Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Fix remote buffer overflow vulnerability #105

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants

Hello Stephane,

please consider pulling this patch. It is also already in the debian repositories.

Add checks so modbus_reply returns a
MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS if the count of requested
registers exceeds the spec as noted in modbus.h, line 73ff.

Josef Holzmayr Add register count checks to modbus_reply
Add checks so modbus_reply returns a
MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS if the count of requested
registers exceeds the spec as noted in modbus.h, line 73ff.
49487d6
Owner

stephane commented Sep 25, 2013

Don't ask me why I didn't merged this important fix sooner (shame on me)!
I'll merge this fix this week with unit tests.

@stephane stephane added a commit that referenced this pull request Oct 6, 2013

@stephane stephane Fix remote buffer overflow vulnerability (closes #25, #105)
It's strongly recommended to update your libmodbus library if you
use it in a slave/server application in a not trusted environment.

Debian package of libmodbus 3.0.4 already contains a patch to
mitigate the exploit but the patch isn't as strong than this one.
fc73565

@stephane stephane closed this Oct 6, 2013

@mk8 mk8 added a commit to mk8/libmodbus that referenced this pull request Jan 29, 2014

@stephane @mk8 stephane + mk8 Fix remote buffer overflow vulnerability (closes #25, #105)
It's strongly recommended to update your libmodbus library if you
use it in a slave/server application in a not trusted environment.

Debian package of libmodbus 3.0.4 already contains a patch to
mitigate the exploit but the patch isn't as strong than this one.
8909a5f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment