Avoid exception in Mstp thread with too small received packets (svn@1…

…99,200)
ela-compil · Sep 1, 2016 · 684b681 · 684b681
1 parent 7582aa1
commit 684b681
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 11 deletions.
diff --git a/Serialize/MSTP.cs b/Serialize/MSTP.cs
@@ -67,18 +67,41 @@ public static int Encode(byte[] buffer, int offset, BacnetMstpFrameTypes frameTy
 
         public static int Decode(byte[] buffer, int offset, int maxLength, out BacnetMstpFrameTypes frameType, out byte destinationAddress, out byte sourceAddress, out int msgLength)
         {
+            if (maxLength < MSTP_HEADER_LENGTH)  //not enough data
+            {
+                frameType = BacnetMstpFrameTypes.FRAME_TYPE_BACNET_DATA_EXPECTING_REPLY; // don't care
+                destinationAddress = sourceAddress = 0;   // don't care
+                msgLength = 0;
+                return -1;
+            }
+
             frameType = (BacnetMstpFrameTypes)buffer[offset + 2];
             destinationAddress = buffer[offset + 3];
             sourceAddress = buffer[offset + 4];
             msgLength = (buffer[offset + 5] << 8) | (buffer[offset + 6] << 0);
             var crcHeader = buffer[offset + 7];
             ushort crcData = 0;
-            if (maxLength < MSTP_HEADER_LENGTH) return -1;     //not enough data
-            if (msgLength > 0) crcData = (ushort)((buffer[offset + 8 + msgLength + 1] << 8) | (buffer[offset + 8 + msgLength + 0] << 0));
-            if (buffer[offset + 0] != MSTP_PREAMBLE1) return -1;
-            if (buffer[offset + 1] != MSTP_PREAMBLE2) return -1;
-            if (CRC_Calc_Header(buffer, offset + 2, 5) != crcHeader) return -1;
-            if (msgLength > 0 && maxLength >= (MSTP_HEADER_LENGTH + msgLength + 2) && CRC_Calc_Data(buffer, offset + 8, msgLength) != crcData) return -1;
+
+            if (msgLength > 0)
+            {
+                if (offset + 8 + msgLength + 1 >= buffer.Length)
+                    return -1;
+
+                crcData = (ushort)((buffer[offset + 8 + msgLength + 1] << 8) | (buffer[offset + 8 + msgLength + 0] << 0));
+            }
+
+            if (buffer[offset + 0] != MSTP_PREAMBLE1)
+                return -1;
+
+            if (buffer[offset + 1] != MSTP_PREAMBLE2)
+                return -1;
+
+            if (CRC_Calc_Header(buffer, offset + 2, 5) != crcHeader)
+                return -1;
+
+            if (msgLength > 0 && maxLength >= (MSTP_HEADER_LENGTH + msgLength + 2) && CRC_Calc_Data(buffer, offset + 8, msgLength) != crcData)
+                return -1;
+
             return 8 + (msgLength) + (msgLength > 0 ? 2 : 0);
         }
     }

diff --git a/Serialize/PTP.cs b/Serialize/PTP.cs
@@ -29,22 +29,38 @@ public static int Encode(byte[] buffer, int offset, BacnetPtpFrameTypes frameTyp
 
         public static int Decode(byte[] buffer, int offset, int maxLength, out BacnetPtpFrameTypes frameType, out int msgLength)
         {
+            if (maxLength < PTP_HEADER_LENGTH) // not enough data
+            {
+                frameType = BacnetPtpFrameTypes.FRAME_TYPE_CONNECT_REQUEST; // don't care
+                msgLength = 0;
+                return -1;     //not enough data
+            }
+
             frameType = (BacnetPtpFrameTypes)buffer[offset + 2];
             msgLength = (buffer[offset + 3] << 8) | (buffer[offset + 4] << 0);
             var crcHeader = buffer[offset + 5];
             ushort crcData = 0;
-            if (maxLength < PTP_HEADER_LENGTH)
-                return -1;     //not enough data
+
             if (msgLength > 0)
+            {
+                if (offset + 6 + msgLength + 1 >= buffer.Length)
+                    return -1;
+
                 crcData = (ushort)((buffer[offset + 6 + msgLength + 1] << 8) | (buffer[offset + 6 + msgLength + 0] << 0));
+            }
+
             if (buffer[offset + 0] != PTP_PREAMBLE1)
                 return -1;
+
             if (buffer[offset + 1] != PTP_PREAMBLE2)
                 return -1;
+
             if (MSTP.CRC_Calc_Header(buffer, offset + 2, 3) != crcHeader)
                 return -1;
+
             if (msgLength > 0 && maxLength >= PTP_HEADER_LENGTH + msgLength + 2 && MSTP.CRC_Calc_Data(buffer, offset + 6, msgLength) != crcData)
                 return -1;
+
             return 8 + msgLength + (msgLength > 0 ? 2 : 0);
         }
 

diff --git a/Transport/BacnetMstpProtocolTransport.cs b/Transport/BacnetMstpProtocolTransport.cs
@@ -686,9 +686,12 @@ private void RemoveGarbage()
             //one preamble?
             if (_localOffset > 0 && _localBuffer[_localOffset - 1] == MSTP.MSTP_PREAMBLE1)
             {
-                _localBuffer[0] = MSTP.MSTP_PREAMBLE1;
-                _localOffset = 1;
-                Trace.WriteLine("Garbage", null);
+                if (_localOffset != 1)
+                {
+                    _localBuffer[0] = MSTP.MSTP_PREAMBLE1;
+                    _localOffset = 1;
+                    Trace.WriteLine("Garbage", null);
+                }
                 return;
             }