Details
Minor
Description
EIP_OBJECT_REGISTER_SERVICE_REQ allows the host to register a service which is not bound to an object and to receive all service requests with the registered service code. When analyzing findings from TestLab in Varna, the following issues were found:
Problem A)
In CipObj_PerformServiceToAllObjects(), we clear all registered user services. This is unclear to me. Why is this done? This function is called on state changes, e.g. when all objects are started. If the host has registered a service previously, it will be deleted. This is probably a bug.
Example:
*) Register Service
*) Bus ON
Result: Service will never be forwarded to user since it is deleted on state change of EIP stack.
Problem B)
Service not bound to objects are preferred when service requests are dispatched. This means when the host registers, e.g. GET_ATTR_SINGLE, or any other service which may be implemented by any of the stack's default objects, then corresponding service request will always be forwarded to the host, instead of being routed to the object dictionary.
This might be intentional, but it maybe would make sense to only allow services from the vendor specific range of service IDs and exclusively forbid to override Hilscher-internal services.
Another, probably better solution would be to inspect the connection path and forward the service only to the registered user handler, if it does not target an internal object's service.
Anyway, this feature is hardly usable as it its due to problem A) and you can do a lot of bad things by exploiting problem B) which would render the stack disfunctional.
-> Clarify. Redesign. Implement