tokio-modbus icon indicating copy to clipboard operation
tokio-modbus copied to clipboard

Published 20 hours ago verified publisher icon slowtec

Missing validation of request PDU parameters

Open chengchangwu opened this issue 2 years ago • 5 comments

I've found that I can read at most 126 input registers with read_input_registers(). But why 126? Which part of the source code should I read.

chengchangwu avatar Apr 11 '22 16:04 chengchangwu

Limited by Modbus message size, please refer to the spec.

6.4 04 (0x04) Read Input Registers This function code is used to read from 1 to 125 contiguous input registers in a remote device.

uklotzde avatar Apr 11 '22 17:04 uklotzde

But I can read 126 contiguous registers. one more than the spec.

chengchangwu avatar Apr 12 '22 12:04 chengchangwu

This bug affects multiple function codes. Currently there are no semantic, client-side parameters according to the Modbus protocol validations in place. If a parameter value could technically be serialized it is accepted, even if the Modbus protocol specifies more restrictive, semantic bounds. Ideally servers should reject such non-standard requests.

Not a severe bug as clients are responsible for sending valid requests and servers are advised to reject invalid requests. Enforcing strict standard behavior by the library may even prevent using custom, vendor-specific extensions.

uklotzde avatar Mar 04 '23 16:03 uklotzde

Not a bug, it's a "feature".

If those additional conformance checks are implemented then they should be hidden behind a feature flag. Not everyone might need or want them.

uklotzde avatar Mar 05 '23 18:03 uklotzde

This affects both the client and the server.

uklotzde avatar Mar 06 '23 10:03 uklotzde