diff --git a/src/mms/iso_mms/server/mms_get_var_access_service.c b/src/mms/iso_mms/server/mms_get_var_access_service.c index abdf6d02..08eeed95 100644 --- a/src/mms/iso_mms/server/mms_get_var_access_service.c +++ b/src/mms/iso_mms/server/mms_get_var_access_service.c @@ -296,9 +296,12 @@ mmsServer_handleGetVariableAccessAttributesRequest( rval = ber_decode(NULL, &asn_DEF_GetVariableAccessAttributesRequest, (void**) &request, buffer + bufPos, maxBufPos - bufPos); - if (rval.code == RC_OK) { - if (request->present == GetVariableAccessAttributesRequest_PR_name) { - if (request->choice.name.present == ObjectName_PR_domainspecific) { + if (rval.code == RC_OK) + { + if (request->present == GetVariableAccessAttributesRequest_PR_name) + { + if (request->choice.name.present == ObjectName_PR_domainspecific) + { Identifier_t domainId = request->choice.name.choice.domainspecific.domainId; Identifier_t nameId = request->choice.name.choice.domainspecific.itemId; @@ -343,6 +346,13 @@ mmsServer_handleGetVariableAccessAttributesRequest( asn_DEF_GetVariableAccessAttributesRequest.free_struct(&asn_DEF_GetVariableAccessAttributesRequest, request, 0); + if (ByteBuffer_getSize(response) > connection->maxPduSize) + { + ByteBuffer_setSize(response, 0); + + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER); + } + return retVal; } diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c index 3365f771..0a8fd17c 100644 --- a/src/mms/iso_mms/server/mms_named_variable_list_service.c +++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c @@ -681,7 +681,8 @@ createGetNamedVariableListAttributesResponse(int invokeId, ByteBuffer* response, LinkedList variable = LinkedList_getNext(variables); int i; - for (i = 0; i < variableCount; i++) { + for (i = 0; i < variableCount; i++) + { MmsNamedVariableListEntry variableEntry = (MmsNamedVariableListEntry) variable->data; varListResponse->listOfVariable.list.array[i] = (struct GetNamedVariableListAttributesResponse__listOfVariable__Member*) @@ -746,8 +747,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest( goto exit_function; } - if (request->present == ObjectName_PR_domainspecific) { - + if (request->present == ObjectName_PR_domainspecific) + { char domainName[65]; char itemName[65]; @@ -767,14 +768,15 @@ mmsServer_handleGetNamedVariableListAttributesRequest( MmsDomain* domain = MmsDevice_getDomain(mmsDevice, domainName); - if (domain != NULL) { + if (domain != NULL) + { MmsNamedVariableList variableList = MmsDomain_getNamedVariableList(domain, itemName); - if (variableList != NULL) { - - if (createGetNamedVariableListAttributesResponse(invokeId, response, variableList) == false) { - + if (variableList != NULL) + { + if (createGetNamedVariableListAttributesResponse(invokeId, response, variableList) == false) + { /* encoding failed - probably because buffer size is too small for message */ ByteBuffer_setSize(response, 0); @@ -789,8 +791,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest( } #if (MMS_DYNAMIC_DATA_SETS == 1) - else if (request->present == ObjectName_PR_aaspecific) { - + else if (request->present == ObjectName_PR_aaspecific) + { char listName[65]; if (request->choice.aaspecific.size > 64) { @@ -809,7 +811,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest( mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT); } #endif /* (MMS_DYNAMIC_DATA_SETS == 1) */ - else if (request->present == ObjectName_PR_vmdspecific) { + else if (request->present == ObjectName_PR_vmdspecific) + { char listName[65]; if (request->choice.vmdspecific.size > 64) { @@ -833,6 +836,13 @@ mmsServer_handleGetNamedVariableListAttributesRequest( mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED); } + if (ByteBuffer_getSize(response) > connection->maxPduSize) + { + ByteBuffer_setSize(response, 0); + + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER); + } + exit_function: asn_DEF_GetVariableAccessAttributesRequest.free_struct(&asn_DEF_GetNamedVariableListAttributesRequest, diff --git a/src/mms/iso_mms/server/mms_read_service.c b/src/mms/iso_mms/server/mms_read_service.c index c1bae0bf..6dd9a811 100644 --- a/src/mms/iso_mms/server/mms_read_service.c +++ b/src/mms/iso_mms/server/mms_read_service.c @@ -528,7 +528,7 @@ encodeReadResponse(MmsServerConnection connection, printf("MMS read: message to large! send error PDU!\n"); mmsMsg_createServiceErrorPdu(invokeId, response, - MMS_ERROR_SERVICE_OTHER); + MMS_ERROR_RESOURCE_OTHER); goto exit_function; } @@ -933,7 +933,8 @@ mmsServer_handleReadRequest( goto exit_function; } - if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) { + if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) + { MmsServer_lockModel(connection->server); handleReadListOfVariablesRequest(connection, request, invokeId, response); @@ -941,7 +942,8 @@ mmsServer_handleReadRequest( MmsServer_unlockModel(connection->server); } #if (MMS_DATA_SET_SERVICE == 1) - else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) { + else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) + { MmsServer_lockModel(connection->server); handleReadNamedVariableListRequest(connection, request, invokeId, response); @@ -953,6 +955,13 @@ mmsServer_handleReadRequest( mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED); } + if (ByteBuffer_getSize(response) > connection->maxPduSize) + { + ByteBuffer_setSize(response, 0); + + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER); + } + exit_function: asn_DEF_MmsPdu.free_struct(&asn_DEF_MmsPdu, mmsPdu, 0); }