@@ -637,6 +637,9 @@ bool mesh_crypto_packet_build(bool ctl, uint8_t ttl,
uint32_t hdr;
size_t n;
+ if (seq > SEQ_MASK)
+ return false;
+
l_put_be32(seq, packet + 1);
packet[1] = (ctl ? CTL : 0) | (ttl & TTL_MASK);
@@ -40,6 +40,7 @@
#include "mesh/mesh-defs.h"
#include "mesh/util.h"
#include "mesh/mesh-config.h"
+#include "mesh/net.h"
/* To prevent local node JSON cache thrashing, minimum update times */
#define MIN_SEQ_CACHE_TRIGGER 32
@@ -365,7 +366,7 @@ static bool read_seq_number(json_object *jobj, uint32_t *seq_number)
if (!val && errno == EINVAL)
return false;
- if (val < 0 || val > 0xffffff)
+ if (val < 0 || val > SEQ_MASK + 1)
return false;
*seq_number = (uint32_t) val;
@@ -2019,10 +2020,21 @@ bool mesh_config_write_seq_number(struct mesh_config *cfg, uint32_t seq,
if (cached < seq + MIN_SEQ_CACHE_VALUE)
cached = seq + MIN_SEQ_CACHE_VALUE;
- l_debug("Seq Cache: %d -> %d", seq, cached);
+ /* Cap the seq cache maximum to fixed out-of-range value.
+ * If daemon restarts with out-of-range value, no packets
+ * are to be sent until IV Update procedure completes.
+ */
+ if (cached > SEQ_MASK)
+ cached = SEQ_MASK + 1;
cfg->write_seq = seq;
+ /* Don't rewrite NVM storage if unchanged */
+ if (value == (int) cached)
+ return true;
+
+ l_debug("Seq Cache: %d -> %d", seq, cached);
+
if (!write_int(cfg->jnode, "sequenceNumber", cached))
return false;
@@ -511,6 +511,15 @@ uint32_t mesh_net_next_seq_num(struct mesh_net *net)
{
uint32_t seq = net->seq_num++;
+ /* Cap out-of-range seq_num max value to +1. Out of range
+ * seq_nums will not be sent as they would violate spec.
+ * This condition signals a runaway seq_num condition, and
+ * the node must wait for a completed IV Index update procedure
+ * before it can send again.
+ */
+ if (net->seq_num > SEQ_MASK)
+ net->seq_num = SEQ_MASK + 1;
+
node_set_sequence_number(net->node, net->seq_num);
return seq;
}
From: Jakub Witowski <jakub.witowski@silvair.com> --- mesh/crypto.c | 3 +++ mesh/mesh-config-json.c | 16 ++++++++++++++-- mesh/net.c | 9 +++++++++ 3 files changed, 26 insertions(+), 2 deletions(-)