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); + goto exit_function; + } - if (rval.code != RC_OK) { - mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); + if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && + (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present + == ConfirmedServiceRequest_PR_read)) + { + request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.read); + } + else { + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); goto exit_function; - } - - request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.read); + } - if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) { - MmsServer_lockModel(connection->server); + if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) { + MmsServer_lockModel(connection->server); - handleReadListOfVariablesRequest(connection, request, invokeId, response); + handleReadListOfVariablesRequest(connection, request, invokeId, response); - MmsServer_unlockModel(connection->server); - } + MmsServer_unlockModel(connection->server); + } #if (MMS_DATA_SET_SERVICE == 1) - else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) { - MmsServer_lockModel(connection->server); + else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) { + MmsServer_lockModel(connection->server); - handleReadNamedVariableListRequest(connection, request, invokeId, response); + handleReadNamedVariableListRequest(connection, request, invokeId, response); - MmsServer_unlockModel(connection->server); - } + MmsServer_unlockModel(connection->server); + } #endif - else { - mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED); - } + else { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED); + } exit_function: - asn_DEF_MmsPdu.free_struct(&asn_DEF_MmsPdu, mmsPdu, 0); + asn_DEF_MmsPdu.free_struct(&asn_DEF_MmsPdu, mmsPdu, 0); } void diff --git a/src/mms/iso_mms/server/mms_write_service.c b/src/mms/iso_mms/server/mms_write_service.c index 2acbb197..11306e4d 100644 --- a/src/mms/iso_mms/server/mms_write_service.c +++ b/src/mms/iso_mms/server/mms_write_service.c @@ -1,7 +1,7 @@ /* * mms_write_service.c * - * Copyright 2013-2017 Michael Zillgith + * Copyright 2013-2022 Michael Zillgith * * This file is part of libIEC61850. * @@ -487,22 +487,31 @@ mmsServer_handleWriteRequest( ByteBuffer* response) { (void)bufPos; - (void)maxBufPos; - MmsPdu_t* mmsPdu = 0; + MmsPdu_t* mmsPdu = NULL; + WriteRequest_t* writeRequest = NULL; asn_dec_rval_t rval; /* Decoder return value */ - rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, CONFIG_MMS_MAXIMUM_PDU_SIZE); + rval = ber_decode(NULL, &asn_DEF_MmsPdu, (void**) &mmsPdu, buffer, maxBufPos); if (rval.code != RC_OK) { mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); goto exit_function; } - MmsServer_lockModel(connection->server); + if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) && + (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present + == ConfirmedServiceRequest_PR_write)) + { + writeRequest = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.write); + } + else { + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); + goto exit_function; + } - WriteRequest_t* writeRequest = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.write); + MmsServer_lockModel(connection->server); if (writeRequest->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) { handleWriteNamedVariableListRequest(connection, writeRequest, invokeId, response);