|
|
@@ -26,14 +26,20 @@ readDimension(UA_Byte *buf, size_t buflen, struct UA_NumericRangeDimension *dim)
|
|
|
size_t progress = readNumber(buf, buflen, &dim->min);
|
|
|
if(progress == 0)
|
|
|
return 0;
|
|
|
- if(buflen <= progress || buf[progress] != ':') {
|
|
|
+ if(buflen <= progress + 1 || buf[progress] != ':') {
|
|
|
dim->max = dim->min;
|
|
|
return progress;
|
|
|
}
|
|
|
+
|
|
|
progress++;
|
|
|
size_t progress2 = readNumber(&buf[progress], buflen - progress, &dim->max);
|
|
|
if(progress2 == 0)
|
|
|
return 0;
|
|
|
+
|
|
|
+ /* invalid range */
|
|
|
+ if(dim->min >= dim->max)
|
|
|
+ return 0;
|
|
|
+
|
|
|
return progress + progress2;
|
|
|
}
|
|
|
|
|
|
@@ -46,7 +52,7 @@ UA_StatusCode parse_numericrange(const UA_String *str, UA_NumericRange *range) {
|
|
|
struct UA_NumericRangeDimension *dimensions = NULL;
|
|
|
UA_StatusCode retval = UA_STATUSCODE_GOOD;
|
|
|
size_t pos = 0;
|
|
|
- do {
|
|
|
+ while(true) {
|
|
|
/* alloc dimensions */
|
|
|
if(idx >= dimensionsMax) {
|
|
|
struct UA_NumericRangeDimension *newds;
|
|
|
@@ -71,7 +77,13 @@ UA_StatusCode parse_numericrange(const UA_String *str, UA_NumericRange *range) {
|
|
|
/* loop into the next dimension */
|
|
|
if(pos >= str->length)
|
|
|
break;
|
|
|
- } while(str->data[pos] == ',' && pos++);
|
|
|
+
|
|
|
+ if(str->data[pos] != ',') {
|
|
|
+ retval = UA_STATUSCODE_BADINDEXRANGEINVALID;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ pos++;
|
|
|
+ }
|
|
|
|
|
|
if(retval == UA_STATUSCODE_GOOD && idx > 0) {
|
|
|
range->dimensions = dimensions;
|
|
|
@@ -359,7 +371,8 @@ void Service_Read(UA_Server *server, UA_Session *session,
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- if(request->timestampsToReturn > 3){
|
|
|
+ /* check if the timestampstoreturn is valid */
|
|
|
+ if(request->timestampsToReturn > UA_TIMESTAMPSTORETURN_NEITHER) {
|
|
|
response->responseHeader.serviceResult = UA_STATUSCODE_BADTIMESTAMPSTORETURNINVALID;
|
|
|
return;
|
|
|
}
|
Julius Pfrommer