Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

packed IP wrong length for inet_ntoa #540

Open
Mathadon opened this issue Nov 25, 2024 · 0 comments
Open

packed IP wrong length for inet_ntoa #540

Mathadon opened this issue Nov 25, 2024 · 0 comments

Comments

@Mathadon
Copy link

Mathadon commented Nov 25, 2024

I'm getting this stack trace:

Traceback (most recent call last):
  File "<cut>/bacpypes/core.py", line 134, in run
    taskManager.process_task(task)
  File "<cut>/bacpypes/task.py", line 376, in process_task
    task.process_task()
  File "<cut>/bacpypes/appservice.py", line 423, in process_task
    self.await_confirmation_timeout()
  File "<cut>/bacpypes/appservice.py", line 615, in await_confirmation_timeout
    self.indication(self.segmentAPDU)
  File "<cut>/bacpypes/appservice.py", line 388, in indication
    self.request(self.get_segment(0))
  File "<cut>/bacpypes/appservice.py", line 296, in request
    self.ssmSAP.request(apdu)
  File "<cut>/bacpypes/comm.py", line 282, in request
    self.clientPeer.indication(*args, **kwargs)
  File "<cut>/bacpypes/netservice.py", line 408, in indication
    local_adapter.process_npdu(npdu)
  File "<cut>/bacpypes/netservice.py", line 221, in process_npdu
    self.request(pdu)
  File "<cut>/bacpypes/comm.py", line 282, in request
    self.clientPeer.indication(*args, **kwargs)
  File "<cut>/bacpypes/bvllservice.py", line 364, in indication
    self.request(xpdu)
  File "<cut>/bacpypes/comm.py", line 282, in request
    self.clientPeer.indication(*args, **kwargs)
  File "<cut>/bacpypes/bvllservice.py", line 298, in indication
    self.request(pdu)
  File "<cut>/bacpypes/comm.py", line 282, in request
    self.clientPeer.indication(*args, **kwargs)
  File "<cut>/bacpypes/bvllservice.py", line 50, in indication
    self.multiplexer.indication(self, pdu)
  File "<cut>/bacpypes/bvllservice.py", line 134, in indication
    dest = unpack_ip_addr(pdu.pduDestination.addrAddr)
  File "<cut>/bacpypes/pdu.py", line 497, in unpack_ip_addr
    return (socket.inet_ntoa(addr[0:4]), struct.unpack('!H', addr[4:6])[0])
OSError: packed IP wrong length for inet_ntoa

This error seems to be produced in an infinite loop. Having inspect the code, that part seems to be resolved by editing bacpypes/appservice.py like so:

    def await_confirmation_timeout(self):
        if _debug: ClientSSM._debug("await_confirmation_timeout")

        if self.retryCount < self.numberOfApduRetries:
            if _debug: ClientSSM._debug("    - no response, try again (%d < %d)", self.retryCount, self.numberOfApduRetries)
            self.retryCount += 1

            # save the retry count, indication acts like the request is coming
            # from the application so the retryCount gets re-initialized.
            saveCount = self.retryCount
+            try:
                self.indication(self.segmentAPDU)
+            except OSError:
+                print(f"Restoring savecount to {saveCount}")
                self.retryCount = saveCount
+                try:
+                    print(self.segmentAPDU.debug_contents())
+                except:
+                    print("No apdu")
+                    pass
+                raise
            self.retryCount = saveCount
        else:
            if _debug: ClientSSM._debug("    - retry count exceeded")
            abort = self.abort(AbortReason.noResponse)
            self.response(abort)

The problem was that the code fails when calling self.indication, due to which the retryCount variable is not reset and the code ends up infinitely retrying to parse the message.

This solves the infinite loop but not the underlying problem inet_ntoa.

The above print statement that I added produces things like:

Restoring savecount to 1
    pduDestination = <Address 1:1>
    pduExpectingReply = 1
    pduNetworkPriority = 0
    apduType = 0
    apduService = 14
    apduInvokeID = 129
    pduData = x'0c.00.0<cut>...'
None

This shows that the address is Address 1:1, which is not a regular IP address consisting of 4 bytes. Hence it makes sense that addr[4:6] is out of range? In some parts of the code I see code that depends on the length of the address, to cover the case where the address does not contain an actual IP address. This seems to be missing here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant