| From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001 |
| From: Michael Heimpold <mhei@heimpold.de> |
| Date: Sat, 8 Jan 2022 20:00:50 +0100 |
| Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes |
| #614) |
| |
| [ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ] |
| |
| While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets |
| must be checked, i.e. the read and the write address must be within the |
| mapping range. |
| |
| At the moment, only the read address was considered, it looks like a |
| simple copy and paste error, so let's fix it. |
| |
| CVE: CVE-2022-0367 |
| |
| Signed-off-by: Michael Heimpold <mhei@heimpold.de> |
| --- |
| src/modbus.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/src/modbus.c b/src/modbus.c |
| index 68a28a3..c871152 100644 |
| --- a/src/modbus.c |
| +++ b/src/modbus.c |
| @@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, |
| nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); |
| } else if (mapping_address < 0 || |
| (mapping_address + nb) > mb_mapping->nb_registers || |
| - mapping_address < 0 || |
| + mapping_address_write < 0 || |
| (mapping_address_write + nb_write) > mb_mapping->nb_registers) { |
| rsp_length = response_exception( |
| ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, |
| -- |
| 2.39.1 |
| |