Uploaded image for project: 'PROFINET IO-Device'
  1. PROFINET IO-Device
  2. PSPNS-2753

Firmware may crash when receiving an invalid encoded RPC Read request

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: V3.12.0.0
          • Fix Version/s: V3.12.0.14, V3.12.3.0, V3.13.0.0
          • Component/s: None
          • Labels:
            None
          • Account:
            SPC Profinet Slave (SPCPROFINE)

            Description

            When the firmware receives a Read or ReadImplicit request in some cases the firmware might crash or start unexpected behavior. The problem occurs when rpc buffer length defined by NDR header (args maximum + 20) is smaller than the record data length field in two cases:

            • the requested and real record data length exceeds the rpc buffer length calculated from the NDR by 1 to 84 byte
            • the requested record data length exceeds the rpc buffer length calculated from the NDR by at least 84 byte and the real length of the returned record data is in the range of rpc buffer length and rpc buffer length minus 84 byte.

            Althoug the problem only occurs with invalid encoded NDR header, it is expected that such mis-codings are gracefully handled and not crash occurs.

              Attachments

                Expenses

                  Activity

                    Status Description

                      People

                      • Reporter:
                        BMeyer Benjamin Meyer
                      • Votes:
                        0 Vote for this issue
                        Watchers:
                        0 Start watching this issue

                        Dates

                        • Created:
                          Updated:
                          Resolved: