search

zigpy / zigpy-znp

TI CC2531, CC13x2, CC26x2 radio support for Zigpy and ZHA
GNU General Public License v3.0
146 stars 40 forks source link

Zigpy error when receiving a Malformed packet #170

Closed pipiche38 closed 2 years ago

pipiche38 commented 2 years ago

Looks like the libraries is not resilient to "Malformed Packet"

Here after is the Sniffed paquet

Screenshot 2022-09-07 at 20 06 17

And here after is the message produce by the zigpy library

2022-09-07 20:04:01,025 WARNING :Failed to parse broken GeneralFrame(header=CommandHeader(id=0x9F, subsystem=Subsystem.ZDO, type=CommandType.AREQ), data=b'\x7F\xF1\x84\x04\x45') as <class 'zigpy_znp.types.commands.ZDO.ParentAnnceRsp.Callback'>
2022-09-07 20:04:01,029 ERROR   :Task exception was never retrieved
future: <Task finished name='Task-33' coro=<ControllerApplication.on_zdo_message() done, defined at /var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy_znp/zigbee/application.py:519> exception=ValueError('Data is too short to contain 1 bytes')>
Traceback (most recent call last):
  File "/usr/lib/python3.9/asyncio/tasks.py", line 256, in __step
    result = coro.send(None)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy_znp/zigbee/application.py", line 527, in on_zdo_message
    args, data = list_deserialize(data, types)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/__init__.py", line 9, in deserialize
    value, data = type_.deserialize(data)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/basic.py", line 668, in deserialize
    item, data = cls._item_type.deserialize(data)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/basic.py", line 694, in deserialize
    item, data = cls._item_type.deserialize(data)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/basic.py", line 147, in deserialize
    raise ValueError(f"Data is too short to contain {byte_size} bytes")
ValueError: Data is too short to contain 1 bytes
puddly commented 2 years ago

What is the expected behavior here? Nothing crashes, it's just a traceback.

MattWestb commented 2 years ago

PA is oft being used for dosing NCPc for getting control of the host system (some SDKs have getting security patches for eliminating it) but for getting access is very tricky then you must using the serial for knocking the host system.

I think one warning shall being OK so user can see if some one is trying getting in there system.

Adminiuga commented 2 years ago

Application should consume the exception, not the library.

pipiche38 commented 2 years ago

I don't understand what you mean by application. Here the application doesn't receive anything the stack crash is inside zigpy library, no ?

puddly commented 2 years ago

Fixed by packet API, since ZNP forwards all packets as-is to the application with packet_received.