[issue #229] Prevent Buffer Overflows When Constructing Messages #230
Conversation
There was a problem hiding this comment.
Thank you for taking a stab at this! I've been watching this conversation go past all week hoping I'd find time to contribute, but it hasn't happened yet, and maybe won't need to now 🙂 By and large these changes look good, although it looks like there are a few typos causing compilation errors. If you push changes, the automatic builds should run again and point out whether there's anything still wrong.
david-pace
force-pushed
the
229-buffer-overflows
branch
2 times, most recently
from
d7be7c4
to
85842f3
Compare
|
Thanks for fixing all these! You can test your changes with openHAB like the following: Extract the JAR from the build artifact of your PR (https://github.com/NeuronRobotics/nrjavaserial/suites/7770122489/artifacts/326856992) to Then, you can disable the original bundle (5.2.1.OH1): There might be a restart of openHAB necessary. |
… Messages - increase buffer sizes - change sprintf() calls to snprintf() calls introducing respective maximum size arguments - remove #if / #endif blocks dealing with system names on Linux - comment message informing the user that locking worked - correct variable name and remove unused buffer name[80] in uucp_lock() closes NeuronRobotics#229
david-pace
force-pushed
the
229-buffer-overflows
branch
from
85842f3
to
e2b5bbf
Compare
|
Thanks for the detailed description, @fwolter 👍 I managed to deploy the latest build into openHAB and to disable the OH bundle. It looked like this: I also restarted the system and verified that the new bundle was still active. Then I tried to enable my Zigbee USB stick using the device name I'm quite sure that the Java Code can be exchanged by disabling a bundle and activating another bundle. Are you sure that this also works for the native code? Do you have any idea how I could verify that the new native code is actually running? |
|
I guess you have a point there. It might be necessary to rebuild the entire serial-transport feature to load the correct native code right from the start. https://github.com/openhab/openhab-core/blob/2e7fd9d72a256518684d3228a1bd5873a4ef331d/features/karaf/openhab-tp/src/main/feature/feature.xml#L214 |
|
I managed to build a custom instead of I placed this file at Then I could add the Unfortunately this fails with: Any ideas how to proceed? |
|
You can replace You can view stdout by redirecting the karaf output to a file: EDIT: Watch out, it has locking enabled. You could see some blocked serial ports after a crash or an unexpected disconnect. |
|
Thanks for preparing the JAR 👍 I successfully replaced the bundle. I did not get the output stream redirect activated with my Ubtuntu ( which is different from the original bundle. With this version I can confirm that it is now possible to use longer device names. I tested with and experienced no more crashes 👍 So from my side the tests are successful. Are there any other unit and/or integration tests that you guys can run or is this covered by the build already? Please also have a look at the code again and resolve the open conversations if you are fine with my changes. |
david-pace
requested review from
MrDOS and
fwolter
and removed request for
MrDOS
|
Thank you for confirming that your changes work, @david-pace. The only automated tests we have are squirrelled away in #182, and I'll eventually try to resuscitate those.
I meant to mention this sooner, but I suspect you could also easily test this by symlinking a serial device to a different path to give it a longer name. E.g., |
maximum size arguments
It would be great if someone could test this because I'm not a C(++) developer and don't have the toolchains installed.