*len -= 4;
{% elif field.type == "bytearray" %}
{% if field.len_from_prefix %}
- object->{{field.len_field}} = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->{{field.len_field}} = (uint16_t) (prefix - (offset - *len));
{% endif %}
if (object->{{field.len_field}} > 0) {
if (*len < object->{{field.len_field}}) {
}
{% elif field.type == "chararray" %}
{% if field.len_from_prefix %}
- if (prefix - (offset - *len) >= {{field.size}}) {
+ if (prefix - (offset - *len) >= {{field.size}} || prefix < (offset - *len)) {
goto error;
}
- object->{{field.len_field}} = prefix - (offset - *len);
+{% if field.size == 255 %}
+ object->{{field.len_field}} = (uint8_t) (prefix - (offset - *len));
+{% else %}
+ object->{{field.len_field}} = (uint16_t) (prefix - (offset - *len));
+{% endif %}
{% endif %}
if (object->{{field.len_field}} > 0) {
if (*len < object->{{field.len_field}}) {
if (!DNP3ReadUint8(buf, len, &object->status_code)) {
goto error;
}
- if (prefix - (offset - *len) >= 255) {
+ if (prefix - (offset - *len) >= 255 || prefix < (offset - *len)) {
goto error;
}
- object->optional_text_len = prefix - (offset - *len);
+ object->optional_text_len = (uint8_t)(prefix - (offset - *len));
if (object->optional_text_len > 0) {
if (*len < object->optional_text_len) {
/* Not enough data. */
if (!DNP3ReadUint32(buf, len, &object->block_number)) {
goto error;
}
- if (prefix - (offset - *len) >= 255) {
+ if (prefix - (offset - *len) >= 255 || prefix < (offset - *len)) {
goto error;
}
- object->file_data_len = prefix - (offset - *len);
+ object->file_data_len = (uint8_t)(prefix - (offset - *len));
if (object->file_data_len > 0) {
if (*len < object->file_data_len) {
/* Not enough data. */
if (!DNP3ReadUint8(buf, len, &object->status_code)) {
goto error;
}
- if (prefix - (offset - *len) >= 255) {
+ if (prefix - (offset - *len) >= 255 || prefix < (offset - *len)) {
goto error;
}
- object->optional_text_len = prefix - (offset - *len);
+ object->optional_text_len = (uint8_t)(prefix - (offset - *len));
if (object->optional_text_len > 0) {
if (*len < object->optional_text_len) {
/* Not enough data. */
offset = *len;
- if (prefix - (offset - *len) >= 65535) {
+ if (prefix - (offset - *len) >= 65535 || prefix < (offset - *len)) {
goto error;
}
- object->file_specification_len = prefix - (offset - *len);
+ object->file_specification_len = (uint16_t)(prefix - (offset - *len));
if (object->file_specification_len > 0) {
if (*len < object->file_specification_len) {
/* Not enough data. */
if (!DNP3ReadUint8(buf, len, &object->reason)) {
goto error;
}
- object->challenge_data_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->challenge_data_len = (uint16_t)(prefix - (offset - *len));
if (object->challenge_data_len > 0) {
if (*len < object->challenge_data_len) {
/* Not enough data. */
if (!DNP3ReadUint16(buf, len, &object->usr)) {
goto error;
}
- object->mac_value_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_value_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_value_len > 0) {
if (*len < object->mac_value_len) {
/* Not enough data. */
*buf += object->challenge_data_len;
*len -= object->challenge_data_len;
}
- object->mac_value_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_value_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_value_len > 0) {
if (*len < object->mac_value_len) {
/* Not enough data. */
if (!DNP3ReadUint16(buf, len, &object->usr)) {
goto error;
}
- object->wrapped_key_data_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->wrapped_key_data_len = (uint16_t)(prefix - (offset - *len));
if (object->wrapped_key_data_len > 0) {
if (*len < object->wrapped_key_data_len) {
/* Not enough data. */
if (!DNP3ReadUint48(buf, len, &object->time_of_error)) {
goto error;
}
- if (prefix - (offset - *len) >= 65535) {
+ if (prefix - (offset - *len) >= 65535 || prefix < (offset - *len)) {
goto error;
}
- object->error_text_len = prefix - (offset - *len);
+ object->error_text_len = (uint16_t)(prefix - (offset - *len));
if (object->error_text_len > 0) {
if (*len < object->error_text_len) {
/* Not enough data. */
if (!DNP3ReadUint8(buf, len, &object->certificate_type)) {
goto error;
}
- object->certificate_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->certificate_len = (uint16_t)(prefix - (offset - *len));
if (object->certificate_len > 0) {
if (*len < object->certificate_len) {
/* Not enough data. */
offset = *len;
- object->mac_value_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_value_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_value_len > 0) {
if (*len < object->mac_value_len) {
/* Not enough data. */
offset = *len;
- object->digital_signature_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->digital_signature_len = (uint16_t)(prefix - (offset - *len));
if (object->digital_signature_len > 0) {
if (*len < object->digital_signature_len) {
/* Not enough data. */
offset = *len;
- object->mac_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_len > 0) {
if (*len < object->mac_len) {
/* Not enough data. */