zigpy-znp icon indicating copy to clipboard operation
zigpy-znp copied to clipboard

Published 20 hours ago verified publisher icon zigpy

Zigpy error when receiving a Malformed packet

Open pipiche38 opened this issue 3 years ago • 4 comments
trafficstars

Looks like the libraries is not resilient to "Malformed Packet"

Here after is the Sniffed paquet

Screenshot 2022-09-07 at 20 06 17

And here after is the message produce by the zigpy library

2022-09-07 20:04:01,025 WARNING :Failed to parse broken GeneralFrame(header=CommandHeader(id=0x9F, subsystem=Subsystem.ZDO, type=CommandType.AREQ), data=b'\x7F\xF1\x84\x04\x45') as <class 'zigpy_znp.types.commands.ZDO.ParentAnnceRsp.Callback'>
2022-09-07 20:04:01,029 ERROR   :Task exception was never retrieved
future: <Task finished name='Task-33' coro=<ControllerApplication.on_zdo_message() done, defined at /var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy_znp/zigbee/application.py:519> exception=ValueError('Data is too short to contain 1 bytes')>
Traceback (most recent call last):
  File "/usr/lib/python3.9/asyncio/tasks.py", line 256, in __step
    result = coro.send(None)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy_znp/zigbee/application.py", line 527, in on_zdo_message
    args, data = list_deserialize(data, types)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/__init__.py", line 9, in deserialize
    value, data = type_.deserialize(data)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/basic.py", line 668, in deserialize
    item, data = cls._item_type.deserialize(data)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/basic.py", line 694, in deserialize
    item, data = cls._item_type.deserialize(data)
  File "/var/lib/domoticz/plugins/Domoticz-Zigbee/zigpy/types/basic.py", line 147, in deserialize
    raise ValueError(f"Data is too short to contain {byte_size} bytes")
ValueError: Data is too short to contain 1 bytes

pipiche38 avatar Sep 07 '22 18:09 pipiche38

What is the expected behavior here? Nothing crashes, it's just a traceback.

puddly avatar Sep 07 '22 18:09 puddly

PA is oft being used for dosing NCPc for getting control of the host system (some SDKs have getting security patches for eliminating it) but for getting access is very tricky then you must using the serial for knocking the host system.

I think one warning shall being OK so user can see if some one is trying getting in there system.

MattWestb avatar Sep 07 '22 19:09 MattWestb

Application should consume the exception, not the library.

Adminiuga avatar Sep 07 '22 19:09 Adminiuga

I don't understand what you mean by application. Here the application doesn't receive anything the stack crash is inside zigpy library, no ?

pipiche38 avatar Sep 07 '22 20:09 pipiche38

Fixed by packet API, since ZNP forwards all packets as-is to the application with packet_received.

puddly avatar Oct 08 '22 02:10 puddly