Fix buffer overflow errors

+remove dynamic memory allocation
+memset the rest of the data structure after read
This commit is contained in:
Mascaro Lucas 2018-12-13 14:23:23 +01:00
parent 4af98262a1
commit 20ea8e55af
5 changed files with 36 additions and 48 deletions

View File

@ -13,8 +13,6 @@ XBeeWrapper xbee = XBeeWrapper();
// ACTUAL DATA
unsigned long time;
Node myself = Node();
Packet recv = Packet();
Packet send = Packet();
void setup() {
Serial.begin(38400);
@ -36,6 +34,7 @@ void loop() {
}
/* [2] Listen for incoming data */
Packet recv;
if( xbee.receive(recv) != XBWRECV_OK )
return;
@ -43,11 +42,11 @@ void loop() {
// 1. manage discover request
if( opcode == OPCODE_DISCOVER )
return manage_discover();
return manage_discover(recv);
// 2. manage message data
else if( opcode == OPCODE_MESSAGE )
return manage_message();
return manage_message(recv);
}
@ -55,6 +54,7 @@ void loop() {
void send_data(){
Serial.println(" -> message");
// 1. prepare message
Packet send;
send.setOpcode(OPCODE_MESSAGE);
send.setSender(SENDERID);
send.setDist(myself.getDist());
@ -66,15 +66,15 @@ void send_data(){
// 2. broadcast
xbee.broadcast(send);
// 2. debug
screen.clear();
screen.printfn(0, "msg[%3d/%3d] %3d", send.getDist(), send.getTTL(), send.getSize());
screen.printfn_overflow(1, "%s", (char*) send.getData());
delay(500);
// 2. debug
screen.clear();
screen.printfn(0, "msg[%3d/%3d] %3d", send.getDist(), send.getTTL(), send.getSize());
screen.printfn_overflow(1, "%s", (char*) send.getData());
delay(500);
}
void manage_discover(){
void manage_discover(Packet recv){
Serial.print(" <- discover[ ");
Serial.print(recv.getDist());
Serial.print(" / ");
@ -91,6 +91,7 @@ void manage_discover(){
}
// propagate wave
Packet send;
send.setOpcode(OPCODE_DISCOVER);
send.setWave(myself.getWave());
send.setDist(myself.getDist());
@ -99,7 +100,7 @@ void manage_discover(){
xbee.broadcast(send);
}
void manage_message(){
void manage_message(Packet recv){
if( recv.getTTL() <= 0 )
return;

View File

@ -1,18 +1,13 @@
#include "packet.h"
Packet::Packet(){
msg.data = malloc(1 * sizeof(char));
}
Packet::~Packet(){
free(msg.data);
}
/* PUBLIC
----------------------------------------*/
// builds a packet from raw data and returns the error code
uint8_t Packet::read(uint8_t* buf, const size_t size){
// 1. fail on invalid size
if( size < 1 ) return PKTREAD_EMPTY;
if( size > PROTO_SIZE ) return PKTREAD_OVERFLOW;
if( size > PROTO_SIZE ) return PKTREAD_OVERFLOW;
// 2. extract packet type
opcode = buf[0];
@ -51,13 +46,12 @@ uint8_t Packet::getSize() { return msg.size; }
uint8_t* Packet::getData(){ return msg.data; }
void Packet::setData(uint8_t *buffer) {
if( strlen(buffer) >= 255 )
if( strlen(buffer) >= MESSAGE_MAX_PAYLOAD )
return;
msg.size = strlen(buffer);
resizeMessage();
strcpy(msg.data, buffer);
strncpy(msg.data, buffer, MESSAGE_MAX_PAYLOAD);
}
@ -88,7 +82,7 @@ size_t Packet::write_discover(uint8_t *buf){
uint8_t Packet::read_message(uint8_t *buf, const size_t size){
// 1. fail on invalid size
if( size < MESSAGE_MIN_SIZE || size > MESSAGE_MAX_SIZE )
if( size < PROTO_MIN_SIZE || size > PROTO_SIZE )
return PKTREAD_INVALID_MESSAGE_FORMAT;
// 2. fill values
@ -102,9 +96,12 @@ uint8_t Packet::read_message(uint8_t *buf, const size_t size){
if( size - 5 != msg.size )
return PKTREAD_INVALID_MESSAGE_FORMAT;
// 4. extract message
resizeMessage();
// 4. memset data
//memset(msg.data,0,MESSAGE_MAX_PAYLOAD);
// 5. extract message
strncpy(msg.data, buf+5, msg.size);
memset(msg.data+msg.size,0,MESSAGE_MAX_PAYLOAD-msg.size);
return PKTREAD_OK;
};
@ -116,8 +113,7 @@ size_t Packet::write_message(uint8_t *buf){
buf[3] = msg.ttl;
buf[4] = msg.size;
buf = realloc(buf, (5+msg.size+1)* sizeof(uint8_t));
strncpy(buf+5, msg.data, msg.size);
strncpy(buf+5, msg.data, MESSAGE_MAX_PAYLOAD);
return 5 + msg.size;
};
};

View File

@ -26,14 +26,13 @@
size_t write_message(uint8_t* buf);
public:
Packet();
~Packet();
// builds a packet from raw data and returns the status code
uint8_t read(uint8_t* buf, const size_t size);
// writes the binary representation of the packet returns the size
size_t write(uint8_t* buf);
// GETTERS / SETTERS
uint8_t getOpcode();
@ -56,12 +55,7 @@
uint8_t* getData();
void setData(uint8_t *buffer);
protected:
resizeMessage(){
msg.data = realloc(msg.data, (msg.size+1) * sizeof(uint8_t));
memset(msg.data, 0, msg.size+1);
}
};
#endif
#endif

View File

@ -18,21 +18,19 @@
uint8_t dist; // current node's distance
};
#define MESSAGE_MIN_SIZE sizeof(uint8_t)*5
#define MESSAGE_MAX_SIZE (5 + 255) * sizeof(uint8_t)
#define MESSAGE_MAX_PAYLOAD 255
#define PROTO_MIN_SIZE 5 * sizeof(uint8_t)
#define PROTO_SIZE (5 + MESSAGE_MAX_PAYLOAD) * sizeof(uint8_t)
struct message {
uint8_t opcode; // opcode = 1
uint8_t sender; // sender id
uint8_t dist; // distance of the last sender
uint8_t ttl; // time to live default = 10
uint8_t size; // size of message in bytes
uint8_t *data; // actual message
uint8_t data[MESSAGE_MAX_PAYLOAD]; // actual message
};
#define PROTO_SIZE MESSAGE_MAX_SIZE
class Node{
private:
uint8_t wave = 0;
@ -58,4 +56,4 @@
}
};
#endif
#endif

View File

@ -49,14 +49,13 @@ uint8_t XBeeWrapper::broadcast(Packet& pkt){
XBeeAddress64 bcast = XBeeAddress64(0x00000000, 0x0000FFFF);
// build payload from packet
uint8_t* payload = malloc(6 * sizeof(uint8_t));
uint8_t payload[PROTO_SIZE];
memset(payload,0,PROTO_SIZE);
size_t payload_size = pkt.write(payload);
// send
Tx64Request tx = Tx64Request(bcast, payload, payload_size);
xbee.send(tx);
free(payload);
return XBWSEND_OK;
};
};