Merge pull request #100 from dvlemplgk/check-cookie

session cookie/ID check

plc/Attributes1.c

@@ -155,6 +155,9 @@ signed Attributes1 (struct plc * plc)
 		};
 		char string [512];
 		size_t length = 0;
+		if (confirm->COOKIE != HTOLE32 (plc->cookie)) {
+			continue;
+		}
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/Attributes2.c

@@ -173,6 +173,9 @@ signed Attributes2 (struct plc * plc)
 
 		char string [512];
 		size_t length = 0;
+		if (confirm->COOKIE != HTOLE32 (plc->cookie)) {
+			continue;
+		}
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/GetProperty.c

@@ -124,6 +124,9 @@ signed GetProperty (struct plc * plc, struct plcproperty * plcproperty)
 	}
 	while (ReadMME (plc, 0, (VS_GET_PROPERTY | MMTYPE_CNF)) > 0)
 	{
+		if (confirm->COOKIE != HTOLE32 (plc->cookie)) {
+			continue;
+		}
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/ModuleCommit.c

@@ -101,7 +101,7 @@ signed ModuleCommit (struct plc * plc, uint32_t options)
 			uint32_t COMMIT_CODE;
 			uint8_t NUM_MODULES;
 		}
-		request;
+		confirm;
 		struct __packed
 		{
 			uint16_t MOD_STATUS;
@@ -132,12 +132,15 @@ signed ModuleCommit (struct plc * plc, uint32_t options)
 		return (-1);
 	}
 	channel->timeout = PLC_MODULE_WRITE_TIMEOUT;
-	if (ReadMME (plc, 0, (VS_MODULE_OPERATION | MMTYPE_CNF)) <= 0)
-	{
-		error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-		channel->timeout = timer;
-		return (-1);
-	}
+	do {
+		if (ReadMME (plc, 0, (VS_MODULE_OPERATION | MMTYPE_CNF)) <= 0)
+		{
+			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+			channel->timeout = timer;
+			return (-1);
+		}
+	} while (confirm->confirm.MOD_OP != HTOLE16 (PLC_MOD_OP_CLOSE_SESSION) ||
+	         confirm->confirm.MOD_OP_SESSION_ID != HTOLE32 (plc->cookie));
 	channel->timeout = timer;
 	if (confirm->MSTATUS)
 	{

plc/ModuleSession.c

@@ -145,12 +145,15 @@ signed ModuleSession (struct plc * plc, unsigned modules, struct vs_module_spec
 		return (-1);
 	}
 	channel->timeout = PLC_MODULE_REQUEST_TIMEOUT;
-	if (ReadMME (plc, 0, (VS_MODULE_OPERATION | MMTYPE_CNF)) <= 0)
-	{
-		error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-		channel->timeout = timer;
-		return (-1);
-	}
+	do {
+		if (ReadMME (plc, 0, (VS_MODULE_OPERATION | MMTYPE_CNF)) <= 0)
+		{
+			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+			channel->timeout = timer;
+			return (-1);
+		}
+	} while (confirm->MODULE_SPEC.MOD_OP != HTOLE16 (PLC_MOD_OP_START_SESSION) ||
+	         confirm->MODULE_SPEC.MOD_OP_SESSION_ID != HTOLE32 (plc->cookie));
 	channel->timeout = timer;
 	if (confirm->MSTATUS)
 	{

plc/ModuleWrite.c

@@ -178,12 +178,15 @@ signed ModuleWrite (struct plc * plc, struct _file_ * file, unsigned index, stru
 			return (-1);
 		}
 		channel->timeout = PLC_MODULE_WRITE_TIMEOUT;
-		if (ReadMME (plc, 0, (VS_MODULE_OPERATION | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			channel->timeout = timer;
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_MODULE_OPERATION | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				channel->timeout = timer;
+				return (-1);
+			}
+		} while (confirm->MODULE_SPEC.MOD_OP != HTOLE16 (PLC_MOD_OP_WRITE_MODULE) ||
+			confirm->MODULE_SPEC.MOD_OP_SESSION_ID != HTOLE32 (plc->cookie));
 		channel->timeout = timer;
 
 #if 1

plc/SetProperty.c

@@ -112,6 +112,9 @@ signed SetProperty (struct plc * plc, struct plcproperty * plcproperty)
 	}
 	while (ReadMME (plc, 0, (VS_SET_PROPERTY | MMTYPE_CNF)) > 0)
 	{
+		if (confirm->COOKIE != HTOLE32 (plc->cookie)) {
+			continue;
+		}
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/VersionInfo2.c

@@ -126,6 +126,10 @@ signed VersionInfo2 (struct plc * plc)
 
 #endif
 
+		/* firmware doesn't fill confirm->COOKIE field at (confirm->MVERSION + confirm->MVERLENGTH + 9)
+		 * (and IDENT, STEPPING_NUM) properly, so we don't check it.
+		 */
+
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WatchdogReport.c

@@ -112,7 +112,7 @@ signed WatchdogReport (struct plc * plc)
 	memset (message, 0, sizeof (* message));
 	EthernetHeader (&request->ethernet, channel->peer, channel->host, channel->type);
 	QualcommHeader (&request->qualcomm, 0, (VS_WD_RPT | MMTYPE_REQ));
-	request->SESSIONID = HTOLE32 (plc->cookie);
+	request->SESSIONID = HTOLE16 (plc->cookie);
 	request->CLR = plc->readaction;
 	plc->packetsize = (ETHER_MIN_LEN - ETHER_CRC_LEN);
 	if (SendMME (plc) <= 0)
@@ -122,11 +122,13 @@ signed WatchdogReport (struct plc * plc)
 	}
 	do
 	{
-		if (ReadMME (plc, 0, (VS_WD_RPT | MMTYPE_IND)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WD_RPT | MMTYPE_IND)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (indicate->SESSIONID != HTOLE16 (plc->cookie));
 		if (indicate->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WriteExecuteApplet2.c

@@ -157,11 +157,13 @@ signed WriteExecuteApplet2 (struct plc * plc, unsigned module, const struct nvm_
 			error (PLC_EXIT (plc), errno, CHANNEL_CANTSEND);
 			return (-1);
 		}
-		if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (confirm->CLIENT_SESSION_ID != HTOLE32 (plc->cookie));
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WriteExecuteFirmware1.c

@@ -154,11 +154,13 @@ signed WriteExecuteFirmware1 (struct plc * plc, unsigned module, const struct nv
 			error (PLC_EXIT (plc), errno, CHANNEL_CANTSEND);
 			return (-1);
 		}
-		if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (confirm->CLIENT_SESSION_ID != HTOLE32 (plc->cookie));
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WriteExecuteFirmware2.c

@@ -154,11 +154,13 @@ signed WriteExecuteFirmware2 (struct plc * plc, unsigned module, const struct nv
 			error (PLC_EXIT (plc), errno, CHANNEL_CANTSEND);
 			return (-1);
 		}
-		if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (confirm->CLIENT_SESSION_ID != HTOLE32 (plc->cookie));
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WriteExecutePIB.c

@@ -149,11 +149,13 @@ signed WriteExecutePIB (struct plc * plc, uint32_t offset, struct pib_header * h
 			error (PLC_EXIT (plc), errno, CHANNEL_CANTSEND);
 			return (-1);
 		}
-		if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (confirm->CLIENT_SESSION_ID != HTOLE32 (plc->cookie));
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WriteExecuteParameters1.c

@@ -181,11 +181,13 @@ signed WriteExecuteParameters1 (struct plc * plc, unsigned module, const struct
 			error (PLC_EXIT (plc), errno, CHANNEL_CANTSEND);
 			return (-1);
 		}
-		if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (confirm->CLIENT_SESSION_ID != HTOLE32 (plc->cookie));
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);

plc/WriteExecuteParameters2.c

@@ -177,11 +177,13 @@ signed WriteExecuteParameters2 (struct plc * plc, unsigned module, const struct
 			error (PLC_EXIT (plc), errno, CHANNEL_CANTSEND);
 			return (-1);
 		}
-		if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
-		{
-			error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
-			return (-1);
-		}
+		do {
+			if (ReadMME (plc, 0, (VS_WRITE_AND_EXECUTE_APPLET | MMTYPE_CNF)) <= 0)
+			{
+				error (PLC_EXIT (plc), errno, CHANNEL_CANTREAD);
+				return (-1);
+			}
+		} while (confirm->CLIENT_SESSION_ID != HTOLE32 (plc->cookie));
 		if (confirm->MSTATUS)
 		{
 			Failure (plc, PLC_WONTDOIT);