Commit fc73565da7a5c35d55eab843cf6c60af6c2b6925
1 parent
2a9a7ddf
Fix remote buffer overflow vulnerability (closes #25, #105)
It's strongly recommended to update your libmodbus library if you use it in a slave/server application in a not trusted environment. Debian package of libmodbus 3.0.4 already contains a patch to mitigate the exploit but the patch isn't as strong than this one.
Showing
6 changed files
with
131 additions
and
31 deletions
src/modbus.c
| @@ -706,7 +706,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | @@ -706,7 +706,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | ||
| 706 | case _FC_READ_COILS: { | 706 | case _FC_READ_COILS: { |
| 707 | int nb = (req[offset + 3] << 8) + req[offset + 4]; | 707 | int nb = (req[offset + 3] << 8) + req[offset + 4]; |
| 708 | 708 | ||
| 709 | - if ((address + nb) > mb_mapping->nb_bits) { | 709 | + if (nb < 1 || MODBUS_MAX_READ_BITS < nb) { |
| 710 | + if (ctx->debug) { | ||
| 711 | + fprintf(stderr, | ||
| 712 | + "Illegal nb of values %d in read_bits (max %d)\n", | ||
| 713 | + nb, MODBUS_MAX_READ_BITS); | ||
| 714 | + } | ||
| 715 | + rsp_length = response_exception( | ||
| 716 | + ctx, &sft, | ||
| 717 | + MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp); | ||
| 718 | + } else if ((address + nb) > mb_mapping->nb_bits) { | ||
| 710 | if (ctx->debug) { | 719 | if (ctx->debug) { |
| 711 | fprintf(stderr, "Illegal data address %0X in read_bits\n", | 720 | fprintf(stderr, "Illegal data address %0X in read_bits\n", |
| 712 | address + nb); | 721 | address + nb); |
| @@ -728,7 +737,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | @@ -728,7 +737,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | ||
| 728 | * function) */ | 737 | * function) */ |
| 729 | int nb = (req[offset + 3] << 8) + req[offset + 4]; | 738 | int nb = (req[offset + 3] << 8) + req[offset + 4]; |
| 730 | 739 | ||
| 731 | - if ((address + nb) > mb_mapping->nb_input_bits) { | 740 | + if (nb < 1 || MODBUS_MAX_READ_BITS < nb) { |
| 741 | + if (ctx->debug) { | ||
| 742 | + fprintf(stderr, | ||
| 743 | + "Illegal nb of values %d in read_input_bits (max %d)\n", | ||
| 744 | + nb, MODBUS_MAX_READ_BITS); | ||
| 745 | + } | ||
| 746 | + rsp_length = response_exception( | ||
| 747 | + ctx, &sft, | ||
| 748 | + MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp); | ||
| 749 | + } else if ((address + nb) > mb_mapping->nb_input_bits) { | ||
| 732 | if (ctx->debug) { | 750 | if (ctx->debug) { |
| 733 | fprintf(stderr, "Illegal data address %0X in read_input_bits\n", | 751 | fprintf(stderr, "Illegal data address %0X in read_input_bits\n", |
| 734 | address + nb); | 752 | address + nb); |
| @@ -748,7 +766,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | @@ -748,7 +766,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | ||
| 748 | case _FC_READ_HOLDING_REGISTERS: { | 766 | case _FC_READ_HOLDING_REGISTERS: { |
| 749 | int nb = (req[offset + 3] << 8) + req[offset + 4]; | 767 | int nb = (req[offset + 3] << 8) + req[offset + 4]; |
| 750 | 768 | ||
| 751 | - if ((address + nb) > mb_mapping->nb_registers) { | 769 | + if (nb < 1 || MODBUS_MAX_READ_REGISTERS < nb) { |
| 770 | + if (ctx->debug) { | ||
| 771 | + fprintf(stderr, | ||
| 772 | + "Illegal nb of values %d in read_holding_registers (max %d)\n", | ||
| 773 | + nb, MODBUS_MAX_READ_REGISTERS); | ||
| 774 | + } | ||
| 775 | + rsp_length = response_exception( | ||
| 776 | + ctx, &sft, | ||
| 777 | + MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp); | ||
| 778 | + } else if ((address + nb) > mb_mapping->nb_registers) { | ||
| 752 | if (ctx->debug) { | 779 | if (ctx->debug) { |
| 753 | fprintf(stderr, "Illegal data address %0X in read_registers\n", | 780 | fprintf(stderr, "Illegal data address %0X in read_registers\n", |
| 754 | address + nb); | 781 | address + nb); |
| @@ -773,7 +800,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | @@ -773,7 +800,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | ||
| 773 | * function) */ | 800 | * function) */ |
| 774 | int nb = (req[offset + 3] << 8) + req[offset + 4]; | 801 | int nb = (req[offset + 3] << 8) + req[offset + 4]; |
| 775 | 802 | ||
| 776 | - if ((address + nb) > mb_mapping->nb_input_registers) { | 803 | + if (nb < 1 || MODBUS_MAX_READ_REGISTERS < nb) { |
| 804 | + if (ctx->debug) { | ||
| 805 | + fprintf(stderr, | ||
| 806 | + "Illegal number of values %d in read_input_registers (max %d)\n", | ||
| 807 | + nb, MODBUS_MAX_READ_REGISTERS); | ||
| 808 | + } | ||
| 809 | + rsp_length = response_exception( | ||
| 810 | + ctx, &sft, | ||
| 811 | + MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp); | ||
| 812 | + } else if ((address + nb) > mb_mapping->nb_input_registers) { | ||
| 777 | if (ctx->debug) { | 813 | if (ctx->debug) { |
| 778 | fprintf(stderr, "Illegal data address %0X in read_input_registers\n", | 814 | fprintf(stderr, "Illegal data address %0X in read_input_registers\n", |
| 779 | address + nb); | 815 | address + nb); |
| @@ -796,7 +832,8 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | @@ -796,7 +832,8 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | ||
| 796 | case _FC_WRITE_SINGLE_COIL: | 832 | case _FC_WRITE_SINGLE_COIL: |
| 797 | if (address >= mb_mapping->nb_bits) { | 833 | if (address >= mb_mapping->nb_bits) { |
| 798 | if (ctx->debug) { | 834 | if (ctx->debug) { |
| 799 | - fprintf(stderr, "Illegal data address %0X in write_bit\n", | 835 | + fprintf(stderr, |
| 836 | + "Illegal data address %0X in write_bit\n", | ||
| 800 | address); | 837 | address); |
| 801 | } | 838 | } |
| 802 | rsp_length = response_exception( | 839 | rsp_length = response_exception( |
| @@ -934,9 +971,22 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | @@ -934,9 +971,22 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, | ||
| 934 | int nb = (req[offset + 3] << 8) + req[offset + 4]; | 971 | int nb = (req[offset + 3] << 8) + req[offset + 4]; |
| 935 | uint16_t address_write = (req[offset + 5] << 8) + req[offset + 6]; | 972 | uint16_t address_write = (req[offset + 5] << 8) + req[offset + 6]; |
| 936 | int nb_write = (req[offset + 7] << 8) + req[offset + 8]; | 973 | int nb_write = (req[offset + 7] << 8) + req[offset + 8]; |
| 974 | + int nb_write_bytes = req[offset + 9]; | ||
| 937 | 975 | ||
| 938 | - if ((address + nb) > mb_mapping->nb_registers || | ||
| 939 | - (address_write + nb_write) > mb_mapping->nb_registers) { | 976 | + if (nb_write < 1 || MODBUS_MAX_WR_WRITE_REGISTERS < nb_write || |
| 977 | + nb < 1 || MODBUS_MAX_WR_READ_REGISTERS < nb || | ||
| 978 | + nb_write_bytes != nb_write * 2) { | ||
| 979 | + if (ctx->debug) { | ||
| 980 | + fprintf(stderr, | ||
| 981 | + "Illegal nb of values (W%d, R%d) in write_and_read_registers (max W%d, R%d)\n", | ||
| 982 | + nb_write, nb, | ||
| 983 | + MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); | ||
| 984 | + } | ||
| 985 | + rsp_length = response_exception( | ||
| 986 | + ctx, &sft, | ||
| 987 | + MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp); | ||
| 988 | + } else if ((address + nb) > mb_mapping->nb_registers || | ||
| 989 | + (address_write + nb_write) > mb_mapping->nb_registers) { | ||
| 940 | if (ctx->debug) { | 990 | if (ctx->debug) { |
| 941 | fprintf(stderr, | 991 | fprintf(stderr, |
| 942 | "Illegal data read address %0X or write address %0X write_and_read_registers\n", | 992 | "Illegal data read address %0X or write address %0X write_and_read_registers\n", |
| @@ -1420,21 +1470,21 @@ int modbus_write_and_read_registers(modbus_t *ctx, | @@ -1420,21 +1470,21 @@ int modbus_write_and_read_registers(modbus_t *ctx, | ||
| 1420 | return -1; | 1470 | return -1; |
| 1421 | } | 1471 | } |
| 1422 | 1472 | ||
| 1423 | - if (write_nb > MODBUS_MAX_RW_WRITE_REGISTERS) { | 1473 | + if (write_nb > MODBUS_MAX_WR_WRITE_REGISTERS) { |
| 1424 | if (ctx->debug) { | 1474 | if (ctx->debug) { |
| 1425 | fprintf(stderr, | 1475 | fprintf(stderr, |
| 1426 | "ERROR Too many registers to write (%d > %d)\n", | 1476 | "ERROR Too many registers to write (%d > %d)\n", |
| 1427 | - write_nb, MODBUS_MAX_RW_WRITE_REGISTERS); | 1477 | + write_nb, MODBUS_MAX_WR_WRITE_REGISTERS); |
| 1428 | } | 1478 | } |
| 1429 | errno = EMBMDATA; | 1479 | errno = EMBMDATA; |
| 1430 | return -1; | 1480 | return -1; |
| 1431 | } | 1481 | } |
| 1432 | 1482 | ||
| 1433 | - if (read_nb > MODBUS_MAX_READ_REGISTERS) { | 1483 | + if (read_nb > MODBUS_MAX_WR_READ_REGISTERS) { |
| 1434 | if (ctx->debug) { | 1484 | if (ctx->debug) { |
| 1435 | fprintf(stderr, | 1485 | fprintf(stderr, |
| 1436 | "ERROR Too many registers requested (%d > %d)\n", | 1486 | "ERROR Too many registers requested (%d > %d)\n", |
| 1437 | - read_nb, MODBUS_MAX_READ_REGISTERS); | 1487 | + read_nb, MODBUS_MAX_WR_READ_REGISTERS); |
| 1438 | } | 1488 | } |
| 1439 | errno = EMBMDATA; | 1489 | errno = EMBMDATA; |
| 1440 | return -1; | 1490 | return -1; |
src/modbus.h
| @@ -90,7 +90,8 @@ MODBUS_BEGIN_DECLS | @@ -90,7 +90,8 @@ MODBUS_BEGIN_DECLS | ||
| 90 | */ | 90 | */ |
| 91 | #define MODBUS_MAX_READ_REGISTERS 125 | 91 | #define MODBUS_MAX_READ_REGISTERS 125 |
| 92 | #define MODBUS_MAX_WRITE_REGISTERS 123 | 92 | #define MODBUS_MAX_WRITE_REGISTERS 123 |
| 93 | -#define MODBUS_MAX_RW_WRITE_REGISTERS 121 | 93 | +#define MODBUS_MAX_WR_WRITE_REGISTERS 121 |
| 94 | +#define MODBUS_MAX_WR_READ_REGISTERS 125 | ||
| 94 | 95 | ||
| 95 | /* Random number to avoid errno conflicts */ | 96 | /* Random number to avoid errno conflicts */ |
| 96 | #define MODBUS_ENOBASE 112345678 | 97 | #define MODBUS_ENOBASE 112345678 |
tests/bandwidth-client.c
| @@ -179,9 +179,9 @@ int main(int argc, char *argv[]) | @@ -179,9 +179,9 @@ int main(int argc, char *argv[]) | ||
| 179 | printf("* %d KiB/s\n", rate); | 179 | printf("* %d KiB/s\n", rate); |
| 180 | printf("\n\n"); | 180 | printf("\n\n"); |
| 181 | 181 | ||
| 182 | - printf("READ AND WRITE REGISTERS\n\n"); | 182 | + printf("WRITE AND READ REGISTERS\n\n"); |
| 183 | 183 | ||
| 184 | - nb_points = MODBUS_MAX_RW_WRITE_REGISTERS; | 184 | + nb_points = MODBUS_MAX_WR_WRITE_REGISTERS; |
| 185 | start = gettime_ms(); | 185 | start = gettime_ms(); |
| 186 | for (i=0; i<n_loop; i++) { | 186 | for (i=0; i<n_loop; i++) { |
| 187 | rc = modbus_write_and_read_registers(ctx, | 187 | rc = modbus_write_and_read_registers(ctx, |
tests/bandwidth-server-one.c
| @@ -59,6 +59,7 @@ int main(int argc, char *argv[]) | @@ -59,6 +59,7 @@ int main(int argc, char *argv[]) | ||
| 59 | 59 | ||
| 60 | if (use_backend == TCP) { | 60 | if (use_backend == TCP) { |
| 61 | ctx = modbus_new_tcp("127.0.0.1", 1502); | 61 | ctx = modbus_new_tcp("127.0.0.1", 1502); |
| 62 | + modbus_set_debug(ctx, TRUE); | ||
| 62 | s = modbus_tcp_listen(ctx, 1); | 63 | s = modbus_tcp_listen(ctx, 1); |
| 63 | modbus_tcp_accept(ctx, &s); | 64 | modbus_tcp_accept(ctx, &s); |
| 64 | 65 | ||
| @@ -68,8 +69,7 @@ int main(int argc, char *argv[]) | @@ -68,8 +69,7 @@ int main(int argc, char *argv[]) | ||
| 68 | modbus_connect(ctx); | 69 | modbus_connect(ctx); |
| 69 | } | 70 | } |
| 70 | 71 | ||
| 71 | - mb_mapping = modbus_mapping_new(MODBUS_MAX_READ_BITS, 0, | ||
| 72 | - MODBUS_MAX_READ_REGISTERS, 0); | 72 | + mb_mapping = modbus_mapping_new(1000, 1000, 1000, 1000); |
| 73 | if (mb_mapping == NULL) { | 73 | if (mb_mapping == NULL) { |
| 74 | fprintf(stderr, "Failed to allocate the mapping: %s\n", | 74 | fprintf(stderr, "Failed to allocate the mapping: %s\n", |
| 75 | modbus_strerror(errno)); | 75 | modbus_strerror(errno)); |
tests/unit-test-client.c
| 1 | /* | 1 | /* |
| 2 | - * Copyright © 2008-2010 Stéphane Raimbault <stephane.raimbault@gmail.com> | 2 | + * Copyright © 2008-2013 Stéphane Raimbault <stephane.raimbault@gmail.com> |
| 3 | * | 3 | * |
| 4 | * This program is free software: you can redistribute it and/or modify | 4 | * This program is free software: you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License as published by | 5 | * it under the terms of the GNU General Public License as published by |
| @@ -255,8 +255,8 @@ int main(int argc, char *argv[]) | @@ -255,8 +255,8 @@ int main(int argc, char *argv[]) | ||
| 255 | rc = modbus_read_registers(ctx, UT_REGISTERS_ADDRESS, | 255 | rc = modbus_read_registers(ctx, UT_REGISTERS_ADDRESS, |
| 256 | 0, tab_rp_registers); | 256 | 0, tab_rp_registers); |
| 257 | printf("3/5 modbus_read_registers (0): "); | 257 | printf("3/5 modbus_read_registers (0): "); |
| 258 | - if (rc != 0) { | ||
| 259 | - printf("FAILED (nb points %d)\n", rc); | 258 | + if (rc != -1) { |
| 259 | + printf("FAILED (nb_points %d)\n", rc); | ||
| 260 | goto close; | 260 | goto close; |
| 261 | } | 261 | } |
| 262 | printf("OK\n"); | 262 | printf("OK\n"); |
| @@ -270,7 +270,8 @@ int main(int argc, char *argv[]) | @@ -270,7 +270,8 @@ int main(int argc, char *argv[]) | ||
| 270 | into tab_rp_registers. So the read registers must set to 0, except the | 270 | into tab_rp_registers. So the read registers must set to 0, except the |
| 271 | first one because there is an offset of 1 register on write. */ | 271 | first one because there is an offset of 1 register on write. */ |
| 272 | rc = modbus_write_and_read_registers(ctx, | 272 | rc = modbus_write_and_read_registers(ctx, |
| 273 | - UT_REGISTERS_ADDRESS + 1, UT_REGISTERS_NB - 1, | 273 | + UT_REGISTERS_ADDRESS + 1, |
| 274 | + UT_REGISTERS_NB - 1, | ||
| 274 | tab_rp_registers, | 275 | tab_rp_registers, |
| 275 | UT_REGISTERS_ADDRESS, | 276 | UT_REGISTERS_ADDRESS, |
| 276 | UT_REGISTERS_NB, | 277 | UT_REGISTERS_NB, |
| @@ -430,8 +431,8 @@ int main(int argc, char *argv[]) | @@ -430,8 +431,8 @@ int main(int argc, char *argv[]) | ||
| 430 | goto close; | 431 | goto close; |
| 431 | } | 432 | } |
| 432 | 433 | ||
| 433 | - rc = modbus_write_registers(ctx, UT_REGISTERS_ADDRESS + UT_REGISTERS_NB, | ||
| 434 | - UT_REGISTERS_NB, tab_rp_registers); | 434 | + rc = modbus_read_registers(ctx, UT_REGISTERS_ADDRESS + UT_REGISTERS_NB, |
| 435 | + UT_REGISTERS_NB, tab_rp_registers); | ||
| 435 | printf("* modbus_write_registers: "); | 436 | printf("* modbus_write_registers: "); |
| 436 | if (rc == -1 && errno == EMBXILADD) { | 437 | if (rc == -1 && errno == EMBXILADD) { |
| 437 | printf("OK\n"); | 438 | printf("OK\n"); |
| @@ -440,7 +441,6 @@ int main(int argc, char *argv[]) | @@ -440,7 +441,6 @@ int main(int argc, char *argv[]) | ||
| 440 | goto close; | 441 | goto close; |
| 441 | } | 442 | } |
| 442 | 443 | ||
| 443 | - | ||
| 444 | /** TOO MANY DATA **/ | 444 | /** TOO MANY DATA **/ |
| 445 | printf("\nTEST TOO MANY DATA ERROR:\n"); | 445 | printf("\nTEST TOO MANY DATA ERROR:\n"); |
| 446 | 446 | ||
| @@ -535,7 +535,7 @@ int main(int argc, char *argv[]) | @@ -535,7 +535,7 @@ int main(int argc, char *argv[]) | ||
| 535 | * indication for another slave is received, a confirmation must follow */ | 535 | * indication for another slave is received, a confirmation must follow */ |
| 536 | 536 | ||
| 537 | 537 | ||
| 538 | - /* Send a pair of indication/confimration to the slave with a different | 538 | + /* Send a pair of indication/confirmation to the slave with a different |
| 539 | * slave ID to simulate a communication on a RS485 bus. At first, the | 539 | * slave ID to simulate a communication on a RS485 bus. At first, the |
| 540 | * slave will see the indication message then the confirmation, and it must | 540 | * slave will see the indication message then the confirmation, and it must |
| 541 | * ignore both. */ | 541 | * ignore both. */ |
| @@ -699,13 +699,23 @@ int main(int argc, char *argv[]) | @@ -699,13 +699,23 @@ int main(int argc, char *argv[]) | ||
| 699 | } | 699 | } |
| 700 | 700 | ||
| 701 | /** RAW REQUEST */ | 701 | /** RAW REQUEST */ |
| 702 | - printf("\nTEST RAW REQUEST:\n"); | 702 | + printf("\nTEST RAW REQUESTS:\n"); |
| 703 | { | 703 | { |
| 704 | + int j; | ||
| 704 | const int RAW_REQ_LENGTH = 6; | 705 | const int RAW_REQ_LENGTH = 6; |
| 705 | - uint8_t raw_req[] = { (use_backend == RTU) ? SERVER_ID : 0xFF, | ||
| 706 | - 0x03, 0x00, 0x01, 0x0, 0x05 }; | 706 | + uint8_t raw_req[] = { |
| 707 | + (use_backend == RTU) ? SERVER_ID : 0xFF, | ||
| 708 | + 0x03, 0x00, 0x01, 0x0, 0x05, | ||
| 709 | + }; | ||
| 707 | int req_length; | 710 | int req_length; |
| 708 | uint8_t rsp[MODBUS_TCP_MAX_ADU_LENGTH]; | 711 | uint8_t rsp[MODBUS_TCP_MAX_ADU_LENGTH]; |
| 712 | + int tab_function[] = {0x01, 0x02, 0x03, 0x04}; | ||
| 713 | + int tab_nb_max[] = { | ||
| 714 | + MODBUS_MAX_READ_BITS + 1, | ||
| 715 | + MODBUS_MAX_READ_BITS + 1, | ||
| 716 | + MODBUS_MAX_READ_REGISTERS + 1, | ||
| 717 | + MODBUS_MAX_READ_REGISTERS + 1 | ||
| 718 | + }; | ||
| 709 | 719 | ||
| 710 | req_length = modbus_send_raw_request(ctx, raw_req, | 720 | req_length = modbus_send_raw_request(ctx, raw_req, |
| 711 | RAW_REQ_LENGTH * sizeof(uint8_t)); | 721 | RAW_REQ_LENGTH * sizeof(uint8_t)); |
| @@ -730,6 +740,44 @@ int main(int argc, char *argv[]) | @@ -730,6 +740,44 @@ int main(int argc, char *argv[]) | ||
| 730 | printf("FAILED (%d)\n", rc); | 740 | printf("FAILED (%d)\n", rc); |
| 731 | goto close; | 741 | goto close; |
| 732 | } | 742 | } |
| 743 | + | ||
| 744 | + /* Try to crash server with raw requests to bypass checks of client. */ | ||
| 745 | + | ||
| 746 | + /* Address */ | ||
| 747 | + raw_req[2] = 0; | ||
| 748 | + raw_req[3] = 0; | ||
| 749 | + | ||
| 750 | + /* Try to read more values than a response could hold for all data | ||
| 751 | + * types. | ||
| 752 | + */ | ||
| 753 | + for (i=0; i<4; i++) { | ||
| 754 | + raw_req[1] = tab_function[i]; | ||
| 755 | + | ||
| 756 | + for (j=0; j<2; j++) { | ||
| 757 | + if (j == 0) { | ||
| 758 | + /* Try to read zero values on first iteration */ | ||
| 759 | + raw_req[4] = 0x00; | ||
| 760 | + raw_req[5] = 0x00; | ||
| 761 | + } else { | ||
| 762 | + /* Try to read max values + 1 on second iteration */ | ||
| 763 | + raw_req[4] = (tab_nb_max[i] >> 8) & 0xFF; | ||
| 764 | + raw_req[5] = tab_nb_max[i] & 0xFF; | ||
| 765 | + } | ||
| 766 | + | ||
| 767 | + req_length = modbus_send_raw_request(ctx, raw_req, | ||
| 768 | + RAW_REQ_LENGTH * sizeof(uint8_t)); | ||
| 769 | + printf("* try an exploit on function %d: ", tab_function[i]); | ||
| 770 | + rc = modbus_receive_confirmation(ctx, rsp); | ||
| 771 | + if (rc == 9 && | ||
| 772 | + rsp[7] == (0x80 + tab_function[i]) && | ||
| 773 | + rsp[8] == MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE) { | ||
| 774 | + printf("OK\n"); | ||
| 775 | + } else { | ||
| 776 | + printf("FAILED\n"); | ||
| 777 | + goto close; | ||
| 778 | + } | ||
| 779 | + } | ||
| 780 | + } | ||
| 733 | } | 781 | } |
| 734 | 782 | ||
| 735 | printf("\nALL TESTS PASS WITH SUCCESS.\n"); | 783 | printf("\nALL TESTS PASS WITH SUCCESS.\n"); |
tests/unit-test.h.in
| @@ -36,15 +36,16 @@ | @@ -36,15 +36,16 @@ | ||
| 36 | #define SERVER_ID 17 | 36 | #define SERVER_ID 17 |
| 37 | #define INVALID_SERVER_ID 18 | 37 | #define INVALID_SERVER_ID 18 |
| 38 | 38 | ||
| 39 | -const uint16_t UT_BITS_ADDRESS = 0x13; | 39 | +/* Server allocates address + nb */ |
| 40 | +const uint16_t UT_BITS_ADDRESS = 0x130; | ||
| 40 | const uint16_t UT_BITS_NB = 0x25; | 41 | const uint16_t UT_BITS_NB = 0x25; |
| 41 | const uint8_t UT_BITS_TAB[] = { 0xCD, 0x6B, 0xB2, 0x0E, 0x1B }; | 42 | const uint8_t UT_BITS_TAB[] = { 0xCD, 0x6B, 0xB2, 0x0E, 0x1B }; |
| 42 | 43 | ||
| 43 | -const uint16_t UT_INPUT_BITS_ADDRESS = 0xC4; | 44 | +const uint16_t UT_INPUT_BITS_ADDRESS = 0x1C4; |
| 44 | const uint16_t UT_INPUT_BITS_NB = 0x16; | 45 | const uint16_t UT_INPUT_BITS_NB = 0x16; |
| 45 | const uint8_t UT_INPUT_BITS_TAB[] = { 0xAC, 0xDB, 0x35 }; | 46 | const uint8_t UT_INPUT_BITS_TAB[] = { 0xAC, 0xDB, 0x35 }; |
| 46 | 47 | ||
| 47 | -const uint16_t UT_REGISTERS_ADDRESS = 0x6B; | 48 | +const uint16_t UT_REGISTERS_ADDRESS = 0x16B; |
| 48 | /* Raise a manual exception when this address is used for the first byte */ | 49 | /* Raise a manual exception when this address is used for the first byte */ |
| 49 | const uint16_t UT_REGISTERS_ADDRESS_SPECIAL = 0x6C; | 50 | const uint16_t UT_REGISTERS_ADDRESS_SPECIAL = 0x6C; |
| 50 | /* The response of the server will contains an invalid TID or slave */ | 51 | /* The response of the server will contains an invalid TID or slave */ |
| @@ -57,7 +58,7 @@ const uint16_t UT_REGISTERS_TAB[] = { 0x022B, 0x0001, 0x0064 }; | @@ -57,7 +58,7 @@ const uint16_t UT_REGISTERS_TAB[] = { 0x022B, 0x0001, 0x0064 }; | ||
| 57 | UT_REGISTERS_NB_POINTS to try to raise a segfault. */ | 58 | UT_REGISTERS_NB_POINTS to try to raise a segfault. */ |
| 58 | const uint16_t UT_REGISTERS_NB_SPECIAL = 0x2; | 59 | const uint16_t UT_REGISTERS_NB_SPECIAL = 0x2; |
| 59 | 60 | ||
| 60 | -const uint16_t UT_INPUT_REGISTERS_ADDRESS = 0x08; | 61 | +const uint16_t UT_INPUT_REGISTERS_ADDRESS = 0x108; |
| 61 | const uint16_t UT_INPUT_REGISTERS_NB = 0x1; | 62 | const uint16_t UT_INPUT_REGISTERS_NB = 0x1; |
| 62 | const uint16_t UT_INPUT_REGISTERS_TAB[] = { 0x000A }; | 63 | const uint16_t UT_INPUT_REGISTERS_TAB[] = { 0x000A }; |
| 63 | 64 |