From 4992e4c15b3abc55afa29263eb25c6ec2c3ed563 Mon Sep 17 00:00:00 2001 From: Yukai Li Date: Sun, 4 Oct 2020 21:31:37 -0600 Subject: [PATCH] Lefun: Fix command length checks, again --- .../devices/lefun/commands/AlarmCommand.java | 7 ++++--- .../devices/lefun/commands/Cmd22Command.java | 7 ++++--- .../devices/lefun/commands/Cmd25Command.java | 7 ++++--- .../devices/lefun/commands/FeaturesCommand.java | 7 ++++--- .../devices/lefun/commands/GetPpgDataCommand.java | 9 +++++---- .../lefun/commands/HydrationReminderIntervalCommand.java | 7 ++++--- .../devices/lefun/commands/PpgResultCommand.java | 5 +++-- .../devices/lefun/commands/ProfileCommand.java | 7 ++++--- .../lefun/commands/SedentaryReminderIntervalCommand.java | 7 ++++--- .../devices/lefun/commands/SettingsCommand.java | 7 ++++--- .../gadgetbridge/devices/lefun/commands/TimeCommand.java | 7 ++++--- .../devices/lefun/commands/UiPagesCommand.java | 7 ++++--- 12 files changed, 48 insertions(+), 36 deletions(-) diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/AlarmCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/AlarmCommand.java index b443eb6fb..fea4806c5 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/AlarmCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/AlarmCommand.java @@ -131,13 +131,14 @@ public class AlarmCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_ALARM); - if (params.limit() - params.position() < 2) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 2) throwUnexpectedLength(); op = params.get(); index = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 8) + if (paramsLength != 8) throwUnexpectedLength(); enabled = params.get() == 1; @@ -147,7 +148,7 @@ public class AlarmCommand extends BaseCommand { hour = params.get(); minute = params.get(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 3) + if (paramsLength != 3) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd22Command.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd22Command.java index 2cd78b5a3..d95391814 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd22Command.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd22Command.java @@ -54,17 +54,18 @@ public class Cmd22Command extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_UNKNOWN_22); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 3) + if (paramsLength != 3) throwUnexpectedLength(); unknown = params.getShort(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd25Command.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd25Command.java index e90f5a410..9c86d400d 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd25Command.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/Cmd25Command.java @@ -56,17 +56,18 @@ public class Cmd25Command extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_UNKNOWN_25); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 5) + if (paramsLength != 5) throwUnexpectedLength(); unknown = params.getInt(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/FeaturesCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/FeaturesCommand.java index 22c5fba2c..892d83c58 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/FeaturesCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/FeaturesCommand.java @@ -65,17 +65,18 @@ public class FeaturesCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_FEATURES); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 3) + if (paramsLength != 3) throwUnexpectedLength(); features = params.getShort(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/GetPpgDataCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/GetPpgDataCommand.java index d17c4b0c6..03b2e4246 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/GetPpgDataCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/GetPpgDataCommand.java @@ -66,7 +66,8 @@ public class GetPpgDataCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_PPG_DATA); - if (params.limit() - params.position() < 9) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 9) throwUnexpectedLength(); ppgType = params.get(); @@ -93,19 +94,19 @@ public class GetPpgDataCommand extends BaseCommand { throw new IllegalArgumentException("Unknown PPG type"); } - if (params.limit() - params.position() < dataLength + 9) + if (paramsLength < dataLength + 9) throwUnexpectedLength(); ppgData = new byte[dataLength]; params.get(ppgData); // Extended count/index - if (params.limit() - params.position() == dataLength + 11) + if (paramsLength == dataLength + 11) { totalRecords |= params.get() << 8; currentRecord |= params.get() << 8; } - else if (params.limit() - params.position() > dataLength + 11) { + else if (paramsLength > dataLength + 11) { throwUnexpectedLength(); } } diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/HydrationReminderIntervalCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/HydrationReminderIntervalCommand.java index 801d90fb2..2ec2ea956 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/HydrationReminderIntervalCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/HydrationReminderIntervalCommand.java @@ -56,17 +56,18 @@ public class HydrationReminderIntervalCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_HYDRATION_REMINDER_INTERVAL); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); hydrationReminderInterval = params.get(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/PpgResultCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/PpgResultCommand.java index c4d89e7f5..1e66ee9d5 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/PpgResultCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/PpgResultCommand.java @@ -38,7 +38,8 @@ public class PpgResultCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_PPG_RESULT); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); ppgType = params.get(); @@ -57,7 +58,7 @@ public class PpgResultCommand extends BaseCommand { throw new IllegalArgumentException("Unknown PPG type"); } - if (params.limit() - params.position() != dataLength + 1) + if (paramsLength != dataLength + 1) throwUnexpectedLength(); ppgData = new byte[dataLength]; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/ProfileCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/ProfileCommand.java index dc8910c89..e95f57d83 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/ProfileCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/ProfileCommand.java @@ -94,12 +94,13 @@ public class ProfileCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_PROFILE); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 5) + if (paramsLength != 5) throwUnexpectedLength(); gender = params.get(); @@ -107,7 +108,7 @@ public class ProfileCommand extends BaseCommand { weight = params.get(); age = params.get(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SedentaryReminderIntervalCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SedentaryReminderIntervalCommand.java index fcf43a255..d85bd860e 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SedentaryReminderIntervalCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SedentaryReminderIntervalCommand.java @@ -56,17 +56,18 @@ public class SedentaryReminderIntervalCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_SEDENTARY_REMINDER_INTERVAL); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); sedentaryReminderInterval = params.get(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SettingsCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SettingsCommand.java index f0828a7d9..0fb40964c 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SettingsCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/SettingsCommand.java @@ -83,19 +83,20 @@ public class SettingsCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_SETTINGS); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 4) + if (paramsLength != 4) throwUnexpectedLength(); option1 = params.get(); amPmIndicator = params.get(); measurementUnit = params.get(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/TimeCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/TimeCommand.java index 7c35a22ad..dd60185f0 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/TimeCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/TimeCommand.java @@ -109,12 +109,13 @@ public class TimeCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_TIME); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 7) + if (paramsLength != 7) throwUnexpectedLength(); year = params.get(); @@ -124,7 +125,7 @@ public class TimeCommand extends BaseCommand { minute = params.get(); second = params.get(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1; diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/UiPagesCommand.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/UiPagesCommand.java index 3c2e595c5..a304eff55 100644 --- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/UiPagesCommand.java +++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/lefun/commands/UiPagesCommand.java @@ -61,17 +61,18 @@ public class UiPagesCommand extends BaseCommand { protected void deserializeParams(byte id, ByteBuffer params) { validateId(id, LefunConstants.CMD_UI_PAGES); - if (params.limit() - params.position() < 1) + int paramsLength = params.limit() - params.position(); + if (paramsLength < 1) throwUnexpectedLength(); op = params.get(); if (op == OP_GET) { - if (params.limit() - params.position() != 3) + if (paramsLength != 3) throwUnexpectedLength(); pages = params.getShort(); } else if (op == OP_SET) { - if (params.limit() - params.position() != 2) + if (paramsLength != 2) throwUnexpectedLength(); setSuccess = params.get() == 1;