jeans/Tasmota
jeans/Tasmota
1
0
Fork 0
mirror of https://github.com/arendst/Tasmota.git synced 2025-07-21 09:46:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

sml possible modbus buffer overflow

Browse Source
This commit is contained in:
gemu2015 2020-08-09 09:36:24 +02:00
parent 1845821f2f
commit b1cd64bebb
1 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
tasmota/xsns_53_sml.ino
View File

@ -1205,12 +1205,18 @@ void sml_shift_in(uint32_t meters,uint32_t shard) {
} else if (meter_desc_p[meters].type=='m' || meter_desc_p[meters].type=='M') { } else if (meter_desc_p[meters].type=='m' || meter_desc_p[meters].type=='M') {
smltbuf[meters][meter_spos[meters]] = iob; smltbuf[meters][meter_spos[meters]] = iob;
meter_spos[meters]++; meter_spos[meters]++;
if (meter_spos[meters]>=SML_BSIZ) {
meter_spos[meters]=0;
}
if (meter_spos[meters]>=8) {
uint32_t mlen=smltbuf[meters][2]+5; uint32_t mlen=smltbuf[meters][2]+5;
if (mlen>SML_BSIZ) mlen=SML_BSIZ;
if (meter_spos[meters]>=mlen) { if (meter_spos[meters]>=mlen) {
SML_Decode(meters); SML_Decode(meters);
sml_empty_receiver(meters); sml_empty_receiver(meters);
meter_spos[meters]=0; meter_spos[meters]=0;
} }
}
} else if (meter_desc_p[meters].type=='p') { } else if (meter_desc_p[meters].type=='p') {
smltbuf[meters][meter_spos[meters]] = iob; smltbuf[meters][meter_spos[meters]] = iob;
meter_spos[meters]++; meter_spos[meters]++;
@ -1560,6 +1566,7 @@ void SML_Decode(uint8_t index) {
goto nextsect; goto nextsect;
} }
uint16_t pos = smltbuf[mindex][2]+3; uint16_t pos = smltbuf[mindex][2]+3;
if (pos>32) pos=32;
uint16_t crc = MBUS_calculateCRC(&smltbuf[mindex][0],pos); uint16_t crc = MBUS_calculateCRC(&smltbuf[mindex][0],pos);
if (lowByte(crc)!=smltbuf[mindex][pos]) goto nextsect; if (lowByte(crc)!=smltbuf[mindex][pos]) goto nextsect;
if (highByte(crc)!=smltbuf[mindex][pos+1]) goto nextsect; if (highByte(crc)!=smltbuf[mindex][pos+1]) goto nextsect;
@ -1651,17 +1658,24 @@ void SML_Show(boolean json) {
char jname[24]; char jname[24];
int8_t index=0,mid=0; int8_t index=0,mid=0;
char *mp=(char*)meter_p; char *mp=(char*)meter_p;
char *cp; char *cp,nojson=0;
//char b_mqtt_data[MESSZ]; //char b_mqtt_data[MESSZ];
//b_mqtt_data[0]=0; //b_mqtt_data[0]=0;
int8_t lastmind=((*mp)&7)-1; int8_t lastmind=((*mp)&7)-1;
if (lastmind<0 || lastmind>=meters_used) lastmind=0; if (lastmind<0 || lastmind>=meters_used) lastmind=0;
while (mp != NULL) { while (mp != NULL) {
if (*mp==0) break; if (*mp==0) break;
// setup sections // setup sections
mindex=((*mp)&7)-1; mindex=((*mp)&7)-1;
if (mindex<0 || mindex>=meters_used) mindex=0; if (mindex<0 || mindex>=meters_used) mindex=0;
if (meter_desc_p[mindex].prefix[0]=='*' && meter_desc_p[mindex].prefix[1]==0) {
nojson=1;
} else {
nojson=0;
}
mp+=2; mp+=2;
if (*mp=='=' && *(mp+1)=='h') { if (*mp=='=' && *(mp+1)=='h') {
mp+=2; mp+=2;
@ -1740,22 +1754,23 @@ void SML_Show(boolean json) {
// json export // json export
if (index==0) { if (index==0) {
//snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s,\"%s\":{\"%s\":%s", b_mqtt_data,meter_desc_p[mindex].prefix,jname,tpowstr); //snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s,\"%s\":{\"%s\":%s", b_mqtt_data,meter_desc_p[mindex].prefix,jname,tpowstr);
ResponseAppend_P(PSTR(",\"%s\":{\"%s\":%s"),meter_desc_p[mindex].prefix,jname,tpowstr); if (!nojson) ResponseAppend_P(PSTR(",\"%s\":{\"%s\":%s"),meter_desc_p[mindex].prefix,jname,tpowstr);
} }
else { else {
if (lastmind!=mindex) { if (lastmind!=mindex) {
// meter changed, close mqtt // meter changed, close mqtt
//snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s}", b_mqtt_data); //snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s}", b_mqtt_data);
ResponseAppend_P(PSTR("}")); if (!nojson) ResponseAppend_P(PSTR("}"));
// and open new // and open new
//snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s,\"%s\":{\"%s\":%s", b_mqtt_data,meter_desc_p[mindex].prefix,jname,tpowstr); //snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s,\"%s\":{\"%s\":%s", b_mqtt_data,meter_desc_p[mindex].prefix,jname,tpowstr);
ResponseAppend_P(PSTR(",\"%s\":{\"%s\":%s"),meter_desc_p[mindex].prefix,jname,tpowstr); if (!nojson) ResponseAppend_P(PSTR(",\"%s\":{\"%s\":%s"),meter_desc_p[mindex].prefix,jname,tpowstr);
lastmind=mindex; lastmind=mindex;
} else { } else {
//snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s,\"%s\":%s", b_mqtt_data,jname,tpowstr); //snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s,\"%s\":%s", b_mqtt_data,jname,tpowstr);
ResponseAppend_P(PSTR(",\"%s\":%s"),jname,tpowstr); if (!nojson) ResponseAppend_P(PSTR(",\"%s\":%s"),jname,tpowstr);
} }
} }
} else { } else {
// web ui export // web ui export
//snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s{s}%s %s: {m}%s %s{e}", b_mqtt_data,meter_desc[mindex].prefix,name,tpowstr,unit); //snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s{s}%s %s: {m}%s %s{e}", b_mqtt_data,meter_desc[mindex].prefix,name,tpowstr,unit);
@ -1773,7 +1788,7 @@ void SML_Show(boolean json) {
if (json) { if (json) {
//snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s}", b_mqtt_data); //snprintf_P(b_mqtt_data, sizeof(b_mqtt_data), "%s}", b_mqtt_data);
//ResponseAppend_P(PSTR("%s"),b_mqtt_data); //ResponseAppend_P(PSTR("%s"),b_mqtt_data);
ResponseAppend_P(PSTR("}")); if (!nojson) ResponseAppend_P(PSTR("}"));
} else { } else {
//WSContentSend_PD(PSTR("%s"),b_mqtt_data); //WSContentSend_PD(PSTR("%s"),b_mqtt_data);
} }
@ -2378,6 +2393,7 @@ char *SML_Get_Sequence(char *cp,uint32_t index) {
} }
} }
} }
return cp;
} }
void SML_Check_Send(void) { void SML_Check_Send(void) {