From e2aca67ba5c7207c60071c9cf8b1d94ecf5142b4 Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Wed, 10 Aug 2022 15:52:09 -0400 Subject: [PATCH 1/8] Fix #277, Check for truncated EID/TSN fields in PDU hdr --- fsw/src/cf_cfdp.c | 17 +++++++++++++---- fsw/src/cf_codec.c | 24 +++++++++++++++++------- fsw/src/cf_codec.h | 4 +++- fsw/src/cf_events.h | 11 +++++++++++ unit-test/cf_cfdp_tests.c | 7 +++++++ unit-test/cf_codec_tests.c | 18 +++++++++++------- unit-test/stubs/cf_codec_stubs.c | 5 ++++- 7 files changed, 66 insertions(+), 20 deletions(-) diff --git a/fsw/src/cf_cfdp.c b/fsw/src/cf_cfdp.c index ea27038d..b8c169b0 100644 --- a/fsw/src/cf_cfdp.c +++ b/fsw/src/cf_cfdp.c @@ -633,16 +633,25 @@ int CF_CFDP_RecvPh(uint8 chan_num, CF_Logical_PduBuffer_t *ph) int ret = 0; CF_Assert(chan_num < CF_NUM_CHANNELS); - - CF_CFDP_DecodeHeader(ph->pdec, &ph->pdu_header); - + /* + * If the source eid, destination eid, or sequence number fields + * are larger than the sizes configured in the cf platform config + * file, then reject the PDU. + */ + if (CF_CFDP_DecodeHeader(ph->pdec, &ph->pdu_header) != CFE_SUCCESS) + { + CFE_EVS_SendEvent(CF_EID_ERR_PDU_TRUNCATION, CFE_EVS_EventType_ERROR, + "CF: pdu rejected due to eid/seq number field truncation"); + ++CF_AppData.hk.channel_hk[chan_num].counters.recv.error; + ret = -1; + } /* * The "large file" flag is not supported by this implementation yet. * This means file sizes and offsets will be 64 bits, so codec routines * will need to be updated to understand this. OSAL also doesn't support * 64-bit file access yet. */ - if (CF_CODEC_IS_OK(ph->pdec) && ph->pdu_header.large_flag) + else if (CF_CODEC_IS_OK(ph->pdec) && ph->pdu_header.large_flag) { CFE_EVS_SendEvent(CF_EID_ERR_PDU_LARGE_FILE, CFE_EVS_EventType_ERROR, "CF: pdu with large file bit received (unsupported)"); diff --git a/fsw/src/cf_codec.c b/fsw/src/cf_codec.c index 65de2363..2c1762f9 100644 --- a/fsw/src/cf_codec.c +++ b/fsw/src/cf_codec.c @@ -822,9 +822,10 @@ uint64 CF_DecodeIntegerInSize(CF_DecoderState_t *state, uint8 decode_size) * See description in cf_codec.h for argument/return detail * *-----------------------------------------------------------------*/ -void CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh) +int32 CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh) { const CF_CFDP_PduHeader_t *peh; /* for decoding fixed sized fields */ + int32 ret = CFE_SUCCESS; /* decode the standard PDU header */ peh = CF_DECODE_FIXED_CHUNK(state, CF_CFDP_PduHeader_t); @@ -844,14 +845,23 @@ void CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh) /* Length is a simple 16-bit quantity and refers to the content after this header */ CF_Codec_Load_uint16(&(plh->data_encoded_length), &(peh->length)); - /* Now copy variable-length fields */ - plh->source_eid = CF_DecodeIntegerInSize(state, plh->eid_length); - plh->sequence_num = CF_DecodeIntegerInSize(state, plh->txn_seq_length); - plh->destination_eid = CF_DecodeIntegerInSize(state, plh->eid_length); + if ((plh->eid_length > sizeof(plh->source_eid)) || + (plh->txn_seq_length > sizeof(plh->sequence_num))) + { + ret = -1; + } + else + { + /* Now copy variable-length fields */ + plh->source_eid = CF_DecodeIntegerInSize(state, plh->eid_length); + plh->sequence_num = CF_DecodeIntegerInSize(state, plh->txn_seq_length); + plh->destination_eid = CF_DecodeIntegerInSize(state, plh->eid_length); - /* The header length is where decoding ended at this point */ - plh->header_encoded_length = CF_CODEC_GET_POSITION(state); + /* The header length is where decoding ended at this point */ + plh->header_encoded_length = CF_CODEC_GET_POSITION(state); + } } + return ret; } /*---------------------------------------------------------------- diff --git a/fsw/src/cf_codec.h b/fsw/src/cf_codec.h index fa1d33c4..22c3f62b 100644 --- a/fsw/src/cf_codec.h +++ b/fsw/src/cf_codec.h @@ -619,8 +619,10 @@ void CF_CFDP_EncodeCrc(CF_EncoderState_t *state, uint32 *plcrc); * * @param state Decoder state object * @param plh Pointer to logical PDU base header data + * @retval #CFE_SUCCESS \copydoc CFE_SUCCESS + * @retval Returns anything else on error. */ -void CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh); +int32 CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh); /************************************************************************/ /** diff --git a/fsw/src/cf_events.h b/fsw/src/cf_events.h index 808bf6e6..2ffbd208 100644 --- a/fsw/src/cf_events.h +++ b/fsw/src/cf_events.h @@ -348,6 +348,17 @@ */ #define CF_EID_ERR_PDU_LARGE_FILE (55) +/** + * \brief CF PDU Header Field Truncation + * + * \par Type: ERROR + * + * \par Cause: + * + * PDU Header received with fields that would be truncated with the cf configuration + */ +#define CF_EID_ERR_PDU_TRUNCATION (56) + /************************************************************************** * CF_CFDP event IDs - Engine */ diff --git a/unit-test/cf_cfdp_tests.c b/unit-test/cf_cfdp_tests.c index b18c1368..e1ae3683 100644 --- a/unit-test/cf_cfdp_tests.c +++ b/unit-test/cf_cfdp_tests.c @@ -282,6 +282,13 @@ void Test_CF_CFDP_RecvPh(void) ph->pdu_header.large_flag = true; UtAssert_INT32_EQ(CF_CFDP_RecvPh(UT_CFDP_CHANNEL, ph), -1); UT_CF_AssertEventID(CF_EID_ERR_PDU_LARGE_FILE); + + /* decode error, insufficient storage for EID or seq num */ + UT_CFDP_SetupBasicTestState(UT_CF_Setup_RX, &ph, NULL, NULL, NULL, NULL); + UT_SetDeferredRetcode(UT_KEY(CF_CFDP_DecodeHeader), 1, -1); + UtAssert_INT32_EQ(CF_CFDP_RecvPh(UT_CFDP_CHANNEL, ph), -1); + UT_CF_AssertEventID(CF_EID_ERR_PDU_TRUNCATION); + } void Test_CF_CFDP_RecvMd(void) diff --git a/unit-test/cf_codec_tests.c b/unit-test/cf_codec_tests.c index 737b1390..0a3e445b 100644 --- a/unit-test/cf_codec_tests.c +++ b/unit-test/cf_codec_tests.c @@ -714,21 +714,23 @@ void Test_CF_CFDP_DecodeHeader(void) */ CF_DecoderState_t state; CF_Logical_PduHeader_t out; + int32 ret_val; const uint8 bytes[] = {0x3c, 0x01, 0x02, 0x00, 0x44, 0x55, 0x66}; - const uint8 bad_input[] = {0x20, 0x01, 0x02, 0x33, 0x01, 0x02, 0x03}; + const uint8 bad_input[] = {0x3c, 0x01, 0x02, 0x33, 0x44, 0x55, 0x66}; /* fill with nonzero bytes so it is evident what was set */ memset(&out, 0xEE, sizeof(out)); /* call w/zero state should be noop */ UT_CF_SetupDecodeState(&state, bytes, 0); - CF_CFDP_DecodeHeader(&state, &out); + ret_val = CF_CFDP_DecodeHeader(&state, &out); UtAssert_BOOL_FALSE(CF_CODEC_IS_OK(&state)); UtAssert_MemCmpValue(&out, 0xEE, sizeof(out), "Bytes unchanged"); + UtAssert_True(ret_val == CFE_SUCCESS, "CF_CFDP_DecodeHeader returned %d and should be 0", ret_val); /* setup nominal */ UT_CF_SetupDecodeState(&state, bytes, sizeof(bytes)); - CF_CFDP_DecodeHeader(&state, &out); + ret_val = CF_CFDP_DecodeHeader(&state, &out); UtAssert_BOOL_TRUE(CF_CODEC_IS_OK(&state)); UtAssert_UINT32_EQ(CF_CODEC_GET_POSITION(&state), sizeof(bytes)); UtAssert_UINT32_EQ(out.version, 1); @@ -742,16 +744,18 @@ void Test_CF_CFDP_DecodeHeader(void) UtAssert_UINT32_EQ(out.sequence_num, 0x55); UtAssert_UINT32_EQ(out.destination_eid, 0x66); UtAssert_UINT32_EQ(out.header_encoded_length, sizeof(bytes)); + UtAssert_True(ret_val == CFE_SUCCESS, "CF_CFDP_DecodeHeader returned %d and should be 0", ret_val); /* * The bad input has large embedded EID/TSN lengths that would * cause it to read beyond the end of the buffer. This is to * verify that the decode detects the problem and does not - * read beyond the end. + * read beyond the end. Note that this is now explicitly checked + * so only a check of the return value is needed. */ UT_CF_SetupDecodeState(&state, bad_input, sizeof(bad_input)); - CF_CFDP_DecodeHeader(&state, &out); - UtAssert_BOOL_FALSE(CF_CODEC_IS_OK(&state)); + ret_val = CF_CFDP_DecodeHeader(&state, &out); + UtAssert_True(ret_val == -1, "CF_CFDP_DecodeHeader returned %d and should be -1", ret_val); } void Test_CF_CFDP_DecodeFileDirectiveHeader(void) { @@ -1278,4 +1282,4 @@ void UtTest_Setup(void) } /* end UtTest_Setup for cf_codec_tests.c */ -/* end cf_codec_tests.c */ \ No newline at end of file +/* end cf_codec_tests.c */ diff --git a/unit-test/stubs/cf_codec_stubs.c b/unit-test/stubs/cf_codec_stubs.c index 7445deb1..eae74d28 100644 --- a/unit-test/stubs/cf_codec_stubs.c +++ b/unit-test/stubs/cf_codec_stubs.c @@ -161,12 +161,15 @@ void CF_CFDP_DecodeFin(CF_DecoderState_t *state, CF_Logical_PduFin_t *plfin) * Generated stub function for CF_CFDP_DecodeHeader() * ---------------------------------------------------- */ -void CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh) +int32 CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh) { + UT_GenStub_SetupReturnBuffer(CF_CFDP_DecodeHeader, int32); UT_GenStub_AddParam(CF_CFDP_DecodeHeader, CF_DecoderState_t *, state); UT_GenStub_AddParam(CF_CFDP_DecodeHeader, CF_Logical_PduHeader_t *, plh); UT_GenStub_Execute(CF_CFDP_DecodeHeader, Basic, NULL); + + return UT_GenStub_GetReturnValue(CF_CFDP_DecodeHeader, int32); } /* From f4828f00b849fced0e9afca7d8a9ed9047035a5b Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Wed, 10 Aug 2022 16:03:28 -0400 Subject: [PATCH 2/8] Fix #277, Fix format errors --- fsw/src/cf_codec.c | 3 +-- unit-test/cf_cfdp_tests.c | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/fsw/src/cf_codec.c b/fsw/src/cf_codec.c index 2c1762f9..8ae95526 100644 --- a/fsw/src/cf_codec.c +++ b/fsw/src/cf_codec.c @@ -845,8 +845,7 @@ int32 CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh /* Length is a simple 16-bit quantity and refers to the content after this header */ CF_Codec_Load_uint16(&(plh->data_encoded_length), &(peh->length)); - if ((plh->eid_length > sizeof(plh->source_eid)) || - (plh->txn_seq_length > sizeof(plh->sequence_num))) + if ((plh->eid_length > sizeof(plh->source_eid)) || (plh->txn_seq_length > sizeof(plh->sequence_num))) { ret = -1; } diff --git a/unit-test/cf_cfdp_tests.c b/unit-test/cf_cfdp_tests.c index e1ae3683..4712b435 100644 --- a/unit-test/cf_cfdp_tests.c +++ b/unit-test/cf_cfdp_tests.c @@ -288,7 +288,6 @@ void Test_CF_CFDP_RecvPh(void) UT_SetDeferredRetcode(UT_KEY(CF_CFDP_DecodeHeader), 1, -1); UtAssert_INT32_EQ(CF_CFDP_RecvPh(UT_CFDP_CHANNEL, ph), -1); UT_CF_AssertEventID(CF_EID_ERR_PDU_TRUNCATION); - } void Test_CF_CFDP_RecvMd(void) From 778605440110e398dd337adef0687113b527bd20 Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Thu, 11 Aug 2022 09:23:32 -0400 Subject: [PATCH 3/8] Fix #277, Fix format error and adjust unit test --- fsw/src/cf_codec.c | 3 +-- unit-test/cf_codec_tests.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/fsw/src/cf_codec.c b/fsw/src/cf_codec.c index 8ae95526..5fee046e 100644 --- a/fsw/src/cf_codec.c +++ b/fsw/src/cf_codec.c @@ -844,8 +844,7 @@ int32 CF_CFDP_DecodeHeader(CF_DecoderState_t *state, CF_Logical_PduHeader_t *plh /* Length is a simple 16-bit quantity and refers to the content after this header */ CF_Codec_Load_uint16(&(plh->data_encoded_length), &(peh->length)); - - if ((plh->eid_length > sizeof(plh->source_eid)) || (plh->txn_seq_length > sizeof(plh->sequence_num))) + if ((plh->eid_length > sizeof(plh->source_eid)) || (plh->txn_seq_length > sizeof(plh->sequence_num))) { ret = -1; } diff --git a/unit-test/cf_codec_tests.c b/unit-test/cf_codec_tests.c index 0a3e445b..1bb17f29 100644 --- a/unit-test/cf_codec_tests.c +++ b/unit-test/cf_codec_tests.c @@ -716,7 +716,7 @@ void Test_CF_CFDP_DecodeHeader(void) CF_Logical_PduHeader_t out; int32 ret_val; const uint8 bytes[] = {0x3c, 0x01, 0x02, 0x00, 0x44, 0x55, 0x66}; - const uint8 bad_input[] = {0x3c, 0x01, 0x02, 0x33, 0x44, 0x55, 0x66}; + const uint8 bad_input[] = {0x3c, 0x01, 0x02, 0x77, 0x44, 0x55, 0x66}; /* fill with nonzero bytes so it is evident what was set */ memset(&out, 0xEE, sizeof(out)); From bf02b07e60dd2a16644a4c086c356dea0b4ea551 Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Thu, 11 Aug 2022 11:40:53 -0400 Subject: [PATCH 4/8] Fix #277, added lcov test, now 100% --- unit-test/cf_codec_tests.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/unit-test/cf_codec_tests.c b/unit-test/cf_codec_tests.c index 1bb17f29..acc02b08 100644 --- a/unit-test/cf_codec_tests.c +++ b/unit-test/cf_codec_tests.c @@ -716,7 +716,8 @@ void Test_CF_CFDP_DecodeHeader(void) CF_Logical_PduHeader_t out; int32 ret_val; const uint8 bytes[] = {0x3c, 0x01, 0x02, 0x00, 0x44, 0x55, 0x66}; - const uint8 bad_input[] = {0x3c, 0x01, 0x02, 0x77, 0x44, 0x55, 0x66}; + const uint8 bad_eid[] = {0x3c, 0x01, 0x02, 0x73, 0x44, 0x55, 0x66}; + const uint8 bad_tsn[] = {0x3c, 0x01, 0x02, 0x37, 0x44, 0x55, 0x66}; /* fill with nonzero bytes so it is evident what was set */ memset(&out, 0xEE, sizeof(out)); @@ -747,13 +748,16 @@ void Test_CF_CFDP_DecodeHeader(void) UtAssert_True(ret_val == CFE_SUCCESS, "CF_CFDP_DecodeHeader returned %d and should be 0", ret_val); /* - * The bad input has large embedded EID/TSN lengths that would - * cause it to read beyond the end of the buffer. This is to - * verify that the decode detects the problem and does not - * read beyond the end. Note that this is now explicitly checked - * so only a check of the return value is needed. + * Check for EID that would be truncated */ - UT_CF_SetupDecodeState(&state, bad_input, sizeof(bad_input)); + UT_CF_SetupDecodeState(&state, bad_eid, sizeof(bad_eid)); + ret_val = CF_CFDP_DecodeHeader(&state, &out); + UtAssert_True(ret_val == -1, "CF_CFDP_DecodeHeader returned %d and should be -1", ret_val); + + /* + * Check for TSN that would be truncated + */ + UT_CF_SetupDecodeState(&state, bad_tsn, sizeof(bad_tsn)); ret_val = CF_CFDP_DecodeHeader(&state, &out); UtAssert_True(ret_val == -1, "CF_CFDP_DecodeHeader returned %d and should be -1", ret_val); } From 95b0d0f712d739cd561912e69a348f8127773e6c Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Thu, 11 Aug 2022 12:04:03 -0400 Subject: [PATCH 5/8] Fix #277, fix unit test format --- unit-test/cf_codec_tests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit-test/cf_codec_tests.c b/unit-test/cf_codec_tests.c index acc02b08..d1289f1a 100644 --- a/unit-test/cf_codec_tests.c +++ b/unit-test/cf_codec_tests.c @@ -715,7 +715,7 @@ void Test_CF_CFDP_DecodeHeader(void) CF_DecoderState_t state; CF_Logical_PduHeader_t out; int32 ret_val; - const uint8 bytes[] = {0x3c, 0x01, 0x02, 0x00, 0x44, 0x55, 0x66}; + const uint8 bytes[] = {0x3c, 0x01, 0x02, 0x00, 0x44, 0x55, 0x66}; const uint8 bad_eid[] = {0x3c, 0x01, 0x02, 0x73, 0x44, 0x55, 0x66}; const uint8 bad_tsn[] = {0x3c, 0x01, 0x02, 0x37, 0x44, 0x55, 0x66}; From 714157b55bf7d8a1618074bf9416d33ed6a2cdf0 Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Thu, 11 Aug 2022 12:40:06 -0400 Subject: [PATCH 6/8] Fix #277, add requirement --- docs/cf_FunctionalRequirements.csv | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/cf_FunctionalRequirements.csv b/docs/cf_FunctionalRequirements.csv index 6035e97b..61fd7c26 100644 --- a/docs/cf_FunctionalRequirements.csv +++ b/docs/cf_FunctionalRequirements.csv @@ -118,6 +118,7 @@ CF5021,CF5021,"When CF receives a ""Write Queue"" command, CF shall write the co CF5021.1,CF5021.1,"When CF receives a ""Write Queue"" command, if the command-specified queue is not defined, CF shall reject the command. ",Ensure robust operations and provide operator feedback. CF5023,CF5023,"The maximum number of transmissions, that is, the sum of simultaneous transmit and receive transactions, shall be defined at compile time.",Supports scaling resource use for mission variability CF5024,CF5024,"When CF receives a file-transfer request, if the requested file's size is larger than 2^32 bytes, CF shall reject the request and issue an error event message.",Constrain resources use and exclude implementation complexity of CCSDS Large-file-size header extensions. CFDP-1S-01 +CF5025,CF5025,Prevent silent truncation of variable length fields in PDU by checking configured storage size and rejecting PDUs that with Entity ID or Transaction Sequence Number fields that would be truncated.,"When CF receives a PDU, if the if the variable length entity IDs or Transaction Sequence Numbers are too large for the configured internal storage, CF shall reject the PDU and issue an error event message." CF5030,CF5030,Each CF output channel shall have 256 file-transfer priority levels.,Priority levels are used to control the order of file transfer PDUs within a channel. Priority levels allow the control of PDU interleaving in a output channel and prevent a lower-priority transfer from blocking a high-priority operational transfer. 256 priority levels provide a high-level of granularity in the compact space of 1 byte. CF5030.1,CF5030.1,The CF file transmission priority level for each polling directory shall be configurable.,Supports management of priorities for each polling directory. Commanded transfers (single file or playback directory) use the priority level contained in the command. CF5030.2,CF5030.2,The highest file-transfer priority level shall be zero.,Standardized interface. If the number of levels increases or decreases the highest priority will always be the same From 6b7e5874a6f22d09f620bb83a27acd8d771d9b9b Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Thu, 11 Aug 2022 16:54:24 -0400 Subject: [PATCH 7/8] Fix #277, reverse new requirement description and rationale --- docs/cf_FunctionalRequirements.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cf_FunctionalRequirements.csv b/docs/cf_FunctionalRequirements.csv index 61fd7c26..9348584f 100644 --- a/docs/cf_FunctionalRequirements.csv +++ b/docs/cf_FunctionalRequirements.csv @@ -118,7 +118,7 @@ CF5021,CF5021,"When CF receives a ""Write Queue"" command, CF shall write the co CF5021.1,CF5021.1,"When CF receives a ""Write Queue"" command, if the command-specified queue is not defined, CF shall reject the command. ",Ensure robust operations and provide operator feedback. CF5023,CF5023,"The maximum number of transmissions, that is, the sum of simultaneous transmit and receive transactions, shall be defined at compile time.",Supports scaling resource use for mission variability CF5024,CF5024,"When CF receives a file-transfer request, if the requested file's size is larger than 2^32 bytes, CF shall reject the request and issue an error event message.",Constrain resources use and exclude implementation complexity of CCSDS Large-file-size header extensions. CFDP-1S-01 -CF5025,CF5025,Prevent silent truncation of variable length fields in PDU by checking configured storage size and rejecting PDUs that with Entity ID or Transaction Sequence Number fields that would be truncated.,"When CF receives a PDU, if the if the variable length entity IDs or Transaction Sequence Numbers are too large for the configured internal storage, CF shall reject the PDU and issue an error event message." +CF5025,CF5025,"When CF receives a PDU, if the if the variable length entity IDs or Transaction Sequence Numbers are too large for the configured internal storage, CF shall reject the PDU and issue an error event message.",Prevent silent truncation of variable length fields in PDU by checking configured storage size and rejecting PDUs that with Entity ID or Transaction Sequence Number fields that would be truncated. CF5030,CF5030,Each CF output channel shall have 256 file-transfer priority levels.,Priority levels are used to control the order of file transfer PDUs within a channel. Priority levels allow the control of PDU interleaving in a output channel and prevent a lower-priority transfer from blocking a high-priority operational transfer. 256 priority levels provide a high-level of granularity in the compact space of 1 byte. CF5030.1,CF5030.1,The CF file transmission priority level for each polling directory shall be configurable.,Supports management of priorities for each polling directory. Commanded transfers (single file or playback directory) use the priority level contained in the command. CF5030.2,CF5030.2,The highest file-transfer priority level shall be zero.,Standardized interface. If the number of levels increases or decreases the highest priority will always be the same From eb96ad1340dc94a4b46224e7a3c69f27ea1ac759 Mon Sep 17 00:00:00 2001 From: Alan Cudmore Date: Wed, 17 Aug 2022 15:02:54 -0400 Subject: [PATCH 8/8] Fix #277, update requirements for silent truncation issue --- docs/cf_FunctionalRequirements.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/cf_FunctionalRequirements.csv b/docs/cf_FunctionalRequirements.csv index 9348584f..a0a4bd66 100644 --- a/docs/cf_FunctionalRequirements.csv +++ b/docs/cf_FunctionalRequirements.csv @@ -118,7 +118,8 @@ CF5021,CF5021,"When CF receives a ""Write Queue"" command, CF shall write the co CF5021.1,CF5021.1,"When CF receives a ""Write Queue"" command, if the command-specified queue is not defined, CF shall reject the command. ",Ensure robust operations and provide operator feedback. CF5023,CF5023,"The maximum number of transmissions, that is, the sum of simultaneous transmit and receive transactions, shall be defined at compile time.",Supports scaling resource use for mission variability CF5024,CF5024,"When CF receives a file-transfer request, if the requested file's size is larger than 2^32 bytes, CF shall reject the request and issue an error event message.",Constrain resources use and exclude implementation complexity of CCSDS Large-file-size header extensions. CFDP-1S-01 -CF5025,CF5025,"When CF receives a PDU, if the if the variable length entity IDs or Transaction Sequence Numbers are too large for the configured internal storage, CF shall reject the PDU and issue an error event message.",Prevent silent truncation of variable length fields in PDU by checking configured storage size and rejecting PDUs that with Entity ID or Transaction Sequence Number fields that would be truncated. +CF5025,CF5025,"When CF receives a PDU, if the size of the Entity ID fields are too large for the configured internal storage, CF shall reject the PDU and issue an error event message.",Prevent silent truncation of variable length Entity ID fields in PDU by checking the configured storage size and rejecting PDUs that with an Entity ID field that would be truncated. +CF5026,CF5026,"When CF receives a PDU, if the size of the Transaction Sequence Number field is too large for the configured internal storage, CF shall reject the PDU and issue an error event message.",Prevent silent truncation of variable length Transaction Sequence Number field in PDU by checking configured storage size and rejecting PDUs that with a Transaction Sequence Number field that would be truncated. CF5030,CF5030,Each CF output channel shall have 256 file-transfer priority levels.,Priority levels are used to control the order of file transfer PDUs within a channel. Priority levels allow the control of PDU interleaving in a output channel and prevent a lower-priority transfer from blocking a high-priority operational transfer. 256 priority levels provide a high-level of granularity in the compact space of 1 byte. CF5030.1,CF5030.1,The CF file transmission priority level for each polling directory shall be configurable.,Supports management of priorities for each polling directory. Commanded transfers (single file or playback directory) use the priority level contained in the command. CF5030.2,CF5030.2,The highest file-transfer priority level shall be zero.,Standardized interface. If the number of levels increases or decreases the highest priority will always be the same