Index: firmware/App/Services/SystemCommMessages.c =================================================================== diff -u -r5d9f15cd25ec6c4cfff7d4fcee2fa45c6dc4c165 -r812feca72b3d234237475fcd5eb979e2a28dab3b --- firmware/App/Services/SystemCommMessages.c (.../SystemCommMessages.c) (revision 5d9f15cd25ec6c4cfff7d4fcee2fa45c6dc4c165) +++ firmware/App/Services/SystemCommMessages.c (.../SystemCommMessages.c) (revision 812feca72b3d234237475fcd5eb979e2a28dab3b) @@ -5772,16 +5772,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status ); @@ -5952,16 +5956,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status ); @@ -6134,16 +6142,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );