From fe428c869b7f51abf427cd14911b2133888a85be Mon Sep 17 00:00:00 2001 From: Max Johnstone Date: Fri, 29 May 2026 09:28:59 +1200 Subject: [PATCH] Add missing length check in EncodeEPath function EncodeEpath assumes that at the very least the Epath it has been given has at least one segment. This is not necessarily true. Take for example the TCP/IP interface object attribute 4. For a device with multiple physical interfaces that correspond to the TCP/IP interface, this attribute can contain a path size of zero. Without this check the encoding will be wrong and the assertion present in this function will fail. --- source/src/cip/cipcommon.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/source/src/cip/cipcommon.c b/source/src/cip/cipcommon.c index 8b5549237..b63bfd332 100644 --- a/source/src/cip/cipcommon.c +++ b/source/src/cip/cipcommon.c @@ -1342,15 +1342,17 @@ void EncodeEPath(const void *const data, unsigned int length = epath->path_size; size_t start_length = message->used_message_length; - if(epath->class_id < 256) { - AddSintToMessage(0x20, message); /* 8 Bit Class Id */ - AddSintToMessage( (EipUint8) epath->class_id, message ); - length -= 1; - } else { - AddSintToMessage(0x21, message); /*16Bit Class Id */ - AddSintToMessage(0, message); /*pad byte */ - AddIntToMessage(epath->class_id, message); - length -= 2; + if(0 < length) { + if(epath->class_id < 256) { + AddSintToMessage(0x20, message); /* 8 Bit Class Id */ + AddSintToMessage( (EipUint8) epath->class_id, message ); + length -= 1; + } else { + AddSintToMessage(0x21, message); /*16Bit Class Id */ + AddSintToMessage(0, message); /*pad byte */ + AddIntToMessage(epath->class_id, message); + length -= 2; + } } if(0 < length) {