Peter M. Groen / libmodbus

Commit 05d167046515d638f2063aa19d2a9a450b90ff8c

Authored by Stéphane Raimbault
1 parent 6cfed42b

Tests on reading 0 or max + 1 registers for function 0x17

Inline Side-by-side
Showing 1 changed file with 58 additions and 1 deletions
tests/unit-test-client.c
  View file @05d1670
@@ -725,9 +725,31 @@ int test_raw_request(modbus_t *ctx, int use_backend) @@ -725,9 +725,31 @@ int test_raw_request(modbus_t *ctx, int use_backend)
725 int i, j; 725 int i, j;
726 const int RAW_REQ_LENGTH = 6; 726 const int RAW_REQ_LENGTH = 6;
727 uint8_t raw_req[] = { 727 uint8_t raw_req[] = {
  728 + /* slave */
728 (use_backend == RTU) ? SERVER_ID : 0xFF, 729 (use_backend == RTU) ? SERVER_ID : 0xFF,
  730 + /* function, addr 1, 5 values */
729 0x03, 0x00, 0x01, 0x0, 0x05, 731 0x03, 0x00, 0x01, 0x0, 0x05,
730 }; 732 };
  733 + /* Write and read registers request */
  734 + uint8_t raw_rw_req[] = {
  735 + /* slave */
  736 + (use_backend == RTU) ? SERVER_ID : 0xFF,
  737 + /* function, addr to read, nb to read */
  738 + 0x17,
  739 + /* Read */
  740 + 0, 0,
  741 + (MODBUS_MAX_WR_READ_REGISTERS + 1) >> 8,
  742 + (MODBUS_MAX_WR_READ_REGISTERS + 1) & 0xFF,
  743 + /* Write */
  744 + 0, 0,
  745 + 0, 1,
  746 + /* Write byte count */
  747 + 1 * 2,
  748 + /* One data to write... */
  749 + 0x12, 0x34
  750 + };
  751 + /* See issue #143, test with MAX_WR_WRITE_REGISTERS */
  752 +
731 int req_length; 753 int req_length;
732 uint8_t rsp[MODBUS_TCP_MAX_ADU_LENGTH]; 754 uint8_t rsp[MODBUS_TCP_MAX_ADU_LENGTH];
733 int tab_function[] = {0x01, 0x02, 0x03, 0x04}; 755 int tab_function[] = {0x01, 0x02, 0x03, 0x04};
@@ -789,7 +811,11 @@ int test_raw_request(modbus_t *ctx, int use_backend) @@ -789,7 +811,11 @@ int test_raw_request(modbus_t *ctx, int use_backend)
789 811
790 req_length = modbus_send_raw_request(ctx, raw_req, 812 req_length = modbus_send_raw_request(ctx, raw_req,
791 RAW_REQ_LENGTH * sizeof(uint8_t)); 813 RAW_REQ_LENGTH * sizeof(uint8_t));
792 - printf("* try an exploit on function %d: ", tab_function[i]); 814 + if (j == 0) {
  815 + printf("* try to read 0 values with function %d: ", tab_function[i]);
  816 + } else {
  817 + printf("* try an exploit with function %d: ", tab_function[i]);
  818 + }
793 rc = modbus_receive_confirmation(ctx, rsp); 819 rc = modbus_receive_confirmation(ctx, rsp);
794 if (rc == 9 && 820 if (rc == 9 &&
795 rsp[7] == (0x80 + tab_function[i]) && 821 rsp[7] == (0x80 + tab_function[i]) &&
@@ -801,5 +827,36 @@ int test_raw_request(modbus_t *ctx, int use_backend) @@ -801,5 +827,36 @@ int test_raw_request(modbus_t *ctx, int use_backend)
801 } 827 }
802 } 828 }
803 } 829 }
  830 +
  831 + /* Modbus write and read multiple registers */
  832 + i = 0;
  833 + tab_function[i] = 0x17;
  834 + for (j=0; j<2; j++) {
  835 + if (j == 0) {
  836 + /* Try to read zero values on first iteration */
  837 + raw_rw_req[4] = 0x00;
  838 + raw_rw_req[5] = 0x00;
  839 + } else {
  840 + /* Try to read max values + 1 on second iteration */
  841 + raw_rw_req[4] = (MODBUS_MAX_WR_READ_REGISTERS + 1) >> 8;
  842 + raw_rw_req[5] = (MODBUS_MAX_WR_READ_REGISTERS + 1) & 0xFF;
  843 + }
  844 + req_length = modbus_send_raw_request(ctx, raw_rw_req, 13 * sizeof(uint8_t));
  845 + if (j == 0) {
  846 + printf("* try to read 0 values with function %d: ", tab_function[i]);
  847 + } else {
  848 + printf("* try an exploit with function %d: ", tab_function[i]);
  849 + }
  850 + rc = modbus_receive_confirmation(ctx, rsp);
  851 + if (rc == 9 &&
  852 + rsp[7] == (0x80 + tab_function[i]) &&
  853 + rsp[8] == MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE) {
  854 + printf("OK\n");
  855 + } else {
  856 + printf("FAILED\n");
  857 + return -1;
  858 + }
  859 + }
  860 +
804 return 0; 861 return 0;
805 } 862 }