npm - @tier0/node-red-contrib-opcda-client - Versions diffs - 1.0.7 → 1.0.8 - Mend

@tier0/node-red-contrib-opcda-client 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/node_modules/@tier0/node-dcom/dcom/ndr/ndrbuffer.js CHANGED Viewed

@@ -131,7 +131,10 @@ NdrBuffer.prototype.enc_ndr_small = function (s){
 }
 NdrBuffer.prototype.dec_ndr_small = function (){
-  let val = Buffer.from(this.buf).readUInt8(this.index);
+  if (this.index < 0 || this.index >= this.buf.length) {
+    throw new Error("NdrBuffer: dec_ndr_small out of range (index=" + this.index + ", bufLen=" + this.buf.length + ")");
+  }
+  let val = this.buf.readUInt8(this.index);
   this.advance(1);
   return val;
 }
@@ -144,6 +147,9 @@ NdrBuffer.prototype.enc_ndr_short = function (s){
 NdrBuffer.prototype.dec_ndr_short = function (){
   this.align(2);
+  if (this.index < 0 || this.index + 2 > this.buf.length) {
+    throw new Error("NdrBuffer: dec_ndr_short out of range (index=" + this.index + ", bufLen=" + this.buf.length + ")");
+  }
   let val = Encdec.dec_uint16le(this.buf,this.index);
   this.advance(2);
   return val;
@@ -157,6 +163,9 @@ NdrBuffer.prototype.enc_ndr_long = function (l){
 NdrBuffer.prototype.dec_ndr_long = function (){
   this.align(4);
+  if (this.index < 0 || this.index + 4 > this.buf.length) {
+    throw new Error("NdrBuffer: dec_ndr_long out of range (index=" + this.index + ", bufLen=" + this.buf.length + ")");
+  }
   let val = Encdec.dec_uint32le(this.buf, this.index);
   this.advance(4);
   return val;

package/node_modules/@tier0/node-dcom/dcom/rpc/defaultconnection.js CHANGED Viewed

@@ -510,6 +510,9 @@ class DefaultConnection
       const _pduHdr = new ConnectionOrientedPdu();
       buffer.setIndex(_pduHdr.AUTH_LENGTH_OFFSET);
       var length = buffer.dec_ndr_short();
+      if (length == 0) {
+        return null;
+      }
       var index = 20;
       buffer.setIndex(index);
       var verifier = new AuthenticationVerifier(length);
@@ -520,9 +523,10 @@ class DefaultConnection
       buffer.enc_ndr_short(length);
       buffer.enc_ndr_short(0);
       buffer.setIndex(length);
+      buffer.length = length;
       return verifier;
     }catch(e){
-      throw new Error("Error striping authentication from PDU");
+      throw new Error("Error striping authentication from PDU: " + (e.message || e));
     }
   }
@@ -536,6 +540,10 @@ class DefaultConnection
       }
       var index = buffer.getLength() - length - 8;
+      if (index < 0) {
+        debug("detachAuthentication: invalid auth trailer position (index=%d, authLen=%d, bufLen=%d)", index, length, buffer.getLength());
+        return null;
+      }
       buffer.setIndex(index);
       var verifier = new AuthenticationVerifier(length);
       verifier.decode(this.ndr, buffer);
@@ -545,10 +553,11 @@ class DefaultConnection
       buffer.enc_ndr_short(length);
       buffer.enc_ndr_short(0);
       buffer.setIndex(length);
+      buffer.length = length;
       return verifier;
     } catch (e) {
-      throw new Error("Error striping authentication from PDU.");
+      throw new Error("Error striping authentication from PDU: " + (e.message || e));
     }
   }
@@ -614,6 +623,7 @@ class DefaultConnection
   {
     const _pdu = new ConnectionOrientedPdu();
     var buffer = ndr.getBuffer();
+    var bufLen = buffer.getLength();
     buffer.setIndex(_pdu.AUTH_LENGTH_OFFSET);
     var verifierLength = ndr.readUnsignedShort();
@@ -621,7 +631,12 @@ class DefaultConnection
       return;
     }
-    var verifierIndex = buffer.getLength() - verifierLength;
+    var verifierIndex = bufLen - verifierLength;
+    if (verifierIndex < _pdu.HEADER_LENGTH + 8 || verifierIndex > bufLen) {
+      debug("verifyAndUnseal: invalid verifierIndex=%d (verifierLength=%d, bufLen=%d)", verifierIndex, verifierLength, bufLen);
+      return;
+    }
     var length = verifierIndex - 8;
     var index = _pdu.HEADER_LENGTH;
@@ -649,6 +664,11 @@ class DefaultConnection
     }
     length = length - index;
+    if (length < 0) {
+      debug("verifyAndUnseal: negative data length=%d (index=%d, verifierIndex=%d)", length, index, verifierIndex);
+      return;
+    }
     var isFragmented = true;
     buffer.setIndex(_pdu.FLAGS_OFFSET);
     var flags = ndr.readUnsignedSmall();
@@ -658,8 +678,16 @@ class DefaultConnection
     }
     this.security.processIncoming(ndr, index, length, verifierIndex, isFragmented);
-    buffer.setIndex(verifierIndex - 6);
-    length = verifierIndex - ndr.readUnsignedSmall() - 8;
+    var padLengthOffset = verifierIndex - 6;
+    if (padLengthOffset < 0 || padLengthOffset >= buffer.buf.length) {
+      debug("verifyAndUnseal: invalid padLengthOffset=%d (verifierIndex=%d, bufLen=%d)", padLengthOffset, verifierIndex, buffer.buf.length);
+      length = verifierIndex - 8;
+    } else {
+      buffer.setIndex(padLengthOffset);
+      length = verifierIndex - ndr.readUnsignedSmall() - 8;
+    }
     buffer.setIndex(_pdu.FRAG_LENGTH_OFFSET);
     ndr.writeUnsignedShort(length);
     ndr.writeUnsignedShort(0);

package/node_modules/@tier0/node-dcom/dcom/rpc/security/ntlm1.js CHANGED Viewed

@@ -77,14 +77,14 @@ class Ntlm1
       buffer.setIndex(verifierIndex);
       let signing = new Array(16);
-      ndr.readOctetArray(signing, 0, signing.length);
+      signing = ndr.readOctetArray(signing, 0, signing.length);
-      if (signing.every(b => b === 0)) {
+      if (Buffer.isBuffer(signing) && signing.every(b => b === 0)) {
         this.responseCounter++;
         return;
       }
-      if (this.keyFactory.compareSignature(verifier, signing)) {
+      if (this.keyFactory.compareSignature(verifier, Array.isArray(signing) ? signing : [...signing])) {
          throw new Error("Message out of sequence. Perhaps the user being used to run this application is different from the one under which the COM server is running.");
       }

package/node_modules/@tier0/node-dcom/dcom/rpc/security/ntlmconnection.js CHANGED Viewed

@@ -25,13 +25,13 @@ class NTLMConnection extends DefaultConnection
   setTransmitLength(transmitLength)
   {
     this.transmitLength = transmitLength;
-    this.transmitBuffer = new NdrBuffer([transmitLength]);
+    this.transmitBuffer = new NdrBuffer(new Array(transmitLength), 0);
   }
   setReceiveLength(receiveLength)
   {
     this.receiveLength = receiveLength;
-    this.receiveBuffer = new NdrBuffer([receiveLength]);
+    this.receiveBuffer = new NdrBuffer(new Array(receiveLength), 0);
   }
   incomingRebind(verifier)

package/node_modules/@tier0/node-dcom/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tier0/node-dcom",
-  "version": "1.2.1",
+  "version": "1.2.3",
   "description": "An implementation of the DCOM Protocol for node.js, with NTLMv2 and packet signing (fork of node-dcom, OPC DA friendly)",
   "main": "dcom/index.js",
   "files": [

package/node_modules/@tier0/node-opc-da/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tier0/node-opc-da",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "An implementation of the OPC DA Specification for Node.js",
   "main": "src/index.js",
   "scripts": {
@@ -23,8 +23,8 @@
     "access": "public"
   },
   "dependencies": {
-    "@tier0/node-dcom": "1.2.1",
-    "random": "^2.1.1",
-    "long": "^4.0.0"
+    "@tier0/node-dcom": "file:../node-dcom/tier0-node-dcom-1.2.3.tgz",
+    "long": "^4.0.0",
+    "random": "^2.1.1"
   }
-}
+}

package/node_modules/@tier0/node-opc-da/tier0-node-opc-da-1.0.10.tgz ADDED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tier0/node-red-contrib-opcda-client",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "Node-RED OPC DA Reading and Writing Node",
   "node-red": {
     "nodes": {
@@ -43,8 +43,8 @@
     "access": "public"
   },
   "dependencies": {
-    "@tier0/node-dcom": "1.2.2",
-    "@tier0/node-opc-da": "1.0.10"
+    "@tier0/node-dcom": "file:../node-dcom/tier0-node-dcom-1.2.3.tgz",
+    "@tier0/node-opc-da": "file:../node-opc-da/tier0-node-opc-da-1.0.11.tgz"
   },
   "bundledDependencies": [
     "babel-runtime",
@@ -89,5 +89,49 @@
     "x-mac-cyrillic",
     "@tier0/node-dcom",
     "@tier0/node-opc-da"
+  ],
+  "bundleDependencies": [
+    "babel-runtime",
+    "bytebuffer",
+    "core-js",
+    "hashcode",
+    "hashmap",
+    "iconv-lite",
+    "ip",
+    "iso-8859-15",
+    "iso-8859-2",
+    "iso-8859-3",
+    "iso-8859-4",
+    "iso-8859-5",
+    "iso-8859-6",
+    "iso-8859-7",
+    "iso-8859-8",
+    "iso-8859-8-i",
+    "jconv",
+    "js-md4",
+    "koi8-r",
+    "legacy-encoding",
+    "long",
+    "macintosh",
+    "object-hash",
+    "ow",
+    "ow-lite",
+    "random",
+    "regenerator-runtime",
+    "safer-buffer",
+    "seedrandom",
+    "windows-1250",
+    "windows-1251",
+    "windows-1252",
+    "windows-1253",
+    "windows-1254",
+    "windows-1255",
+    "windows-1256",
+    "windows-1257",
+    "windows-1258",
+    "windows-874",
+    "x-mac-cyrillic",
+    "@tier0/node-dcom",
+    "@tier0/node-opc-da"
   ]
-}
+}