- MMS server: fixed - server is sending data set response larger than…

… negotiated MMS PDU size (LIB61850-435)
mz-automation · Mar 19, 2024 · a66e07d · a66e07d
1 parent 681d1b0
commit a66e07d
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 17 deletions.
diff --git a/src/mms/iso_mms/server/mms_get_var_access_service.c b/src/mms/iso_mms/server/mms_get_var_access_service.c
@@ -296,9 +296,12 @@ mmsServer_handleGetVariableAccessAttributesRequest(
 	rval = ber_decode(NULL, &asn_DEF_GetVariableAccessAttributesRequest,
 				(void**) &request, buffer + bufPos, maxBufPos - bufPos);
 
-	if (rval.code == RC_OK) {
-		if (request->present == GetVariableAccessAttributesRequest_PR_name) {
-			if (request->choice.name.present == ObjectName_PR_domainspecific) {
+	if (rval.code == RC_OK)
+	{
+		if (request->present == GetVariableAccessAttributesRequest_PR_name)
+		{
+			if (request->choice.name.present == ObjectName_PR_domainspecific)
+			{
 				Identifier_t domainId = request->choice.name.choice.domainspecific.domainId;
 				Identifier_t nameId = request->choice.name.choice.domainspecific.itemId;
 
@@ -343,6 +346,13 @@ mmsServer_handleGetVariableAccessAttributesRequest(
 
 	asn_DEF_GetVariableAccessAttributesRequest.free_struct(&asn_DEF_GetVariableAccessAttributesRequest, request, 0);
 
+	if (ByteBuffer_getSize(response) > connection->maxPduSize)
+	{
+		ByteBuffer_setSize(response, 0);
+
+		mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER);
+	}
+
 	return retVal;
 }
 

diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
@@ -681,7 +681,8 @@ createGetNamedVariableListAttributesResponse(int invokeId, ByteBuffer* response,
 	LinkedList variable = LinkedList_getNext(variables);
 
 	int i;
-	for (i = 0; i < variableCount; i++) {
+	for (i = 0; i < variableCount; i++)
+	{
 		MmsNamedVariableListEntry variableEntry = (MmsNamedVariableListEntry) variable->data;
 
 		varListResponse->listOfVariable.list.array[i] =  (struct GetNamedVariableListAttributesResponse__listOfVariable__Member*) 
@@ -746,8 +747,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 	    goto exit_function;
 	}
 
-	if (request->present == ObjectName_PR_domainspecific) {
-
+	if (request->present == ObjectName_PR_domainspecific)
+	{
 	    char domainName[65];
 	    char itemName[65];
 
@@ -767,14 +768,15 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 
 		MmsDomain* domain = MmsDevice_getDomain(mmsDevice, domainName);
 
-		if (domain != NULL) {
+		if (domain != NULL)
+		{
 			MmsNamedVariableList variableList =
 					MmsDomain_getNamedVariableList(domain, itemName);
 
-			if (variableList != NULL) {
-
-				if (createGetNamedVariableListAttributesResponse(invokeId, response, variableList) == false) {
-
+			if (variableList != NULL)
+			{
+				if (createGetNamedVariableListAttributesResponse(invokeId, response, variableList) == false)
+				{
 				    /* encoding failed - probably because buffer size is too small for message */
 				    ByteBuffer_setSize(response, 0);
 
@@ -789,8 +791,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 
 	}
 #if (MMS_DYNAMIC_DATA_SETS == 1)
-	else if (request->present == ObjectName_PR_aaspecific) {
-
+	else if (request->present == ObjectName_PR_aaspecific)
+	{
 	    char listName[65];
 
         if (request->choice.aaspecific.size > 64) {
@@ -809,7 +811,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 	        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
 	}
 #endif /* (MMS_DYNAMIC_DATA_SETS == 1) */
-	else if (request->present == ObjectName_PR_vmdspecific) {
+	else if (request->present == ObjectName_PR_vmdspecific)
+	{
 	    char listName[65];
 
 	    if (request->choice.vmdspecific.size > 64) {
@@ -833,6 +836,13 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 		mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED);
 	}
 
+	if (ByteBuffer_getSize(response) > connection->maxPduSize)
+	{
+		ByteBuffer_setSize(response, 0);
+
+		mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER);
+	}
+
 exit_function:
 
 	asn_DEF_GetVariableAccessAttributesRequest.free_struct(&asn_DEF_GetNamedVariableListAttributesRequest,

diff --git a/src/mms/iso_mms/server/mms_read_service.c b/src/mms/iso_mms/server/mms_read_service.c
@@ -528,7 +528,7 @@ encodeReadResponse(MmsServerConnection connection,
             printf("MMS read: message to large! send error PDU!\n");
 
         mmsMsg_createServiceErrorPdu(invokeId, response,
-                MMS_ERROR_SERVICE_OTHER);
+                MMS_ERROR_RESOURCE_OTHER);
 
         goto exit_function;
     }
@@ -933,15 +933,17 @@ mmsServer_handleReadRequest(
 	    goto exit_function;
     }
 
-    if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable) {
+    if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_listOfVariable)
+    {
         MmsServer_lockModel(connection->server);
 
         handleReadListOfVariablesRequest(connection, request, invokeId, response);
 
         MmsServer_unlockModel(connection->server);
     }
 #if (MMS_DATA_SET_SERVICE == 1)
-    else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName) {
+    else if (request->variableAccessSpecification.present == VariableAccessSpecification_PR_variableListName)
+    {
         MmsServer_lockModel(connection->server);
 
         handleReadNamedVariableListRequest(connection, request, invokeId, response);
@@ -953,6 +955,13 @@ mmsServer_handleReadRequest(
         mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED);   
     }
 
+    if (ByteBuffer_getSize(response) > connection->maxPduSize)
+    {
+        ByteBuffer_setSize(response, 0);
+
+        mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER);
+    }
+
 exit_function:	
     asn_DEF_MmsPdu.free_struct(&asn_DEF_MmsPdu, mmsPdu, 0);
 }