From c5992ebd81c62a8181b2dd2835d920c2e0a92a6a Mon Sep 17 00:00:00 2001 From: kidpixo Date: Thu, 11 May 2023 11:54:15 +0200 Subject: [PATCH 1/5] Update api.md correct a small markdown typo in `requestFrom` input type descriptio. --- docs/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api.md b/docs/api.md index 48e1b3c..76097f3 100644 --- a/docs/api.md +++ b/docs/api.md @@ -229,7 +229,7 @@ int requestFrom(int id, int type, int address,int nb); #### Parameters - id (slave) - id of target, defaults to 0x00 if not specified -type - type of read to perform, either COILS, DISCRETE_INPUTS, HOLDING_REGISTERS, or INPUT_REGISTERS +- type - type of read to perform, either COILS, DISCRETE_INPUTS, HOLDING_REGISTERS, or INPUT_REGISTERS - address start address to use for operation - nb - number of values to read From 7528989a1bbdeacb3f41bfa07e355df78ab2cf6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 11:19:11 +0000 Subject: [PATCH 2/5] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-arduino.yml | 2 +- .github/workflows/compile-examples.yml | 2 +- .github/workflows/spell-check.yml | 2 +- .github/workflows/sync-labels.yml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/check-arduino.yml b/.github/workflows/check-arduino.yml index 3e0d26c..adb330f 100644 --- a/.github/workflows/check-arduino.yml +++ b/.github/workflows/check-arduino.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Arduino Lint uses: arduino/arduino-lint-action@v1 diff --git a/.github/workflows/compile-examples.yml b/.github/workflows/compile-examples.yml index fe29687..945a25a 100644 --- a/.github/workflows/compile-examples.yml +++ b/.github/workflows/compile-examples.yml @@ -88,7 +88,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Compile examples uses: arduino/compile-sketches@v1 diff --git a/.github/workflows/spell-check.yml b/.github/workflows/spell-check.yml index 6ad2f61..3ce6a08 100644 --- a/.github/workflows/spell-check.yml +++ b/.github/workflows/spell-check.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 # See: https://github.com/codespell-project/actions-codespell/blob/master/README.md - name: Spell check diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 94938f3..9cde1ac 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download JSON schema for labels configuration file id: download-schema @@ -105,7 +105,7 @@ jobs: echo "::set-output name=flag::--dry-run" - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download configuration files artifact uses: actions/download-artifact@v3 From 2551e034314bb9b0b666678fee1527e3b1009a73 Mon Sep 17 00:00:00 2001 From: Michael Heimpold Date: Sat, 8 Jan 2022 20:00:50 +0100 Subject: [PATCH 3/5] modbus_reply: fix copy & paste error in sanity check (fixes #614) While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets must be checked, i.e. the read and the write address must be within the mapping range. At the moment, only the read address was considered, it looks like a simple copy and paste error, so let's fix it. Signed-off-by: Michael Heimpold --- src/libmodbus/modbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libmodbus/modbus.c b/src/libmodbus/modbus.c index 17e36e1..0123e8e 100644 --- a/src/libmodbus/modbus.c +++ b/src/libmodbus/modbus.c @@ -1017,7 +1017,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers || - mapping_address < 0 || + mapping_address_write < 0 || (mapping_address_write + nb_write) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, From e19543e083acb8554b3bdd8f7c8ee4f6ea271957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Raimbault?= Date: Fri, 26 Jul 2019 16:00:06 +0200 Subject: [PATCH 4/5] Fix VD-1301 and VD-1302 vulnerabilities This patch was contributed by Maor Vermucht and Or Peles from VDOO Connected Trust. --- src/libmodbus/modbus.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libmodbus/modbus.c b/src/libmodbus/modbus.c index 0123e8e..3afeb3b 100644 --- a/src/libmodbus/modbus.c +++ b/src/libmodbus/modbus.c @@ -897,9 +897,10 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, break; case MODBUS_FC_WRITE_MULTIPLE_COILS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; + int nb_bits = req[offset + 5]; int mapping_address = address - mb_mapping->start_bits; - if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb) { + if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb || nb_bits * 8 < nb) { /* May be the indication has been truncated on reading because of * invalid address (eg. nb is 0 but the request contains values to * write) so it's necessary to flush. */ @@ -928,9 +929,10 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, break; case MODBUS_FC_WRITE_MULTIPLE_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; + int nb_bytes = req[offset + 5]; int mapping_address = address - mb_mapping->start_registers; - if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb) { + if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb || nb_bytes * 8 < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, "Illegal number of values %d in write_registers (max %d)\n", From 12c32ce59f033d013af733116c3273a4f1331dc8 Mon Sep 17 00:00:00 2001 From: Martino Facchin Date: Fri, 27 Oct 2023 12:32:06 +0200 Subject: [PATCH 5/5] Release 1.0.9 --- library.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library.properties b/library.properties index 4a076b3..84aace6 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=ArduinoModbus -version=1.0.8 +version=1.0.9 author=Arduino maintainer=Arduino sentence=Use Modbus equipment with your Arduino.