Update libmodbus to address CVE-2022-0367 (#3)

* Move malloc before starting unit tests

* Fix warning issues

When compiling with gcc and option -Wconversion it fixes the
warning message

  warning: conversion from ‘X’ {aka ‘x’} to ‘Y’ {aka ‘y’} may change value

Signed-off-by: José Bollo <[email protected]>

* Add modbus_[get|set]_indication_timeout to doc build

* docs: fix simple typo, reponse -> response

There is a small typo in tests/bandwidth-client.c.

Should read `response` rather than `reponse`.

* Update README.md

Add Embox RTOS to the list of supported OSes

* Install the NEWS and AUTHORS files

Fix stephane#513

* Include the test LICENSE in tarball

Fix for stephane#542

* Add .clabot

* typo

* Replace .dir-locals.el (Emacs) by .editorconfig

* Fix many typos

Thanks to @peternewman

* cosmetic changes in man page standardizing itemization

* Add FUNDING.yml

* Add the baud rate of 256k for Windows (closes stephane#603)

* Remove duplicate ';' (closes stephane#602)

* Fix position of CC flags in documentation (closes stephane#599)

* Replace obsolete AC_PROG_CC_STDC by AC_PROG_CC

* Fix typo in comment (closes stephane#588)

Thank you @qqq89513

* Add SECURITY.md (closes stephane#613)

* modbus_reply: fix copy & paste error in sanity check (fixes stephane#614)

While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets
must be checked, i.e. the read and the write address must be within the
mapping range.

At the moment, only the read address was considered, it looks like a
simple copy and paste error, so let's fix it.

Signed-off-by: Michael Heimpold <[email protected]>

* Bump version to 3.1.7

* Minor changes to NEWS

* Fix typos (closes stephane#620)

* Add many contributors to .clabot

* Minor documentation correction

Sorry for the two PRs, I did one then realized I should check the other

* Minor documentation correction

* Fix network library detection on Haiku

* Fix typo on connection (closes stephane#586).

Thank you @peternewman.

* Add rm5248 to .clabot

* Fix comment about EMBUNKEXC (closes stephane#566)

This native libmodbus error code is defined but not used.

* Fix float endianness issue on big endian architecture.

It converts float values depending on what order they come in.

This patch was modified from rm5248 [1]

[1] synexxus@a511768

* Make sub-command more clear

* Swap CRC bytes in request data but not at CRC computing (stephane#397)

* address check in single register / coil responses added (stephane#463)

Address check in single register / coil responses added

According to Modbus standard the address of single register / coils request and response must match

Co-authored-by: Heinrich Gsponer <[email protected]>

* Add contributors to .clabot

* VCLinkerTool version 1.0.0 to 1.0, NO link error

Even the newest visual studio use /VERSION:major[.minor]  .  
It means link.exe  /VERSION:1.0  just  need two version number .
If Version = 1.0.0 , when visual studio  link the program , vs will produce link error:

```
1>"/OUT:C:\Users\Lenovo\Desktop\libmodbus-master\src\win32\modbus.dll" "/VERSION:1.0.0" /INCREMENTAL:NO /NOLOGO ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG "/PDB:C:\Users\Lenovo\Desktop\libmodbus-master\src\win32\modbus.pdb" /MAP /SUBSYSTEM:CONSOLE /TLBID:1 "/IMPLIB:C:\Users\Lenovo\Desktop\libmodbus-master\src\win32\modbus.lib" /MACHINE:X86 /SAFESEH /DLL "C:\Users\Lenovo\Desktop\libmodbus-master\src\win32\/modbus.res"
1>"Debug\modbus-data.obj"
1>"Debug\modbus-rtu.obj"
1>"Debug\modbus-tcp.obj"
1>Debug\modbus.obj
1>LINK : fatal error LNK1117: option“VERSION:1.0.0” grammatical error
```
see: 
https://docs.microsoft.com/en-us/cpp/build/reference/version-version-information?view=msvc-160

* Add jcarrano to CLA

* Update .gitignore

* Add build check to CI

* Add autogen.sh call

* Remove check target (duplicate of distcheck)

* Replace Travis CI badge by GitHub CI

* Merge NEWS with v3.0.x branch

* Fixed MODBUS_ERROR_RECOVERY_LINK not working on Windows.

* Fixed a typo error in a comment.

* Do not change the behavior for non-windows OS.

* Reduce memory use of TCP PI backend (closes stephane#621)

- allocate exact memory required to store node and service strings
  instead of around 1kb of static memory.
- accept NULL value of service to use default Modbus port number (502)
- unit test updated

The new documentation will be updated in another commit.

* Rewrite documentation with Material for mkdocs

- remove doc build from autotools
- don't depend anymore on asciidoc
- don't provide man pages anymore
- new illustrations
- provide mkdocs instructions

* Bump version to 3.1.8

* Remove travis.yml

* Minor adjustments to MD files

* Remove year range in Copyright

* Move migration content to libmodbus.org

* Avoid negative value in FD_SET call

* Test socket against positive value instead of -1

* Add 0x34d to .clabot

* Add jordanjohnson56 to CLA

* Have autogen.sh fail if autoreconf fails

If the autoreconf program does not succeed, autogen.sh
should not succeed either.

The definition of "succeed" being "exit with exit code 0".

* Have autoreconf fail if LT_INIT is not defined

If the LT_INIT macro is not available in a *.m4 file to be
found during the autoreconf run, it is impossible to build
a useful configure script.

Therefore, we blacklist the LT_INIT macro so when it appears
unexpanded in the configure script, autoreconf will report
the failure instead of silently creating a broken configure.

This is generally a good idea for any macro not shipped with
Automake or Autoconf.

* Fix doc links

* test the protocol id for 0

previous test would fail if one byte was non zero.

* Fix double negative in tests

* New quirks handler (closes stephane#38 stephane#533)

Useful functions when you are confronted with equipment which does
not respect the protocol, which behaves strangely or when you wish
to move away from the standard.

Thank you @mhei for the great initial version.

* Fix bitwise OR in documentation

* Improve doc about slave ID in RTU

* Add .clang-format and format code (closes stephane#394)

Thank you @pboettch for initial proposal.

* Remove constraints on baud rate values

* Accept IP or device in arg of unit test progs

* Avoid compilation issue with VS2022 with strdup

* Display created files in configure.js

* Use strcpy_s under Windows

* Replace inet_addr by inet_pton calls

* Replace inet_ntoa by inet_ptop

- check conversion
- display IP in in IPv6

* Update configure.ac/config.h.win32 for new inet functions

* Instructions to build libmodbus in a VS project

Tested with Visual Studio 2022.

* Updated CLA bot file

* Fix connection check for Windows RTU (closes stephane#660, stephane#662)

* Add CIFuzz Github action

* Convert a few int to unsigned int (stephane#402)

* Fix wrong close on recent commit 5a6efec

* Adjust fuzzing to run on main branch only

* Bump version to 3.1.9

* fix modbus quirks function definition

* Split POSIX and Windows RTU connect functions

Easier to read

* Fix setting baud rate for Linux (partial revert of fa20798)

* Remove fuzzing action in waiting for a fix

* Bump version to 3.1.10

* docs: small re-wordings, fix various small typos and style issues

Signed-off-by: Michael Heimpold <[email protected]>

* Update CLA

* Fix doc of modbus_mapping_new_start_address (stephane#615)

* Free addrinfo struct on getaddrinfo() errors

* Minor to docs

* Add polar.sh to FUNDING

* Fix errno value on timeout with TCP connect (closes stephane#736, stephane#756)

Thank you kyllingstad for the issue and psychon for the fix.

* Update CLA

* Log error in read input registers if debug (closes stephane#755)

* Add checks for netinet/ip.h and gai_strerror

Extracted from stephane#745

* Don't use gai_strerror if not available

Identical check to stephane#745

* stephane#675 fix wrong generated version for double number

* adding modbus_send_raw_request_tid

* doc

* doc

* Don't use loop initial declaration (closes stephane#752)

C99 remains too modern :/

* Minor format

* Update docs about memory consumption (closes stephane#715)

Not true anymore since stephane#621

* Revert TCP checks for recovery (closes stephane#711)

Requires more tests on Windows with serial communications...
Related to db1cbc5 and 9b679b7.

* Link against socket and nsl libs when building on SunOS

On OpenIndiana (SunOS) functions such as bind, socket, listen
require -lnsl -lsocket to be given to linker.

* Format

* Fixes float encoding/decoding for both big and little endian (fixes stephane#665, stephane#694)

* Removes useless memcpy calls and no longer used swap32 and swap16 macros.
* Updated float encoding functions to consider endianess of 16-bit registers (fixes stephane#665)
* Deprecated modbus_get_float() and modbus_set_float() are implemented using cdab variants.

* Duplicate in .clabot

* Revert "Fixes float encoding/decoding for both big and little endian (fixes stephane#665, stephane#694)"

This reverts commit 13bd584.

* Remove useless cast in setsockopt call (closes stephane#721)

* Update CLA

* Fix insecure data handling

CID 416366: INTEGER_OVERFLOW found with Coverity Scan.

* Add Coverity scan status

* Remove duplicate warning flag

* Check length passed to modbus_reply (write_bit)

The modbus_reply function is designed to receive arguments
from modbus_receive. This patch avoid a wrong use of memcpy if
the user chooses to inject a bad length argument.

Thank you Nozomi Networks Labs Advisory for the report.

* Check length passed to modbus_reply (write_register)

Related to df79a02.

* Small cleanups of unit test server

* Rename warning flags variable

* Do not build with debug flag active by default

* Remove useless configure checks

* Update .clabot

* Fix request length check in modbus_reply in RTU

- rename internal *_prepare_response_tid to *_get_response_tid
- change signature, don't need req length anymore
- remove misleading modification of req_length
- check of req length before use in memcpy for mask write register

Related to df79a02

* Revert "Fix float endianness issue on big endian architecture." and fix test suite and setter functions.

This reverts commit 49af73d.

* Prepare NEWS file for next release

* Use port 502 instead of 1502 in documentation (closes stephane#771)

The default port number of Modbus is 502 but it requires privileges on
Linux.

* HAVE_NETINET_IN_H as guard around header (stephane#765)

Thank you @diplfranzhoepfinger

* RTU - Check CRC before filtering on slave ID

* Minor

* Bump version to 3.1.11

* modbus-tcp.c doesn't include config.h, possible workaround - defining HAVE_NETINET_IP_H directly in modbus-tcp.c for Linux builds to force including <netinet/ip.h> which provides IPTOS_LOWDELAY definition

---------

Signed-off-by: José Bollo <[email protected]>
Signed-off-by: Michael Heimpold <[email protected]>
Co-authored-by: Stéphane Raimbault <[email protected]>
Co-authored-by: José Bollo <[email protected]>
Co-authored-by: Tim Gates <[email protected]>
Co-authored-by: Anton Bondarev <[email protected]>
Co-authored-by: Richard Ash <[email protected]>
Co-authored-by: Stefan Nilsson <[email protected]>
Co-authored-by: Marc Haber <[email protected]>
Co-authored-by: Michael Heimpold <[email protected]>
Co-authored-by: Rick M <[email protected]>
Co-authored-by: begasus <[email protected]>
Co-authored-by: SZ Lin (林上智) <[email protected]>
Co-authored-by: Mochamad Arifin <[email protected]>
Co-authored-by: Pascal Bach <[email protected]>
Co-authored-by: Heinrich Gsponer <[email protected]>
Co-authored-by: along <[email protected]>
Co-authored-by: Stéphane Raimbault <[email protected]>
Co-authored-by: Mohamed Amine Mzoughi <[email protected]>
Co-authored-by: Hans Ulrich Niedermann <[email protected]>
Co-authored-by: Jordan Johnson <[email protected]>
Co-authored-by: Alexander Polleti <[email protected]>
Co-authored-by: David Korczynski <[email protected]>
Co-authored-by: 20162026 <[email protected]>
Co-authored-by: Yau Yimsing <[email protected]>
Co-authored-by: Cedric Boudinet <[email protected]>
Co-authored-by: Lauri Nurmi <[email protected]>
Co-authored-by: Andreas Nicolai <[email protected]>
Co-authored-by: Andreas Nicolai <[email protected]>
Co-authored-by: diplfranzhoepfinger <[email protected]>

Author: 27 people

.clabot

@@ -0,0 +1,48 @@
+{
+    "contributors": [
+        "0x34d",
+        "20162026",
+        "2128506",
+        "alongl",
+        "arkapkaj",
+        "bobbybelieve",
+        "ccdmuro",
+        "cedricboudinet",
+        "DavidKorczynski",
+        "devotip",
+        "diplfranzhoepfinger",
+        "embeddedmz",
+        "fcntlcc",
+        "fedepell",
+        "franzhoepfinger",
+        "franzhollerer",
+        "ghorwin",
+        "jbysewski",
+        "jcarrano",
+        "jeroendoggen",
+        "jetforme",
+        "jiriki86",
+        "jordanjohnson56",
+        "kay30kim",
+        "kyllingstad",
+        "mek-x",
+        "merkag",
+        "mhei",
+        "msk-repo-0x4d",
+        "ndunks",
+        "peternewman",
+        "philj56",
+        "raymondbh",
+        "ringlej",
+        "rm5248",
+        "rongli-eaton",
+        "sebastianpsm",
+        "SergeyMy",
+        "sirsoweird",
+        "taikiakita",
+        "vancepym",
+        "vvck",
+        "woodsnake"
+    ],
+    "message": "We require contributors to sign our Contributor License Agreement. In order for us to review and merge your code, please fill https://forms.gle/5635zjphDo5JEJQSA to get added. Your document will be manually checked by the maintainer. Be patient..."
+}

.clang-format

@@ -0,0 +1,56 @@
+---
+BasedOnStyle: LLVM
+AlignArrayOfStructures: Left
+AlignOperands: true
+AlignConsecutiveAssignments: false
+AlignConsecutiveMacros: true
+AlignEscapedNewlines: Left
+AlignTrailingComments: true
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortEnumsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: Never
+BreakBeforeBraces: Custom
+BraceWrapping:
+    AfterClass: false
+    AfterControlStatement: false
+    AfterEnum: false
+    AfterFunction: true
+    AfterNamespace: true
+    AfterObjCDeclaration: true
+    AfterStruct: false
+    AfterUnion: false
+    AfterExternBlock: false
+    BeforeCatch: false
+    BeforeElse: false
+    IndentBraces: false
+    SplitEmptyFunction: true
+    SplitEmptyRecord: true
+    SplitEmptyNamespace: true
+BinPackArguments: false
+BinPackParameters: false
+ColumnLimit: 90
+ConstructorInitializerAllOnOneLineOrOnePerLine: true
+IncludeBlocks: Preserve
+IndentWidth: 4
+ObjCBlockIndentWidth: 4
+PointerAlignment: Right
+ReferenceAlignment: Right
+SpaceAfterCStyleCast: true
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeParens: ControlStatementsExceptForEachMacros
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles: false
+SpacesInContainerLiterals: false
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+SeparateDefinitionBlocks: Always
+UseTab: Never
+PPIndentWidth: 2

.dir-locals.el

@@ -0,0 +1,12 @@
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+
+# Tab indentation (no size specified)
+[Makefile]
+indent_style = tab

.editorconfig

@@ -0,0 +1,2 @@
+github: [stephane]
+polar: stephane

.github/FUNDING.yml

@@ -0,0 +1,20 @@
+name: Build libmodbus
+
+on:
+    push:
+        branches: ["master"]
+    pull_request:
+        branches: ["master"]
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@v3
+            - name: configure
+              run: ./autogen.sh && ./configure
+            - name: make
+              run: make
+            - name: make distcheck
+              run: make distcheck

.github/workflows/build.yml

@@ -1,3 +1,4 @@
+# Temporary files
 *~
 *.swp
 *.o
@@ -7,10 +8,14 @@
 *.trs
 .deps
 .libs
-GPATH
-GRTAGS
-GSYMS
-GTAGS
+.DS_Store
+
+# Editors
+/*.sublime-*
+/.vscode
+/.venv
+
+# Generated by Autotools
 INSTALL
 Makefile
 Makefile.in
@@ -22,25 +27,25 @@ Makefile.in
 /configure.scan
 /depcomp
 /install-sh
+/libmodbus.pc
 /libtool
 /ltmain.sh
 /missing
-/libmodbus.pc
 /stamp-h1
-/*.sublime-*
-/.vscode
 src/modbus-version.h
 src/win32/modbus.dll.manifest
+tests/unit-test.h
+
+# mkdocs
+/site
+
+# Binary
 tests/bandwidth-client
 tests/bandwidth-server-many-up
 tests/bandwidth-server-one
 tests/random-test-client
 tests/random-test-server
 tests/unit-test-client
-tests/unit-test.h
 tests/unit-test-server
 tests/version
 tests/stamp-h2
-doc/*.html
-doc/*.3
-doc/*.7

.gitignore

@@ -1,16 +1,15 @@
-How Do I Submit A Good Bug Report?
-----------------------------------
+# How Do I Submit A Good Bug Report?
 
 Please, don't send direct emails to Stéphane Raimbault unless you want
 commercial support.
 
-Take care to read the documentation at http://libmodbus.org/documentation/.
+Take care to read the documentation at http://libmodbus.org/.
 
 - *Be sure it's a bug before creating an issue*, in doubt, post a message on
-  https://groups.google.com/forum/#!forum/libmodbus or send an email to
-  [email protected]
+  <https://groups.google.com/forum/#!forum/libmodbus> or send an email to
+  <[email protected]>
 
-- *Use a clear and decriptive title* for the issue to identify
+- *Use a clear and descriptive title* for the issue to identify
 
 - *Which version of libmodbus are you using?* you can obtain this information
 from your package manager or by running `pkg-config --modversion libmodbus`.
@@ -19,11 +18,11 @@ You can provide the sha1 of the commit if you have fetched the code with `git`.
 - *Which operating system are you using?*
 
 - *Describe the exact steps which reproduce the problem* in as many details as
-possible. For example, the software/equipement which runs the Modbus server, how
+possible. For example, the software/equipment which runs the Modbus server, how
 the clients are connected (TCP, RTU, ASCII) and the source code you are using.
 
 - *Enable the debug mode*, libmodbus provides a function to display the content
 of the Modbus messages and it's very convenient to analyze issues
-(http://libmodbus.org/docs/latest/modbus_set_debug.html).
+(http://libmodbus.org/docs/modbus_set_debug/).
 
 Good bug reports provide right and quick fixes!

.travis.yml

@@ -1,40 +1,40 @@
 Please read the following carefully before submitting this new issue.
 
- - Please ensure, that you are really reporting a bug. When in doubt,
-   post a message on https://groups.google.com/forum/#!forum/libmodbus
-   or send an email to [email protected]
+- Please ensure, that you are really reporting a bug. When in doubt, post a
+  message on <https://groups.google.com/forum/#!forum/libmodbus> or send an
+  email to [email protected]
 
- - Please do not open issues to ask questions about using libmodbus.
-   Use the mailing list for this as there are many more people reading
-   that list, who could help you.
+- Please do not open issues to ask questions about using libmodbus. Use the
+  mailing list for this as there are many more people reading that list, who
+  could help you.
 
- - When using libmodbus from a distribution (Debian, Fedora...), please
-   report the bug first in the bug tracker of the distribution. The
-   reason for doing so is that the package maintainer should have a chance
-   to look at the issue first as it might be a packaging error. If/when
-   the package maintainer comes to the conclusion that is really an upstream
-   bug, then he/she will usually report it here by himself/herself.
-   This is because he/she is interested in staying in the notification chain
-   to decide about a backport as soon as a bugfix is available.
-   Otherwise you (distribution user) will be asked to do so explicitely.
+- When using libmodbus from a distribution (Debian, Fedora...), please report
+  the bug first in the bug tracker of the distribution. The reason for doing so
+  is that the package maintainer should have a chance to look at the issue first
+  as it might be a packaging error. If/when the package maintainer comes to the
+  conclusion that is really an upstream bug, then he/she will usually report it
+  here by himself/herself. This is because he/she is interested in staying in
+  the notification chain to decide about a backport as soon as a bugfix is
+  available. Otherwise you (distribution user) will be asked to do so
+  explicitly.
 
-When you get here and you are still convinced that you want report a bug:
+When you get here and you are still convinced that you want to report a bug:
 
- - *Use a clear and decriptive title* for the issue to identify
+- *Use a clear and descriptive title* for the issue to identify
 
- - *Which version of libmodbus are you using?* you can obtain this information
+- *Which version of libmodbus are you using?* you can obtain this information
    from your package manager or by running `pkg-config --modversion libmodbus`.
    You can provide the sha1 of the commit if you have fetched the code with `git`.
 
- - *Which operating system are you using?*
+- *Which operating system are you using?*
 
- - *Describe the exact steps which reproduce the problem* in as many details as
-   possible. For example, the software/equipement which runs the Modbus server, how
+- *Describe the exact steps which reproduce the problem* in as many details as
+   possible. For example, the software/equipment which runs the Modbus server, how
    the clients are connected (TCP, RTU, ASCII) and the source code you are using.
 
- - *Enable the debug mode*, libmodbus provides a function to display the content
+- *Enable the debug mode*, libmodbus provides a function to display the content
    of the Modbus messages and it's very convenient to analyze issues
-   (http://libmodbus.org/docs/latest/modbus_set_debug.html).
+   (<http://libmodbus.org/docs/modbus_set_debug/>).
 
 Good bug reports provide right and quick fixes!
 
@@ -62,11 +62,11 @@ everything up to and including the following line which starts with ---.
 
   <...>
 
-## Expected behaviour
+## Actual behavior if applicable
 
   <...>
 
-## Actual behaviour
+## Expected behavior or suggestion
 
   <...>