Fix buffer overflow errors

+remove dynamic memory allocation
+memset the rest of the data structure after read
This commit is contained in:
Mascaro Lucas 2018-12-13 14:23:23 +01:00
parent 4af98262a1
commit 20ea8e55af
5 changed files with 36 additions and 48 deletions

View File

@ -13,8 +13,6 @@ XBeeWrapper xbee = XBeeWrapper();
// ACTUAL DATA // ACTUAL DATA
unsigned long time; unsigned long time;
Node myself = Node(); Node myself = Node();
Packet recv = Packet();
Packet send = Packet();
void setup() { void setup() {
Serial.begin(38400); Serial.begin(38400);
@ -36,6 +34,7 @@ void loop() {
} }
/* [2] Listen for incoming data */ /* [2] Listen for incoming data */
Packet recv;
if( xbee.receive(recv) != XBWRECV_OK ) if( xbee.receive(recv) != XBWRECV_OK )
return; return;
@ -43,11 +42,11 @@ void loop() {
// 1. manage discover request // 1. manage discover request
if( opcode == OPCODE_DISCOVER ) if( opcode == OPCODE_DISCOVER )
return manage_discover(); return manage_discover(recv);
// 2. manage message data // 2. manage message data
else if( opcode == OPCODE_MESSAGE ) else if( opcode == OPCODE_MESSAGE )
return manage_message(); return manage_message(recv);
} }
@ -55,6 +54,7 @@ void loop() {
void send_data(){ void send_data(){
Serial.println(" -> message"); Serial.println(" -> message");
// 1. prepare message // 1. prepare message
Packet send;
send.setOpcode(OPCODE_MESSAGE); send.setOpcode(OPCODE_MESSAGE);
send.setSender(SENDERID); send.setSender(SENDERID);
send.setDist(myself.getDist()); send.setDist(myself.getDist());
@ -66,15 +66,15 @@ void send_data(){
// 2. broadcast // 2. broadcast
xbee.broadcast(send); xbee.broadcast(send);
// 2. debug // 2. debug
screen.clear(); screen.clear();
screen.printfn(0, "msg[%3d/%3d] %3d", send.getDist(), send.getTTL(), send.getSize()); screen.printfn(0, "msg[%3d/%3d] %3d", send.getDist(), send.getTTL(), send.getSize());
screen.printfn_overflow(1, "%s", (char*) send.getData()); screen.printfn_overflow(1, "%s", (char*) send.getData());
delay(500); delay(500);
} }
void manage_discover(){ void manage_discover(Packet recv){
Serial.print(" <- discover[ "); Serial.print(" <- discover[ ");
Serial.print(recv.getDist()); Serial.print(recv.getDist());
Serial.print(" / "); Serial.print(" / ");
@ -91,6 +91,7 @@ void manage_discover(){
} }
// propagate wave // propagate wave
Packet send;
send.setOpcode(OPCODE_DISCOVER); send.setOpcode(OPCODE_DISCOVER);
send.setWave(myself.getWave()); send.setWave(myself.getWave());
send.setDist(myself.getDist()); send.setDist(myself.getDist());
@ -99,7 +100,7 @@ void manage_discover(){
xbee.broadcast(send); xbee.broadcast(send);
} }
void manage_message(){ void manage_message(Packet recv){
if( recv.getTTL() <= 0 ) if( recv.getTTL() <= 0 )
return; return;

View File

@ -1,18 +1,13 @@
#include "packet.h" #include "packet.h"
Packet::Packet(){
msg.data = malloc(1 * sizeof(char));
}
Packet::~Packet(){
free(msg.data);
}
/* PUBLIC /* PUBLIC
----------------------------------------*/ ----------------------------------------*/
// builds a packet from raw data and returns the error code // builds a packet from raw data and returns the error code
uint8_t Packet::read(uint8_t* buf, const size_t size){ uint8_t Packet::read(uint8_t* buf, const size_t size){
// 1. fail on invalid size // 1. fail on invalid size
if( size < 1 ) return PKTREAD_EMPTY; if( size < 1 ) return PKTREAD_EMPTY;
if( size > PROTO_SIZE ) return PKTREAD_OVERFLOW; if( size > PROTO_SIZE ) return PKTREAD_OVERFLOW;
// 2. extract packet type // 2. extract packet type
opcode = buf[0]; opcode = buf[0];
@ -51,13 +46,12 @@ uint8_t Packet::getSize() { return msg.size; }
uint8_t* Packet::getData(){ return msg.data; } uint8_t* Packet::getData(){ return msg.data; }
void Packet::setData(uint8_t *buffer) { void Packet::setData(uint8_t *buffer) {
if( strlen(buffer) >= 255 ) if( strlen(buffer) >= MESSAGE_MAX_PAYLOAD )
return; return;
msg.size = strlen(buffer); msg.size = strlen(buffer);
resizeMessage(); strncpy(msg.data, buffer, MESSAGE_MAX_PAYLOAD);
strcpy(msg.data, buffer);
} }
@ -88,7 +82,7 @@ size_t Packet::write_discover(uint8_t *buf){
uint8_t Packet::read_message(uint8_t *buf, const size_t size){ uint8_t Packet::read_message(uint8_t *buf, const size_t size){
// 1. fail on invalid size // 1. fail on invalid size
if( size < MESSAGE_MIN_SIZE || size > MESSAGE_MAX_SIZE ) if( size < PROTO_MIN_SIZE || size > PROTO_SIZE )
return PKTREAD_INVALID_MESSAGE_FORMAT; return PKTREAD_INVALID_MESSAGE_FORMAT;
// 2. fill values // 2. fill values
@ -102,9 +96,12 @@ uint8_t Packet::read_message(uint8_t *buf, const size_t size){
if( size - 5 != msg.size ) if( size - 5 != msg.size )
return PKTREAD_INVALID_MESSAGE_FORMAT; return PKTREAD_INVALID_MESSAGE_FORMAT;
// 4. extract message // 4. memset data
resizeMessage(); //memset(msg.data,0,MESSAGE_MAX_PAYLOAD);
// 5. extract message
strncpy(msg.data, buf+5, msg.size); strncpy(msg.data, buf+5, msg.size);
memset(msg.data+msg.size,0,MESSAGE_MAX_PAYLOAD-msg.size);
return PKTREAD_OK; return PKTREAD_OK;
}; };
@ -116,8 +113,7 @@ size_t Packet::write_message(uint8_t *buf){
buf[3] = msg.ttl; buf[3] = msg.ttl;
buf[4] = msg.size; buf[4] = msg.size;
buf = realloc(buf, (5+msg.size+1)* sizeof(uint8_t)); strncpy(buf+5, msg.data, MESSAGE_MAX_PAYLOAD);
strncpy(buf+5, msg.data, msg.size);
return 5 + msg.size; return 5 + msg.size;
}; };

View File

@ -26,14 +26,13 @@
size_t write_message(uint8_t* buf); size_t write_message(uint8_t* buf);
public: public:
Packet();
~Packet();
// builds a packet from raw data and returns the status code // builds a packet from raw data and returns the status code
uint8_t read(uint8_t* buf, const size_t size); uint8_t read(uint8_t* buf, const size_t size);
// writes the binary representation of the packet returns the size // writes the binary representation of the packet returns the size
size_t write(uint8_t* buf); size_t write(uint8_t* buf);
// GETTERS / SETTERS // GETTERS / SETTERS
uint8_t getOpcode(); uint8_t getOpcode();
@ -56,12 +55,7 @@
uint8_t* getData(); uint8_t* getData();
void setData(uint8_t *buffer); void setData(uint8_t *buffer);
protected:
resizeMessage(){
msg.data = realloc(msg.data, (msg.size+1) * sizeof(uint8_t));
memset(msg.data, 0, msg.size+1);
}
}; };
#endif #endif

View File

@ -18,21 +18,19 @@
uint8_t dist; // current node's distance uint8_t dist; // current node's distance
}; };
#define MESSAGE_MAX_PAYLOAD 255
#define MESSAGE_MIN_SIZE sizeof(uint8_t)*5 #define PROTO_MIN_SIZE 5 * sizeof(uint8_t)
#define MESSAGE_MAX_SIZE (5 + 255) * sizeof(uint8_t) #define PROTO_SIZE (5 + MESSAGE_MAX_PAYLOAD) * sizeof(uint8_t)
struct message { struct message {
uint8_t opcode; // opcode = 1 uint8_t opcode; // opcode = 1
uint8_t sender; // sender id uint8_t sender; // sender id
uint8_t dist; // distance of the last sender uint8_t dist; // distance of the last sender
uint8_t ttl; // time to live default = 10 uint8_t ttl; // time to live default = 10
uint8_t size; // size of message in bytes uint8_t size; // size of message in bytes
uint8_t *data; // actual message uint8_t data[MESSAGE_MAX_PAYLOAD]; // actual message
}; };
#define PROTO_SIZE MESSAGE_MAX_SIZE
class Node{ class Node{
private: private:
uint8_t wave = 0; uint8_t wave = 0;
@ -58,4 +56,4 @@
} }
}; };
#endif #endif

View File

@ -49,14 +49,13 @@ uint8_t XBeeWrapper::broadcast(Packet& pkt){
XBeeAddress64 bcast = XBeeAddress64(0x00000000, 0x0000FFFF); XBeeAddress64 bcast = XBeeAddress64(0x00000000, 0x0000FFFF);
// build payload from packet // build payload from packet
uint8_t* payload = malloc(6 * sizeof(uint8_t)); uint8_t payload[PROTO_SIZE];
memset(payload,0,PROTO_SIZE);
size_t payload_size = pkt.write(payload); size_t payload_size = pkt.write(payload);
// send // send
Tx64Request tx = Tx64Request(bcast, payload, payload_size); Tx64Request tx = Tx64Request(bcast, payload, payload_size);
xbee.send(tx); xbee.send(tx);
free(payload);
return XBWSEND_OK; return XBWSEND_OK;
}; };