Fix uninitialized loop variable in GcmParser (undefined behavior in authentication check)#1163
Open
MadsSFox wants to merge 1 commit intoUtilitechAS:mainfrom
Open
Conversation
In GcmParser::parse(), the authentication check loop used an uninitialized loop counter: `for(uint8_t i; i < 16; i++)`. This is undefined behavior in C++ because `i` has an indeterminate value, potentially causing the authentication check to be skipped entirely or to read out-of-bounds memory. Fix: initialize `i` to 0 so the loop correctly iterates all 16 bytes of the authentication key. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Encrypted Kamstrup meters (and other meters with authentication keys) report "HAN: Unknown data received" even when keys are correctly configured.
Closes #1164
Root Cause
lib/AmsDecoder/src/GcmParser.cppline 99 has an uninitialized loop variable:iis declared but never initialized — undefined behavior in C++. Whenistarts at ≥ 16 (depending on stack contents), the loop never executes,authenticatestaysfalse, and decryption proceeds without authentication even when an auth key is configured. This produces garbage output that fails all subsequent parsing.Fix
Testing
Verified against a Kamstrup Omnipower meter (Danish grid, GPK60 auth key) running on ESP8266. Before fix: "Unknown data received". After fix: frames decrypt and parse correctly.
Related