Fixes to potential buffer overflows on received data

2024-02-08 11:31:48 +01:00 · 2024-02-08 11:31:48 +01:00 · 0234a563c1
commit 0234a563c1
parent dde2653cb8
2 changed files with 3 additions and 2 deletions
--- a/nanomodbus.c
+++ b/nanomodbus.c
@ -648,7 +648,7 @@ nmbs_error recv_read_file_record_res(nmbs_t* nmbs, uint16_t* registers, uint16_t
        return err;

    uint8_t response_size = get_1(nmbs);
-    if (response_size > 245) {
+    if (response_size > 250) {
        return NMBS_ERROR_INVALID_RESPONSE;
    }

@ -1798,6 +1798,7 @@ nmbs_error nmbs_read_file_record(nmbs_t* nmbs, uint16_t file_number, uint16_t re
    if (record_number > 0x270F)
        return NMBS_ERROR_INVALID_ARGUMENT;

+    // In expected response: max PDU length = 253, assuming a single file request, (253 - 1 - 1 - 1 - 1) / 2 = 124
    if (count > 124)
        return NMBS_ERROR_INVALID_ARGUMENT;

--- a/tests/nanomodbus_tests.c
+++ b/tests/nanomodbus_tests.c
@ -934,7 +934,7 @@ void test_fc20(nmbs_transport transport) {
    expect(registers[2] == 0xAA55);
    expect(registers[3] == 0xFFFF);

-    check(nmbs_read_file_record(&CLIENT, 255, 9999, registers, 120));
+    check(nmbs_read_file_record(&CLIENT, 255, 9999, registers, 124));
    expect(registers[123] == 42);

    stop_client_and_server();