diff --git a/core/net/rime/broadcast-announcement.c b/core/net/rime/broadcast-announcement.c index fab26ce36..d7540a5a2 100644 --- a/core/net/rime/broadcast-announcement.c +++ b/core/net/rime/broadcast-announcement.c @@ -56,7 +56,6 @@ #endif #include -#include #include struct announcement_data { @@ -131,32 +130,31 @@ static void adv_packet_received(struct broadcast_conn *ibc, const rimeaddr_t *from) { struct announcement_msg adata; + struct announcement_data data; + uint8_t *ptr; int i; + ptr = packetbuf_dataptr(); + /* Copy number of announcements */ - memcpy(&adata, packetbuf_dataptr(), sizeof(struct announcement_msg)); + memcpy(&adata, ptr, sizeof(struct announcement_msg)); PRINTF("%d.%d: adv_packet_received from %d.%d with %d announcements\n", rimeaddr_node_addr.u8[0], rimeaddr_node_addr.u8[1], from->u8[0], from->u8[1], adata.num); - if(adata.num / sizeof(struct announcement_data) > sizeof(struct announcement_msg)) { + if(ANNOUNCEMENT_MSG_HEADERLEN + adata.num * sizeof(struct announcement_data) > packetbuf_datalen()) { /* The number of announcements is too large - corrupt packet has been received. */ - printf("adata.num way out there: %d\n", adata.num); + PRINTF("adata.num way out there: %d\n", adata.num); return; } - - for(i = 0; i < adata.num; ++i) { - struct announcement_data data; + ptr += ANNOUNCEMENT_MSG_HEADERLEN; + for(i = 0; i < adata.num; ++i) { /* Copy announcements */ - memcpy(&data.id, &((struct announcement_msg *)packetbuf_dataptr())->data[i].id, - sizeof(uint16_t)); - memcpy(&data.value, &((struct announcement_msg *)packetbuf_dataptr())->data[i].value, - sizeof(uint16_t)); - announcement_heard(from, - data.id, - data.value); + memcpy(&data, ptr, sizeof(struct announcement_data)); + announcement_heard(from, data.id, data.value); + ptr += sizeof(struct announcement_data); } } /*---------------------------------------------------------------------------*/ diff --git a/core/net/rime/collect.c b/core/net/rime/collect.c index a73059cac..7047d8df2 100644 --- a/core/net/rime/collect.c +++ b/core/net/rime/collect.c @@ -758,8 +758,7 @@ send_next_packet(struct collect_conn *tc) static void handle_ack(struct collect_conn *tc) { - struct ack_msg *msg; - uint16_t rtmetric; + struct ack_msg msg; struct collect_neighbor *n; PRINTF("handle_ack: sender %d.%d current_parent %d.%d, id %d seqno %d\n", @@ -778,8 +777,7 @@ handle_ack(struct collect_conn *tc) (int)(((100 * (clock_time() - tc->send_time)) / CLOCK_SECOND) % 100));*/ stats.ackrecv++; - msg = packetbuf_dataptr(); - memcpy(&rtmetric, &msg->rtmetric, sizeof(uint16_t)); + memcpy(&msg, packetbuf_dataptr(), sizeof(struct ack_msg)); /* It is possible that we receive an ACK for a packet that we think we have not yet sent: if our transmission was received by @@ -797,7 +795,7 @@ handle_ack(struct collect_conn *tc) if(n != NULL) { collect_neighbor_tx(n, tc->transmissions); - collect_neighbor_update_rtmetric(n, rtmetric); + collect_neighbor_update_rtmetric(n, msg.rtmetric); update_rtmetric(tc); } @@ -805,8 +803,8 @@ handle_ack(struct collect_conn *tc) rimeaddr_node_addr.u8[0], rimeaddr_node_addr.u8[1], tc->current_parent.u8[0], tc->current_parent.u8[1], tc->transmissions, - msg->flags, - rtmetric); + msg.flags, + msg.rtmetric); /* The ack contains information about the state of the packet and of the node that received it. We do different things depending @@ -814,20 +812,20 @@ handle_ack(struct collect_conn *tc) the receiving node was congested. If so, we add a maximum transmission number to its routing metric, which increases the chance that another parent will be chosen. */ - if(msg->flags & ACK_FLAGS_CONGESTED) { + if(msg.flags & ACK_FLAGS_CONGESTED) { PRINTF("ACK flag indicated parent was congested.\n"); collect_neighbor_set_congested(n); collect_neighbor_tx(n, tc->max_rexmits * 2); update_rtmetric(tc); } - if((msg->flags & ACK_FLAGS_DROPPED) == 0) { + if((msg.flags & ACK_FLAGS_DROPPED) == 0) { /* If the packet was successfully received, we send the next packet. */ send_next_packet(tc); } else { /* If the packet was lost due to its lifetime being exceeded, there is not much more we can do with the packet, so we send the next one instead. */ - if((msg->flags & ACK_FLAGS_LIFETIME_EXCEEDED)) { + if((msg.flags & ACK_FLAGS_LIFETIME_EXCEEDED)) { send_next_packet(tc); } else { /* If the packet was dropped, but without the node being @@ -845,7 +843,7 @@ handle_ack(struct collect_conn *tc) /* Our neighbor's rtmetric needs to be updated, so we bump our advertisements. */ - if(msg->flags & ACK_FLAGS_RTMETRIC_NEEDS_UPDATE) { + if(msg.flags & ACK_FLAGS_RTMETRIC_NEEDS_UPDATE) { bump_advertisement(tc); } set_keepalive_timer(tc); diff --git a/core/net/rime/neighbor-discovery.c b/core/net/rime/neighbor-discovery.c index f9691b1d8..4b60e51ef 100644 --- a/core/net/rime/neighbor-discovery.c +++ b/core/net/rime/neighbor-discovery.c @@ -96,23 +96,22 @@ static void adv_packet_received(struct broadcast_conn *ibc, const rimeaddr_t *from) { struct neighbor_discovery_conn *c = (struct neighbor_discovery_conn *)ibc; - struct adv_msg *msg = packetbuf_dataptr(); - uint16_t val; + struct adv_msg msg; - memcpy(&val, &msg->val, sizeof(val)); + memcpy(&msg, packetbuf_dataptr(), sizeof(struct adv_msg)); PRINTF("%d.%d: adv_packet_received from %d.%d with val %d\n", rimeaddr_node_addr.u8[0], rimeaddr_node_addr.u8[1], - from->u8[0], from->u8[1], val); + from->u8[0], from->u8[1], msg.val); /* If we receive an announcement with a lower value than ours, we cancel our own announcement. */ - if(val < c->val) { + if(msg.val < c->val) { /* ctimer_stop(&c->send_timer);*/ } if(c->u->recv) { - c->u->recv(c, from, val); + c->u->recv(c, from, msg.val); } } /*---------------------------------------------------------------------------*/ diff --git a/core/net/rime/polite-announcement.c b/core/net/rime/polite-announcement.c index 2a6e7ae7e..f7a7b5241 100644 --- a/core/net/rime/polite-announcement.c +++ b/core/net/rime/polite-announcement.c @@ -125,25 +125,31 @@ static void adv_packet_received(struct ipolite_conn *ipolite, const rimeaddr_t *from) { struct announcement_msg adata; + struct announcement_data data; + uint8_t *ptr; int i; + ptr = packetbuf_dataptr(); + /* Copy number of announcements */ - memcpy(&adata, packetbuf_dataptr(), sizeof(struct announcement_msg)); + memcpy(&adata, ptr, sizeof(struct announcement_msg)); PRINTF("%d.%d: adv_packet_received from %d.%d with %d announcements\n", rimeaddr_node_addr.u8[0], rimeaddr_node_addr.u8[1], from->u8[0], from->u8[1], adata.num); - for(i = 0; i < adata.num; ++i) { - struct announcement_data data; + if(ANNOUNCEMENT_MSG_HEADERLEN + adata.num * sizeof(struct announcement_data) > packetbuf_datalen()) { + /* The number of announcements is too large - corrupt packet has + been received. */ + PRINTF("adata.num way out there: %d\n", adata.num); + return; + } + ptr += ANNOUNCEMENT_MSG_HEADERLEN; + for(i = 0; i < adata.num; ++i) { /* Copy announcements */ - memcpy(&data.id, &((struct announcement_msg *)packetbuf_dataptr())->data[i].id, - sizeof(uint16_t)); - memcpy(&data.value, &((struct announcement_msg *)packetbuf_dataptr())->data[i].value, - sizeof(uint16_t)); - announcement_heard(from, - data.id, - data.value); + memcpy(&data, ptr, sizeof(struct announcement_data)); + announcement_heard(from, data.id, data.value); + ptr += sizeof(struct announcement_data); } } /*---------------------------------------------------------------------------*/