Index: firmware/App/Services/SystemCommMessages.c =================================================================== diff -u -r2112778f4de1b5bac8df9915da1ab2def967a9cf -rcd5be724d5a3ba7457e761191d82f278654d7f5c --- firmware/App/Services/SystemCommMessages.c (.../SystemCommMessages.c) (revision 2112778f4de1b5bac8df9915da1ab2def967a9cf) +++ firmware/App/Services/SystemCommMessages.c (.../SystemCommMessages.c) (revision cd5be724d5a3ba7457e761191d82f278654d7f5c) @@ -1,14 +1,14 @@ /************************************************************************** * -* Copyright (c) 2019-2023 Diality Inc. - All Rights Reserved. +* Copyright (c) 2019-2024 Diality Inc. - All Rights Reserved. * * THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN * WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. * * @file SystemCommMessages.c * -* @author (last) Michael Garthwaite -* @date (last) 04-Oct-2023 +* @author (last) Dara Navaei +* @date (last) 20-Oct-2023 * * @author (original) Dara Navaei * @date (original) 05-Nov-2019 @@ -5770,16 +5770,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status ); @@ -5950,16 +5954,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status ); @@ -6132,16 +6140,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );