sv/goose: do not loop endless if invalid ASN.1 encoded payload has been received

src/goose/goose_receiver.c

@@ -129,6 +129,10 @@ parseAllData(uint8_t* buffer, int allDataLength, MmsValue* dataSetValues)
         MmsValue* value = MmsValue_getElement(dataSetValues, elementIndex);
 
         bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, allDataLength);
+        if (bufPos < 0) {
+            if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return 0;
+        }
 
         if (bufPos + elementLength > allDataLength) {
             if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: sub element is too large!\n");
@@ -277,6 +281,10 @@ parseAllDataUnknownValue(GooseSubscriber self, uint8_t* buffer, int allDataLengt
         uint8_t tag = buffer[bufPos++];
 
         bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, allDataLength);
+        if (bufPos < 0) {
+            if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return 0;
+        }
 
         if (bufPos + elementLength > allDataLength) {
             if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: sub element is too large!\n");
@@ -331,6 +339,10 @@ parseAllDataUnknownValue(GooseSubscriber self, uint8_t* buffer, int allDataLengt
         uint8_t tag = buffer[bufPos++];
 
         bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, allDataLength);
+        if (bufPos < 0) {
+            if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return 0;
+        }
 
         if (bufPos + elementLength > allDataLength) {
             if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: sub element is too large!\n");
@@ -461,6 +473,10 @@ parseGoosePayload(GooseReceiver self, uint8_t* buffer, int apduLength)
     if (buffer[bufPos++] == 0x61) {
         int gooseLength;
         bufPos = BerDecoder_decodeLength(buffer, &gooseLength, bufPos, apduLength);
+        if (bufPos < 0) {
+            if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return 0;
+        }
 
         int gooseEnd = bufPos + gooseLength;
 
@@ -469,6 +485,10 @@ parseGoosePayload(GooseReceiver self, uint8_t* buffer, int apduLength)
 
             uint8_t tag = buffer[bufPos++];
             bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, apduLength);
+            if (bufPos < 0) {
+                if (DEBUG_GOOSE_SUBSCRIBER) printf("GOOSE_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+                return 0;
+            }
 
             if (bufPos + elementLength > apduLength) {
                 if (DEBUG_GOOSE_SUBSCRIBER)

src/sampled_values/sv_subscriber.c

@@ -235,19 +235,21 @@ static void
 parseASDU(SVReceiver self, SVSubscriber subscriber, uint8_t* buffer, int length)
 {
     int bufPos = 0;
+    int svIdLength = 0;
 
     struct sSVSubscriber_ASDU asdu;
     memset(&asdu, 0, sizeof(struct sSVSubscriber_ASDU));
 
-    int svIdLength = 0;
-
-
     while (bufPos < length) {
         int elementLength;
 
         uint8_t tag = buffer[bufPos++];
 
         bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, length);
+        if (bufPos < 0) {
+            if (DEBUG_SV_SUBSCRIBER) printf("SV_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return;
+        }
 
         switch (tag) {
 
@@ -303,6 +305,10 @@ parseSequenceOfASDU(SVReceiver self, SVSubscriber subscriber, uint8_t* buffer, i
         uint8_t tag = buffer[bufPos++];
 
         bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, length);
+        if (bufPos < 0) {
+            if (DEBUG_SV_SUBSCRIBER) printf("SV_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return;
+        }
 
         switch (tag) {
         case 0x30:
@@ -326,6 +332,10 @@ parseSVPayload(SVReceiver self, SVSubscriber subscriber, uint8_t* buffer, int ap
         int elementLength;
 
         bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, apduLength);
+        if (bufPos < 0) {
+            if (DEBUG_SV_SUBSCRIBER) printf("SV_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+            return;
+        }
 
         int svEnd = bufPos + elementLength;
 
@@ -333,6 +343,10 @@ parseSVPayload(SVReceiver self, SVSubscriber subscriber, uint8_t* buffer, int ap
             uint8_t tag = buffer[bufPos++];
 
             bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, svEnd);
+            if (bufPos < 0) {
+                if (DEBUG_SV_SUBSCRIBER) printf("SV_SUBSCRIBER: Malformed message: failed to decode BER length tag!\n");
+                return;
+            }
 
             if (bufPos + elementLength > apduLength) {
                 if (DEBUG_SV_SUBSCRIBER)