Possible buffer overflow using nmbs_read_holding_registers()

debevv / nanoMODBUS

A compact MODBUS RTU/TCP C library for embedded/microcontrollers

MIT License

234 stars 47 forks source link

Possible buffer overflow using nmbs_read_holding_registers() #44

Closed RonaldZwInventeers closed 4 months ago

RonaldZwInventeers commented 5 months ago

Situation

Accidentally connected two masters on one serial bus. This resulted in buffer overflows when calling nmbs_read_holding_registers()

Cause

Debugging found the possibility of buffer overflow in recv_read_registers_res(). Where quantity is not used to limit the amount of writes to registers.

Solution

Limit the for loop iterations or return error when (registers_bytes / 2) != quantity in recv_read_registers_res().

debevv commented 5 months ago

Fixed in 0234a563c1560a06d503011a7dc763c647aaa4c5
Thank you