Project

General

Profile

Download (8.02 KB)

Bug #2425 » p2425.diff

Proposed patch - Philippe Antoine, 01/25/2018 05:04 AM

View differences:

scripts/dnp3-gen/dnp3-gen.py
object->{{field.len_field}} = prefix - (offset - *len);
{% endif %}
if (object->{{field.len_field}} > 0) {
if (*len < object->{{field.len_field}}) {
/* Not enough data. */
goto error;
}
memcpy(object->{{field.name}}, *buf, object->{{field.len_field}});
*buf += object->{{field.len_field}};
*len -= object->{{field.len_field}};
......
if (!DNP3ReadUint8(buf, len, &octet)) {
goto error;
}
{% set shift = 0 %}
{% set ns = namespace(shift=0) %}
{% for field in field.fields %}
{% if field.width == 1 %}
object->{{field.name}} = (octet >> {{shift}}) & 0x1;
object->{{field.name}} = (octet >> {{ns.shift}}) & 0x1;
{% elif field.width == 2 %}
object->{{field.name}} = (octet >> {{shift}}) & 0x3;
object->{{field.name}} = (octet >> {{ns.shift}}) & 0x3;
{% elif field.width == 4 %}
object->{{field.name}} = (octet >> {{shift}}) & 0xf;
object->{{field.name}} = (octet >> {{ns.shift}}) & 0xf;
{% elif field.width == 7 %}
object->{{field.name}} = (octet >> {{shift}}) & 0x7f;
object->{{field.name}} = (octet >> {{ns.shift}}) & 0x7f;
{% else %}
{{ raise("Unhandled width of %d." % (field.width)) }}
{% endif %}
{% set shift = shift + field.width %}
{% set ns.shift = ns.shift + field.width %}
{% endfor %}
}
{% else %}
src/app-layer-dnp3-objects.c
goto error;
}
if (object->filename_size > 0) {
if (*len < object->filename_size) {
/* Not enough data. */
goto error;
}
memcpy(object->filename, *buf, object->filename_size);
*buf += object->filename_size;
*len -= object->filename_size;
......
goto error;
}
if (object->data_size > 0) {
if (*len < object->data_size) {
/* Not enough data. */
goto error;
}
memcpy(object->data, *buf, object->data_size);
*buf += object->data_size;
*len -= object->data_size;
......
goto error;
}
if (object->username_size > 0) {
if (*len < object->username_size) {
/* Not enough data. */
goto error;
}
memcpy(object->username, *buf, object->username_size);
*buf += object->username_size;
*len -= object->username_size;
}
object->username[object->username_size] = '\0';
if (object->password_size > 0) {
if (*len < object->password_size) {
/* Not enough data. */
goto error;
}
memcpy(object->password, *buf, object->password_size);
*buf += object->password_size;
*len -= object->password_size;
......
goto error;
}
if (object->filename_size > 0) {
if (*len < object->filename_size) {
/* Not enough data. */
goto error;
}
memcpy(object->filename, *buf, object->filename_size);
*buf += object->filename_size;
*len -= object->filename_size;
......
}
object->optional_text_len = prefix - (offset - *len);
if (object->optional_text_len > 0) {
if (*len < object->optional_text_len) {
/* Not enough data. */
goto error;
}
memcpy(object->optional_text, *buf, object->optional_text_len);
*buf += object->optional_text_len;
*len -= object->optional_text_len;
......
}
object->file_data_len = prefix - (offset - *len);
if (object->file_data_len > 0) {
if (*len < object->file_data_len) {
/* Not enough data. */
goto error;
}
memcpy(object->file_data, *buf, object->file_data_len);
*buf += object->file_data_len;
*len -= object->file_data_len;
......
}
object->optional_text_len = prefix - (offset - *len);
if (object->optional_text_len > 0) {
if (*len < object->optional_text_len) {
/* Not enough data. */
goto error;
}
memcpy(object->optional_text, *buf, object->optional_text_len);
*buf += object->optional_text_len;
*len -= object->optional_text_len;
......
goto error;
}
if (object->filename_size > 0) {
if (*len < object->filename_size) {
/* Not enough data. */
goto error;
}
memcpy(object->filename, *buf, object->filename_size);
*buf += object->filename_size;
*len -= object->filename_size;
......
object->file_specification_len = prefix - (offset - *len);
if (object->file_specification_len > 0) {
if (*len < object->file_specification_len) {
/* Not enough data. */
goto error;
}
memcpy(object->file_specification, *buf, object->file_specification_len);
*buf += object->file_specification_len;
*len -= object->file_specification_len;
......
}
object->error_text_len = prefix - (offset - *len);
if (object->error_text_len > 0) {
if (*len < object->error_text_len) {
/* Not enough data. */
goto error;
}
memcpy(object->error_text, *buf, object->error_text_len);
*buf += object->error_text_len;
*len -= object->error_text_len;
......
goto error;
}
if (object->username_len > 0) {
if (*len < object->username_len) {
/* Not enough data. */
goto error;
}
memcpy(object->username, *buf, object->username_len);
*buf += object->username_len;
*len -= object->username_len;
......
goto error;
}
if (object->username_len > 0) {
if (*len < object->username_len) {
/* Not enough data. */
goto error;
}
memcpy(object->username, *buf, object->username_len);
*buf += object->username_len;
*len -= object->username_len;
(2-2/5)