From e45ef6a0dd5d94568c0e7c8ef652069ac6e49fe0 Mon Sep 17 00:00:00 2001 From: Grant McEwan Date: Fri, 25 Jun 2021 15:24:20 +1200 Subject: [PATCH] DCP identify return false if it hasn't handled a request The function pf_dcp_identify_req, would return 1 even if the request wasn't handled by it, this would lead to replies to invalid requests sent to the device. Fixing this so that it only returns 1 if the request being made passes the necessary checks. Fixed the invalid ident_req array in the gtests, filled with proper station name, and tests now check if the station name, dcp data length and dcp block length are correct for packets. --- src/common/pf_dcp.c | 14 +++++++++++++- src/device/pf_cmina.c | 2 +- test/test_dcp.cpp | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/common/pf_dcp.c b/src/common/pf_dcp.c index 1cd24465..4540751c 100644 --- a/src/common/pf_dcp.c +++ b/src/common/pf_dcp.c @@ -1526,8 +1526,15 @@ static int pf_dcp_identify_req ( src_pos += sizeof (*p_src_block_hdr); /* Point to the block value */ src_block_len = ntohs (p_src_block_hdr->block_length); + /* Check if we have a valid dcp data length */ + if (!(src_dcplen >= (src_pos + src_block_len))) + { + ret = -1; + } + else { + match = true; /* So far so good */ + } - match = true; /* So far so good */ while ((ret == 0) && (first || (filter && match)) && (src_dcplen >= (src_pos + src_block_len)) && (dst_pos < PF_FRAME_BUFFER_SIZE)) @@ -1948,6 +1955,11 @@ static int pf_dcp_identify_req ( __LINE__); } + if ((ret <= 0) && (match == false)) + { + return ret; /* Not handled, not matched or something went wrong */ + } + if (p_buf != NULL) { pnal_buf_free (p_buf); diff --git a/src/device/pf_cmina.c b/src/device/pf_cmina.c index 62092cd0..d764d3b0 100644 --- a/src/device/pf_cmina.c +++ b/src/device/pf_cmina.c @@ -1129,7 +1129,7 @@ int pf_cmina_dcp_get_req ( *pp_value = (uint8_t *)net->cmina_current_dcp_ase.product_name; break; case PF_DCP_SUB_DEV_PROP_NAME: - *p_value_length = sizeof (net->cmina_current_dcp_ase.station_name); + *p_value_length = strlen(net->cmina_current_dcp_ase.station_name); *pp_value = (uint8_t *)net->cmina_current_dcp_ase.station_name; break; case PF_DCP_SUB_DEV_PROP_ID: diff --git a/test/test_dcp.cpp b/test/test_dcp.cpp index 90138546..52d647f5 100644 --- a/test/test_dcp.cpp +++ b/test/test_dcp.cpp @@ -54,7 +54,7 @@ static uint8_t get_name_req[] = { static uint8_t ident_req[] = { 0x01, 0x0e, 0xcf, 0x00, 0x00, 0x00, 0xc8, 0x5b, 0x76, 0xe6, 0x89, 0xdf, - 0x88, 0x92, 0xfe, 0xfe, 0x05, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, + 0x88, 0x92, 0xfe, 0xfe, 0x05, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x10, 0x02, 0x02, 0x00, 0x0c, 0x72, 0x74, 0x2d, 0x6c, 0x61, 0x62, 0x73, 0x2d, 0x64, 0x65, 0x6d, 0x6f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};