Uploaded image for project: 'PROFINET IO-Device'
  1. PROFINET IO-Device
  2. PSPNS-2753

Firmware may crash when receiving an invalid encoded RPC Read request

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: V3.12.0.0
    • Fix Version/s: V3.12.0.14, V3.12.3.0, V3.13.0.0
    • Component/s: None
    • Labels:
      None
    • Account:
      SPC Profinet Slave (SPCPROFINE)

      Description

      When the firmware receives a Read or ReadImplicit request in some cases the firmware might crash or start unexpected behavior. The problem occurs when rpc buffer length defined by NDR header (args maximum + 20) is smaller than the record data length field in two cases:

      • the requested and real record data length exceeds the rpc buffer length calculated from the NDR by 1 to 84 byte
      • the requested record data length exceeds the rpc buffer length calculated from the NDR by at least 84 byte and the real length of the returned record data is in the range of rpc buffer length and rpc buffer length minus 84 byte.

      Althoug the problem only occurs with invalid encoded NDR header, it is expected that such mis-codings are gracefully handled and not crash occurs.

        Attachments

          Expenses

            Activity

              Status Description

                People

                • Reporter:
                  BMeyer Benjamin Meyer
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: