Commit 05d167046515d638f2063aa19d2a9a450b90ff8c
1 parent
6cfed42b
Tests on reading 0 or max + 1 registers for function 0x17
Showing
1 changed file
with
58 additions
and
1 deletions
tests/unit-test-client.c
| ... | ... | @@ -725,9 +725,31 @@ int test_raw_request(modbus_t *ctx, int use_backend) |
| 725 | 725 | int i, j; |
| 726 | 726 | const int RAW_REQ_LENGTH = 6; |
| 727 | 727 | uint8_t raw_req[] = { |
| 728 | + /* slave */ | |
| 728 | 729 | (use_backend == RTU) ? SERVER_ID : 0xFF, |
| 730 | + /* function, addr 1, 5 values */ | |
| 729 | 731 | 0x03, 0x00, 0x01, 0x0, 0x05, |
| 730 | 732 | }; |
| 733 | + /* Write and read registers request */ | |
| 734 | + uint8_t raw_rw_req[] = { | |
| 735 | + /* slave */ | |
| 736 | + (use_backend == RTU) ? SERVER_ID : 0xFF, | |
| 737 | + /* function, addr to read, nb to read */ | |
| 738 | + 0x17, | |
| 739 | + /* Read */ | |
| 740 | + 0, 0, | |
| 741 | + (MODBUS_MAX_WR_READ_REGISTERS + 1) >> 8, | |
| 742 | + (MODBUS_MAX_WR_READ_REGISTERS + 1) & 0xFF, | |
| 743 | + /* Write */ | |
| 744 | + 0, 0, | |
| 745 | + 0, 1, | |
| 746 | + /* Write byte count */ | |
| 747 | + 1 * 2, | |
| 748 | + /* One data to write... */ | |
| 749 | + 0x12, 0x34 | |
| 750 | + }; | |
| 751 | + /* See issue #143, test with MAX_WR_WRITE_REGISTERS */ | |
| 752 | + | |
| 731 | 753 | int req_length; |
| 732 | 754 | uint8_t rsp[MODBUS_TCP_MAX_ADU_LENGTH]; |
| 733 | 755 | int tab_function[] = {0x01, 0x02, 0x03, 0x04}; |
| ... | ... | @@ -789,7 +811,11 @@ int test_raw_request(modbus_t *ctx, int use_backend) |
| 789 | 811 | |
| 790 | 812 | req_length = modbus_send_raw_request(ctx, raw_req, |
| 791 | 813 | RAW_REQ_LENGTH * sizeof(uint8_t)); |
| 792 | - printf("* try an exploit on function %d: ", tab_function[i]); | |
| 814 | + if (j == 0) { | |
| 815 | + printf("* try to read 0 values with function %d: ", tab_function[i]); | |
| 816 | + } else { | |
| 817 | + printf("* try an exploit with function %d: ", tab_function[i]); | |
| 818 | + } | |
| 793 | 819 | rc = modbus_receive_confirmation(ctx, rsp); |
| 794 | 820 | if (rc == 9 && |
| 795 | 821 | rsp[7] == (0x80 + tab_function[i]) && |
| ... | ... | @@ -801,5 +827,36 @@ int test_raw_request(modbus_t *ctx, int use_backend) |
| 801 | 827 | } |
| 802 | 828 | } |
| 803 | 829 | } |
| 830 | + | |
| 831 | + /* Modbus write and read multiple registers */ | |
| 832 | + i = 0; | |
| 833 | + tab_function[i] = 0x17; | |
| 834 | + for (j=0; j<2; j++) { | |
| 835 | + if (j == 0) { | |
| 836 | + /* Try to read zero values on first iteration */ | |
| 837 | + raw_rw_req[4] = 0x00; | |
| 838 | + raw_rw_req[5] = 0x00; | |
| 839 | + } else { | |
| 840 | + /* Try to read max values + 1 on second iteration */ | |
| 841 | + raw_rw_req[4] = (MODBUS_MAX_WR_READ_REGISTERS + 1) >> 8; | |
| 842 | + raw_rw_req[5] = (MODBUS_MAX_WR_READ_REGISTERS + 1) & 0xFF; | |
| 843 | + } | |
| 844 | + req_length = modbus_send_raw_request(ctx, raw_rw_req, 13 * sizeof(uint8_t)); | |
| 845 | + if (j == 0) { | |
| 846 | + printf("* try to read 0 values with function %d: ", tab_function[i]); | |
| 847 | + } else { | |
| 848 | + printf("* try an exploit with function %d: ", tab_function[i]); | |
| 849 | + } | |
| 850 | + rc = modbus_receive_confirmation(ctx, rsp); | |
| 851 | + if (rc == 9 && | |
| 852 | + rsp[7] == (0x80 + tab_function[i]) && | |
| 853 | + rsp[8] == MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE) { | |
| 854 | + printf("OK\n"); | |
| 855 | + } else { | |
| 856 | + printf("FAILED\n"); | |
| 857 | + return -1; | |
| 858 | + } | |
| 859 | + } | |
| 860 | + | |
| 804 | 861 | return 0; |
| 805 | 862 | } | ... | ... |