patrick/OpenDTU-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added several guards and error messages

Browse Source 
Try to prevent heap corruptions
This commit is contained in:
Thomas Basler 2022-07-14 18:54:53 +02:00
parent 608456b14d
commit 05c478d1f2
4 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/Hoymiles/src/HoymilesRadio.cpp
View File

@ -225,6 +225,11 @@ void HoymilesRadio::sendEsbPacket(serial_u target, uint8_t mainCmd, uint8_t subC
{ {
static uint8_t txBuffer[MAX_RF_PAYLOAD_SIZE]; static uint8_t txBuffer[MAX_RF_PAYLOAD_SIZE];
if (10 + currentTransaction.len + 1 > MAX_RF_PAYLOAD_SIZE) {
Serial.printf("FATAL: (%s, %d) payload too large\n", __FILE__, __LINE__);
return;
}
if (!resend) { if (!resend) {
currentTransaction.sendCount = 0; currentTransaction.sendCount = 0;
currentTransaction.target = target; currentTransaction.target = target;

12
lib/Hoymiles/src/inverters/InverterAbstract.cpp
View File

@ -41,7 +41,7 @@ StatisticsParser* InverterAbstract::Statistics()
void InverterAbstract::clearRxFragmentBuffer() void InverterAbstract::clearRxFragmentBuffer()
{ {
memset(_rxFragmentBuffer, 0, MAX_RF_FRAGMENT_COUNT * MAX_RF_PAYLOAD_SIZE); memset(_rxFragmentBuffer, 0, MAX_RF_FRAGMENT_COUNT * sizeof(fragment_t));
_rxFragmentMaxPacketId = 0; _rxFragmentMaxPacketId = 0;
_rxFragmentLastPacketId = 0; _rxFragmentLastPacketId = 0;
_rxFragmentRetransmitCnt = 0; _rxFragmentRetransmitCnt = 0;
@ -55,6 +55,16 @@ void InverterAbstract::clearRxFragmentBuffer()
void InverterAbstract::addRxFragment(uint8_t fragment[], uint8_t len) void InverterAbstract::addRxFragment(uint8_t fragment[], uint8_t len)
{ {
if (len < 11 + 1) {
Serial.printf("FATAL: (%s, %d) fragment too short\n", __FILE__, __LINE__);
return;
}
if (len - 11 > MAX_RF_PAYLOAD_SIZE) {
Serial.printf("FATAL: (%s, %d) fragment too large\n", __FILE__, __LINE__);
return;
}
uint8_t fragmentCount = fragment[9]; uint8_t fragmentCount = fragment[9];
if ((fragmentCount & 0b01111111) < MAX_RF_FRAGMENT_COUNT) { if ((fragmentCount & 0b01111111) < MAX_RF_FRAGMENT_COUNT) {
// Packets with 0x81 will be seen as 1 // Packets with 0x81 will be seen as 1

4
lib/Hoymiles/src/parser/AlarmLogParser.cpp
View File

@ -9,6 +9,10 @@ void AlarmLogParser::clearBuffer()
void AlarmLogParser::appendFragment(uint8_t offset, uint8_t* payload, uint8_t len) void AlarmLogParser::appendFragment(uint8_t offset, uint8_t* payload, uint8_t len)
{ {
if (offset + len > (ALARM_LOG_ENTRY_COUNT * ALARM_LOG_ENTRY_SIZE)) {
Serial.printf("FATAL: (%s, %d) stats packet too large for buffer\n", __FILE__, __LINE__);
return;
}
memcpy(&_payloadAlarmLog[offset], payload, len); memcpy(&_payloadAlarmLog[offset], payload, len);
_alarmLogLength += len; _alarmLogLength += len;
} }

4
lib/Hoymiles/src/parser/StatisticsParser.cpp
View File

@ -14,6 +14,10 @@ void StatisticsParser::clearBuffer()
void StatisticsParser::appendFragment(uint8_t offset, uint8_t* payload, uint8_t len) void StatisticsParser::appendFragment(uint8_t offset, uint8_t* payload, uint8_t len)
{ {
if (offset + len > STATISTIC_PACKET_SIZE) {
Serial.printf("FATAL: (%s, %d) stats packet too large for buffer\n", __FILE__, __LINE__);
return;
}
memcpy(&_payloadStatistic[offset], payload, len); memcpy(&_payloadStatistic[offset], payload, len);
_statisticLength += len; _statisticLength += len;
} }