|
|
@@ -833,7 +833,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req,
|
|
|
case _FC_WRITE_MULTIPLE_COILS: {
|
|
|
int nb = (req[offset + 3] << 8) + req[offset + 4];
|
|
|
|
|
|
- if ((address + nb) > mb_mapping->nb_bits) {
|
|
|
+ if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb) {
|
|
|
+ if (ctx->debug) {
|
|
|
+ fprintf(stderr,
|
|
|
+ "Illegal number of values %d in write_bits (max %d)\n",
|
|
|
+ nb, MODBUS_MAX_WRITE_BITS);
|
|
|
+ }
|
|
|
+ rsp_length = response_exception(
|
|
|
+ ctx, &sft,
|
|
|
+ MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp);
|
|
|
+ } else if ((address + nb) > mb_mapping->nb_bits) {
|
|
|
if (ctx->debug) {
|
|
|
fprintf(stderr, "Illegal data address %0X in write_bits\n",
|
|
|
address + nb);
|
|
|
@@ -855,7 +864,16 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req,
|
|
|
case _FC_WRITE_MULTIPLE_REGISTERS: {
|
|
|
int nb = (req[offset + 3] << 8) + req[offset + 4];
|
|
|
|
|
|
- if ((address + nb) > mb_mapping->nb_registers) {
|
|
|
+ if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb) {
|
|
|
+ if (ctx->debug) {
|
|
|
+ fprintf(stderr,
|
|
|
+ "Illegal number of values %d in write_registers (max %d)\n",
|
|
|
+ nb, MODBUS_MAX_WRITE_REGISTERS);
|
|
|
+ }
|
|
|
+ rsp_length = response_exception(
|
|
|
+ ctx, &sft,
|
|
|
+ MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp);
|
|
|
+ } else if ((address + nb) > mb_mapping->nb_registers) {
|
|
|
if (ctx->debug) {
|
|
|
fprintf(stderr, "Illegal data address %0X in write_registers\n",
|
|
|
address + nb);
|
Stéphane Raimbault