Uploaded image for project: 'EtherNet/IP Core V3'
  1. EtherNet/IP Core V3
  2. PSEIP-1034

[Scanner] - Add parameter validation for member usConnPathSize of EIP_OBJECT_CREATE_CC_INSTANCE_REQ

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: V3.9.0.2, V3.9.1.0 (trunk)
          • Component/s: None
          • Labels:
            None
          • Account:
            SPC EthernetIp Core (SPCETHERNET)

            Description

            EIP_OBJECT_CREATE_CC_INSTANCE_REQ_T contains member usConnPathSize which is defined with a upper range limit of 511 in the documentation.

            There is no explicit check of that limit in the packet handler and underyling modules. The unchecked parameter is then used as the size argument of a call to memcpy. This needs to be addressed in both, implementation and existing automated regression tests.

              Attachments

                Expenses

                  Activity

                    Status Description

                      People

                      • Reporter:
                        MBommert Marc Bommert
                      • Votes:
                        0 Vote for this issue
                        Watchers:
                        0 Start watching this issue

                        Dates

                        • Created:
                          Updated:
                          Resolved: