From 9424917185ca7534ebf02bc11e605939f3085a8d Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Tue, 12 Jul 2022 10:56:22 +0200
Subject: [PATCH] - MMS server: fixed bug in handling of continueAfter
 parameter of getNameList request (LIB61850-341)

---
 .../iso_mms/server/mms_get_namelist_service.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/mms/iso_mms/server/mms_get_namelist_service.c b/src/mms/iso_mms/server/mms_get_namelist_service.c
index a41fa9a2..77c13d5c 100644
--- a/src/mms/iso_mms/server/mms_get_namelist_service.c
+++ b/src/mms/iso_mms/server/mms_get_namelist_service.c
@@ -515,12 +515,21 @@ mmsServer_handleGetNameListRequest(
     char* continueAfterId = NULL;
 
     if (continueAfter != NULL) {
-        continueAfterId = continueAfterIdMemory;
-        memcpy(continueAfterId, continueAfter, continueAfterLength);
-        continueAfterId[continueAfterLength] = 0;
+        if (continueAfterLength < 130) {
+            continueAfterId = continueAfterIdMemory;
+            memcpy(continueAfterId, continueAfter, continueAfterLength);
+            continueAfterId[continueAfterLength] = 0;
 
-        if (DEBUG_MMS_SERVER)
-            printf("MMS_SERVER: getNameListRequest - continue after: (%s)\n", continueAfterId);
+            if (DEBUG_MMS_SERVER)
+                printf("MMS_SERVER: getNameListRequest - continue after: (%s)\n", continueAfterId);
+        }
+        else {
+            if (DEBUG_MMS_SERVER)
+                printf("MMS_SERVER: getNameListRequest - continuer after variable name too long\n");
+
+            mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+            return;
+        }
     }
 
     if (objectScope == OBJECT_SCOPE_DOMAIN) {