Merge pull request #334 from EIPStackGroup/Claroty_GetPathLogialSegment

Claroty get path logial segment

source/src/cip/cipconnectionmanager.c

@@ -1323,10 +1323,11 @@ EipUint8 ParseConnectionPath(CipConnectionObject *connection_object,
 
       for(size_t i = 0; i < number_of_encoded_paths; i++) /* process up to 2 encoded paths */
       {
-        if(kLogicalSegmentLogicalTypeInstanceId ==
-           GetPathLogicalSegmentLogicalType(message)
-           || kLogicalSegmentLogicalTypeConnectionPoint ==
-           GetPathLogicalSegmentLogicalType(message) )                                               /* Connection Point interpreted as InstanceNr -> only in Assembly Objects */
+        if(kSegmentTypeLogicalSegment == GetPathSegmentType(message)
+           && (kLogicalSegmentLogicalTypeInstanceId ==
+               GetPathLogicalSegmentLogicalType(message)
+               || kLogicalSegmentLogicalTypeConnectionPoint ==
+               GetPathLogicalSegmentLogicalType(message) ) )                                            /* Connection Point interpreted as InstanceNr -> only in Assembly Objects */
         {   /* Attribute Id or Connection Point */
           CipDword attribute_id = CipEpathGetLogicalValue(&message);
           CipConnectionPathEpath connection_epath =

source/src/cip/cipepath.c

@@ -20,7 +20,7 @@ const unsigned int kPortSegmentExtendedPort = 15; /**< Reserved port segment por
 SegmentType GetPathSegmentType(const CipOctet *const cip_path) {
   const unsigned int kSegmentTypeMask = 0xE0;
   const unsigned int segment_type = *cip_path & kSegmentTypeMask;
-  SegmentType result = kSegmentTypeReserved;
+  SegmentType result = kSegmentTypeInvalid;
   switch(segment_type) {
     case SEGMENT_TYPE_PORT_SEGMENT:
       result = kSegmentTypePortSegment;
@@ -49,7 +49,6 @@ SegmentType GetPathSegmentType(const CipOctet *const cip_path) {
     default:
       OPENER_TRACE_ERR(
         "Invalid Segment type in the message! We should never come here!\n");
-      OPENER_ASSERT(false);
       break;
   }
   return result;
@@ -162,7 +161,7 @@ LogicalSegmentLogicalType GetPathLogicalSegmentLogicalType(
   OPENER_ASSERT(kSegmentTypeLogicalSegment == GetPathSegmentType(cip_path) );
   const unsigned int kLogicalTypeMask = 0x1C;
   const unsigned int logical_type = (*cip_path) & kLogicalTypeMask;
-  LogicalSegmentLogicalType result = kLogicalSegmentLogicalTypeExtendedLogical;
+  LogicalSegmentLogicalType result = kLogicalSegmentLogicalTypeInvalid;
   switch(logical_type) {
     case LOGICAL_SEGMENT_TYPE_CLASS_ID:
       result = kLogicalSegmentLogicalTypeClassId;
@@ -190,8 +189,7 @@ LogicalSegmentLogicalType GetPathLogicalSegmentLogicalType(
       break;
     default:
       OPENER_TRACE_ERR(
-        "Logical segment/logical type: It is not possible to reach this point!\n");
-      OPENER_ASSERT(false);
+        "Logical segment/logical type: Invalid input!\n");
       break;
   }
   return result;
@@ -238,7 +236,7 @@ LogicalSegmentLogicalFormat GetPathLogicalSegmentLogicalFormat(
   OPENER_ASSERT(kSegmentTypeLogicalSegment == GetPathSegmentType(cip_path) );
   const unsigned int kLogicalFormatMask = 0x03;
   const unsigned int logical_format = (*cip_path) & kLogicalFormatMask;
-  LogicalSegmentLogicalFormat result = kLogicalSegmentLogicalFormatEightBit;
+  LogicalSegmentLogicalFormat result = kLogicalSegmentLogicalFormatInvalid;
   switch(logical_format) {
     case LOGICAL_SEGMENT_FORMAT_EIGHT_BIT:
       result = kLogicalSegmentLogicalFormatEightBit;
@@ -252,7 +250,6 @@ LogicalSegmentLogicalFormat GetPathLogicalSegmentLogicalFormat(
     default:
       OPENER_TRACE_ERR(
         "Logical segment/logical type: Invalid logical type detected!\n");
-      OPENER_ASSERT(false);
       break;
   }
   return result;
@@ -283,7 +280,7 @@ void SetPathLogicalSegmentLogicalFormat(LogicalSegmentLogicalFormat format,
 CipDword CipEpathGetLogicalValue(const EipUint8 **message) {
   LogicalSegmentLogicalFormat logical_format =
     GetPathLogicalSegmentLogicalFormat(*message);
-  CipDword data = 0;
+  CipDword data = kLogicalSegmentLogicalFormatInvalid;
   (*message) += 1; /* Move to logical value */
   switch(logical_format) {
     case kLogicalSegmentLogicalFormatEightBit:
@@ -298,7 +295,8 @@ CipDword CipEpathGetLogicalValue(const EipUint8 **message) {
       data = GetDwordFromMessage(message);
       break;
     default:
-      OPENER_ASSERT(false);/* shall not happen! */
+      OPENER_TRACE_ERR(
+        "Logical segment/logical type: Invalid logical value detected!\n");
       break;
   }
   return data;
@@ -333,7 +331,7 @@ LogicalSegmentExtendedLogicalType GetPathLogicalSegmentExtendedLogicalType(
                   cip_path) );
   const unsigned int extended_logical_type = *(cip_path + 1);
   LogicalSegmentExtendedLogicalType result =
-    kLogicalSegmentExtendedLogicalTypeReserved;
+    kLogicalSegmentExtendedLogicalTypeInvalid;
   switch(extended_logical_type) {
     case LOGICAL_SEGMENT_EXTENDED_TYPE_ARRAY_INDEX:
       result = kLogicalSegmentExtendedLogicalTypeArrayIndex;
@@ -353,8 +351,12 @@ LogicalSegmentExtendedLogicalType GetPathLogicalSegmentExtendedLogicalType(
     case LOGICAL_SEGMENT_EXTENDED_TYPE_STRUCTURE_MEMBER_HANDLE:
       result = kLogicalSegmentExtendedLogicalTypeStructureMemberHandle;
       break;
-    default:
+    case LOGICAL_SEGMENT_EXTENDED_TYPE_RESERVED:
       result = kLogicalSegmentExtendedLogicalTypeReserved;
+      break;
+    default:
+      OPENER_TRACE_ERR(
+        "Logical segment/logical type: Invalid extended type detected!\n");
   }
   return result;
 }

source/src/cip/cipepath.h

@@ -79,7 +79,8 @@ typedef enum segment_type {
   kSegmentTypeDataSegment, /**< Data segment */
   kSegmentTypeDataTypeConstructed, /**< Data type constructed */
   kSegmentTypeDataTypeElementary, /**< Data type elementary */
-  kSegmentTypeReserved /**< Reserved segment type */
+  kSegmentTypeReserved, /**< Reserved segment type */
+  kSegmentTypeInvalid /**< Invalid segment type */
 } SegmentType;
 
 /** @brief Port Segment flags */
@@ -96,7 +97,8 @@ typedef enum logical_segment_type {
   kLogicalSegmentLogicalTypeAttributeId, /**< Attribute ID */
   kLogicalSegmentLogicalTypeSpecial, /**< Special */
   kLogicalSegmentLogicalTypeServiceId, /**< Service ID */
-  kLogicalSegmentLogicalTypeExtendedLogical /**< Extended Logical */
+  kLogicalSegmentLogicalTypeExtendedLogical, /**< Extended Logical */
+  kLogicalSegmentLogicalTypeInvalid /**< Invalid segment type */
 } LogicalSegmentLogicalType;
 
 typedef enum logical_segment_extended_logical_type {
@@ -106,7 +108,8 @@ typedef enum logical_segment_extended_logical_type {
   kLogicalSegmentExtendedLogicalTypeBitIndex,
   kLogicalSegmentExtendedLogicalTypeIndirectBitIndex,
   kLogicalSegmentExtendedLogicalTypeStructureMemberNumber,
-  kLogicalSegmentExtendedLogicalTypeStructureMemberHandle
+  kLogicalSegmentExtendedLogicalTypeStructureMemberHandle,
+  kLogicalSegmentExtendedLogicalTypeInvalid
 } LogicalSegmentExtendedLogicalType;
 
 /** @brief Enum containing values how long the encoded value will be (8, 16, or
@@ -114,7 +117,8 @@ typedef enum logical_segment_extended_logical_type {
 typedef enum logical_segment_logical_format {
   kLogicalSegmentLogicalFormatEightBit,
   kLogicalSegmentLogicalFormatSixteenBit,
-  kLogicalSegmentLogicalFormatThirtyTwoBit
+  kLogicalSegmentLogicalFormatThirtyTwoBit,
+  kLogicalSegmentLogicalFormatInvalid
 } LogicalSegmentLogicalFormat;
 
 typedef enum logical_segment_special_type_logical_format {

source/src/enet_encap/cpf.c

@@ -448,7 +448,7 @@ void EncodeSequenceNumber(
   const CipCommonPacketFormatData *const common_packet_format_data_item,
   ENIPMessage *const outgoing_message) {
   AddIntToMessage(
-     (EipUint16) common_packet_format_data_item->address_item.data.sequence_number,
+    (EipUint16) common_packet_format_data_item->address_item.data.sequence_number,
     outgoing_message );
 }
 

source/src/enet_encap/encap.c

@@ -479,7 +479,7 @@ void DetermineDelayTime(const EipByte *buffer_start,
 
   buffer_start += 12; /* start of the sender context */
   EipUint16 maximum_delay_time = GetUintFromMessage(
-     (const EipUint8 **const ) &buffer_start );
+    (const EipUint8 **const ) &buffer_start );
 
   if(0 == maximum_delay_time) {
     maximum_delay_time = kListIdentityDefaultDelayTime;
@@ -523,9 +523,9 @@ void HandleReceivedRegisterSessionCommand(int socket,
     kEncapsulationProtocolSuccess;
 
   EipUint16 protocol_version = GetUintFromMessage(
-     (const EipUint8 **const ) &receive_data->current_communication_buffer_position );
+    (const EipUint8 **const ) &receive_data->current_communication_buffer_position );
   EipUint16 option_flag = GetUintFromMessage(
-     (const EipUint8 **const ) &receive_data->current_communication_buffer_position );
+    (const EipUint8 **const ) &receive_data->current_communication_buffer_position );
 
   /* check if requested protocol version is supported and the register session option flag is zero*/
   if( (0 < protocol_version) &&
@@ -620,9 +620,9 @@ EipStatus HandleReceivedSendUnitDataCommand(
     /* Command specific data UDINT .. Interface Handle, UINT .. Timeout, CPF packets */
     /* don't use the data yet */
     GetDintFromMessage(
-       (const EipUint8 **const ) &receive_data->current_communication_buffer_position );                /* skip over null interface handle*/
+      (const EipUint8 **const ) &receive_data->current_communication_buffer_position );                 /* skip over null interface handle*/
     GetIntFromMessage(
-       (const EipUint8 **const ) &receive_data->current_communication_buffer_position );               /* skip over unused timeout value*/
+      (const EipUint8 **const ) &receive_data->current_communication_buffer_position );                /* skip over unused timeout value*/
     ( (EncapsulationData *const ) receive_data )->data_length -= 6; /* the rest is in CPF format*/
 
     if(kSessionStatusValid == CheckRegisteredSessions(receive_data) ) /* see if the EIP session is registered*/
@@ -662,9 +662,9 @@ EipStatus HandleReceivedSendRequestResponseDataCommand(
     /* Command specific data UDINT .. Interface Handle, UINT .. Timeout, CPF packets */
     /* don't use the data yet */
     GetDintFromMessage(
-       (const EipUint8 **const ) &receive_data->current_communication_buffer_position );                /* skip over null interface handle*/
+      (const EipUint8 **const ) &receive_data->current_communication_buffer_position );                 /* skip over null interface handle*/
     GetIntFromMessage(
-       (const EipUint8 **const ) &receive_data->current_communication_buffer_position );               /* skip over unused timeout value*/
+      (const EipUint8 **const ) &receive_data->current_communication_buffer_position );                /* skip over unused timeout value*/
     ( (EncapsulationData *const ) receive_data )->data_length -= 6; /* the rest is in CPF format*/
 
     if(kSessionStatusValid == CheckRegisteredSessions(receive_data) ) /* see if the EIP session is registered*/
@@ -751,9 +751,9 @@ SessionStatus CheckRegisteredSessions(
   const EncapsulationData *const receive_data) {
 
 /* Skip the check when fuzzing
-    in order to increase our code coverage 
+    in order to increase our code coverage
     we are simply bypassing all the session checks
-*/
+ */
 #ifdef FUZZING_AFL
   return kSessionStatusValid;
 #endif

source/src/ports/POSIX/main.c

@@ -138,7 +138,7 @@ int main(int argc,
 #ifdef FUZZING_AFL
   fuzzHandlePacketFlow();
   return EXIT_SUCCESS;
-#endif 
+#endif
 
   /* The CIP objects are now created and initialized with their default values.
    *  After that any NV data values are loaded to change the attribute contents
@@ -300,7 +300,7 @@ static void fuzzHandlePacketFlow(void) {
   ENIPMessage outgoing_message;
 
   /* AFL persistent mode */
-  while(__AFL_LOOP(100000)) {
+  while(__AFL_LOOP(100000) ) {
     /* Read input from STDIN and enter the handle receive flow */
     memset(buff, 0, 512);
     ssize_t received_size = read(STDIN_FILENO, buff, 512);
@@ -312,7 +312,12 @@ static void fuzzHandlePacketFlow(void) {
     //EipStatus need_to_send = HandleReceivedExplictUdpData(socket_fd, &from_address, receive_buffer, received_size, &remaining_bytes, true, &outgoing_message);
 
     // Fuzz TCP
-    EipStatus need_to_send = HandleReceivedExplictTcpData(socket_fd, receive_buffer, received_size, &remaining_bytes, &from_address, &outgoing_message);
+    EipStatus need_to_send = HandleReceivedExplictTcpData(socket_fd,
+                                                          receive_buffer,
+                                                          received_size,
+                                                          &remaining_bytes,
+                                                          &from_address,
+                                                          &outgoing_message);
   }
 #endif
 }