Merge remote-tracking branch 'origin/1.4' into merge_14_master_22

jpfr · Oct 3, 2024 · 43e2b04 · 43e2b04
2 parents 64c0a25 + d1c154c
commit 43e2b04
Show file tree

Hide file tree

Showing 24 changed files with 1,726 additions and 484 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -37,7 +37,7 @@ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 # overwritten with more detailed information if git is available.
 set(OPEN62541_VER_MAJOR 1)
 set(OPEN62541_VER_MINOR 4)
-set(OPEN62541_VER_PATCH 4)
+set(OPEN62541_VER_PATCH 5)
 set(OPEN62541_VER_LABEL "-undefined") # like "-rc1" or "-g4538abcd" or "-g4538abcd-dirty"
 set(OPEN62541_VER_COMMIT "unknown-commit")
 

diff --git a/plugins/crypto/mbedtls/certificategroup.c b/plugins/crypto/mbedtls/certificategroup.c
diff --git a/plugins/crypto/openssl/certificategroup.c b/plugins/crypto/openssl/certificategroup.c
diff --git a/plugins/ua_config_default.c b/plugins/ua_config_default.c
@@ -432,7 +432,12 @@ setDefaultConfig(UA_ServerConfig *conf, UA_UInt16 portNumber) {
 
     /* Certificate Verification that accepts every certificate. Can be
      * overwritten when the policy is specialized. */
+    if(conf->secureChannelPKI.clear)
+        conf->secureChannelPKI.clear(&conf->secureChannelPKI);
     UA_CertificateGroup_AcceptAll(&conf->secureChannelPKI);
+
+    if(conf->sessionPKI.clear)
+        conf->sessionPKI.clear(&conf->sessionPKI);
     UA_CertificateGroup_AcceptAll(&conf->sessionPKI);
 
     /* * Global Node Lifecycle * */
@@ -1017,6 +1022,8 @@ UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf,
     paramsMap.map = params;
     paramsMap.mapSize = paramsSize;
 
+    if(conf->secureChannelPKI.clear)
+        conf->secureChannelPKI.clear(&conf->secureChannelPKI);
     UA_NodeId defaultApplicationGroup =
            UA_NODEID_NUMERIC(0, UA_NS0ID_SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP);
     retval = UA_CertificateGroup_Memorystore(&conf->secureChannelPKI, &defaultApplicationGroup, &list, conf->logging, &paramsMap);
@@ -1025,6 +1032,8 @@ UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf,
         return retval;
     }
 
+    if(conf->sessionPKI.clear)
+        conf->sessionPKI.clear(&conf->sessionPKI);
     UA_NodeId defaultUserTokenGroup =
             UA_NODEID_NUMERIC(0, UA_NS0ID_SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP);
     retval = UA_CertificateGroup_Memorystore(&conf->sessionPKI, &defaultUserTokenGroup, &list, conf->logging, &paramsMap);
@@ -1631,6 +1640,8 @@ UA_ClientConfig_setDefaultEncryption(UA_ClientConfig *config,
     paramsMap.map = params;
     paramsMap.mapSize = paramsSize;
 
+    if(config->certificateVerification.clear)
+        config->certificateVerification.clear(&config->certificateVerification);
     UA_NodeId defaultApplicationGroup =
            UA_NODEID_NUMERIC(0, UA_NS0ID_SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP);
     retval = UA_CertificateGroup_Memorystore(&config->certificateVerification, &defaultApplicationGroup, &list, config->logging, &paramsMap);

diff --git a/src/client/ua_client_connect.c b/src/client/ua_client_connect.c
@@ -196,7 +196,7 @@ signActivateSessionRequest(UA_Client *client, UA_SecureChannel *channel,
         UA_ByteString signData = UA_BYTESTRING_NULL;
         size_t signDataSize =
             channel->remoteCertificate.length + client->serverSessionNonce.length;
-        if(dataToSignSize > MAX_DATA_SIZE) {
+        if(signDataSize > MAX_DATA_SIZE) {
             retval = UA_STATUSCODE_BADINTERNALERROR;
             goto cleanup;
         }

diff --git a/src/pubsub/ua_pubsub.h b/src/pubsub/ua_pubsub.h
@@ -260,6 +260,8 @@ typedef struct UA_PubSubConnection {
     size_t readerGroupsSize;
     LIST_HEAD(, UA_ReaderGroup) readerGroups;
 
+    UA_DateTime silenceErrorUntil; /* Avoid generating too many logs */
+
     UA_Boolean deleteFlag; /* To be deleted - in addition to the PubSubState */
     UA_DelayedCallback dc; /* For delayed freeing */
 } UA_PubSubConnection;

diff --git a/src/pubsub/ua_pubsub_connection.c b/src/pubsub/ua_pubsub_connection.c
@@ -79,9 +79,13 @@ UA_PubSubConnection_decodeNetworkMessage(UA_PubSubManager *psm,
 
 loops_exit:
     if(!processed) {
-        UA_LOG_WARNING_PUBSUB(psm->logging, connection,
-                              "Could not decode the received NetworkMessage "
-                              "-- No matching ReaderGroup");
+        UA_DateTime nowM = UA_DateTime_nowMonotonic();
+        if(connection->silenceErrorUntil < nowM) {
+            UA_LOG_WARNING_PUBSUB(psm->logging, connection,
+                                  "Could not decode the received NetworkMessage "
+                                  "-- No matching ReaderGroup");
+            connection->silenceErrorUntil = nowM + (UA_DateTime)(10.0 * UA_DATETIME_SEC);
+        }
         UA_NetworkMessage_clear(nm);
         return UA_STATUSCODE_BADINTERNALERROR;
     }
@@ -284,7 +288,7 @@ UA_PubSubConnection_process(UA_PubSubManager *psm, UA_PubSubConnection *c,
         if(rg->head.state != UA_PUBSUBSTATE_OPERATIONAL &&
            rg->head.state != UA_PUBSUBSTATE_PREOPERATIONAL)
             continue;
-        if(rg->config.rtLevel != UA_PUBSUB_RT_FIXED_SIZE) {
+        if(!(rg->config.rtLevel & UA_PUBSUB_RT_FIXED_SIZE)) {
             nonRtRg = rg;
             continue;
         } 
@@ -323,17 +327,21 @@ UA_PubSubConnection_process(UA_PubSubManager *psm, UA_PubSubConnection *c,
         if(rg->head.state != UA_PUBSUBSTATE_OPERATIONAL &&
            rg->head.state != UA_PUBSUBSTATE_PREOPERATIONAL)
             continue;
-        if(rg->config.rtLevel == UA_PUBSUB_RT_FIXED_SIZE)
+        if(rg->config.rtLevel & UA_PUBSUB_RT_FIXED_SIZE)
             continue;
         processed |= UA_ReaderGroup_process(psm, rg, &nm);
     }
     UA_NetworkMessage_clear(&nm);
 
  finish:
     if(!processed) {
-        UA_LOG_WARNING_PUBSUB(psm->logging, c,
-                              "Message received that could not be processed. "
-                              "Check PublisherID, WriterGroupID and DatasetWriterID.");
+        UA_DateTime nowM = UA_DateTime_nowMonotonic();
+        if(c->silenceErrorUntil < nowM) {
+            UA_LOG_WARNING_PUBSUB(psm->logging, c,
+                                  "Message received that could not be processed. "
+                                  "Check PublisherID, WriterGroupID and DatasetWriterID.");
+            c->silenceErrorUntil = nowM + (UA_DateTime)(10.0 * UA_DATETIME_SEC);
+        }
     }
 }
 

diff --git a/src/pubsub/ua_pubsub_dataset.c b/src/pubsub/ua_pubsub_dataset.c
@@ -581,8 +581,6 @@ UA_PublishedDataSet_create(UA_PubSubManager *psm,
         UA_PubSubConfigurationVersionTimeDifference(el->dateTime_now(el));
     switch(newConfig->publishedDataSetType) {
     case UA_PUBSUB_DATASET_PUBLISHEDEVENTS_TEMPLATE:
-        res = UA_STATUSCODE_BADNOTSUPPORTED;
-        break;
     case UA_PUBSUB_DATASET_PUBLISHEDEVENTS:
         res = UA_STATUSCODE_BADNOTSUPPORTED;
         break;

diff --git a/src/pubsub/ua_pubsub_reader.c b/src/pubsub/ua_pubsub_reader.c
@@ -536,7 +536,7 @@ DataSetReader_processRaw(UA_PubSubManager *psm, UA_DataSetReader *dsr,
         }
 
         /* Write the value */
-        if(tv->beforeWrite || tv->externalDataValue) {
+        if(tv->externalDataValue) {
             if(tv->beforeWrite)
                 tv->beforeWrite(psm->sc.server, &dsr->head.identifier,
                                 &dsr->linkedReaderGroup->head.identifier,

diff --git a/src/pubsub/ua_pubsub_writer.c b/src/pubsub/ua_pubsub_writer.c
@@ -728,23 +728,16 @@ UA_DataSetWriter_generateDataSetMessage(UA_PubSubManager *psm,
         if((u64)jsonDsm->dataSetMessageContentMask &
            (u64)UA_JSONDATASETMESSAGECONTENTMASK_METADATAVERSION) {
             dataSetMessage->header.configVersionMajorVersionEnabled = true;
-            if(!pds) {
-                /* Heartbeat */
-                dataSetMessage->header.configVersionMajorVersion = 0;
-            } else {
-                dataSetMessage->header.configVersionMajorVersion =
-                pds->dataSetMetaData.configurationVersion.majorVersion;
-            }
-       }
-        if((u64)jsonDsm->dataSetMessageContentMask &
-           (u64)UA_JSONDATASETMESSAGECONTENTMASK_METADATAVERSION) {
             dataSetMessage->header.configVersionMinorVersionEnabled = true;
             if(!pds) {
                 /* Heartbeat */
+                dataSetMessage->header.configVersionMajorVersion = 0;
                 dataSetMessage->header.configVersionMinorVersion = 0;
             } else {
+                dataSetMessage->header.configVersionMajorVersion =
+                    pds->dataSetMetaData.configurationVersion.majorVersion;
                 dataSetMessage->header.configVersionMinorVersion =
-                pds->dataSetMetaData.configurationVersion.minorVersion;
+                    pds->dataSetMetaData.configurationVersion.minorVersion;
             }
        }
 

diff --git a/src/server/ua_server_utils.c b/src/server/ua_server_utils.c
@@ -36,9 +36,6 @@ getNodeType(UA_Server *server, const UA_NodeHead *head) {
     UA_Boolean inverse;
     switch(head->nodeClass) {
     case UA_NODECLASS_OBJECT:
-        parentRefIndex = UA_REFERENCETYPEINDEX_HASTYPEDEFINITION;
-        inverse = false;
-        break;
     case UA_NODECLASS_VARIABLE:
         parentRefIndex = UA_REFERENCETYPEINDEX_HASTYPEDEFINITION;
         inverse = false;

diff --git a/src/server/ua_services_nodemanagement.c b/src/server/ua_services_nodemanagement.c
@@ -370,10 +370,11 @@ typeCheckVariableNode(UA_Server *server, UA_Session *session,
     }
 
     /* Type-check the value */
-    if(retval == UA_STATUSCODE_GOOD &&
-       !compatibleValue(server, session, &node->dataType, node->valueRank,
-                        node->arrayDimensionsSize, node->arrayDimensions,
-                        &value.value, NULL, &reason)) {
+    UA_Boolean compatible =
+        compatibleValue(server, session, &node->dataType,
+            node->valueRank, node->arrayDimensionsSize,
+            node->arrayDimensions, &value.value, NULL, &reason);
+    if(!compatible) {
         UA_LOG_INFO_SESSION(server->config.logging, session,
                             "AddNode (%N): The VariableNode value has "
                             "failed the type check with reason %s. ",
@@ -1576,10 +1577,9 @@ addNode_finish(UA_Server *server, UA_Session *session, const UA_NodeId *nodeId)
     }
 
  cleanup:
+    UA_NODESTORE_RELEASE(server, node);
     if(type)
         UA_NODESTORE_RELEASE(server, type);
-    if(node)
-        UA_NODESTORE_RELEASE(server, node);
     if(retval != UA_STATUSCODE_GOOD)
         deleteNode(server, *nodeId, true);
     return retval;

diff --git a/src/server/ua_subscription.c b/src/server/ua_subscription.c
@@ -143,9 +143,9 @@ UA_Notification_enqueueAndTrigger(UA_Server *server, UA_Notification *n) {
         mon->triggeredUntil > nowMonotonic)) {
         UA_Notification_enqueueSub(n);
         mon->triggeredUntil = UA_INT64_MIN;
-        UA_LOG_DEBUG_SUBSCRIPTION(server->config.logging, mon->subscription,
+        UA_LOG_DEBUG_SUBSCRIPTION(server->config.logging, sub,
                                   "Notification enqueued (Queue size %lu)",
-                                  (long unsigned)mon->subscription->notificationQueueSize);
+                                  (long unsigned)sub->notificationQueueSize);
     }
 
     /* Insert into the MonitoredItem. This checks the queue size and

diff --git a/src/server/ua_subscription_eventfilter.c b/src/server/ua_subscription_eventfilter.c
@@ -29,17 +29,17 @@ static UA_Ternary
 UA_Ternary_and(UA_Ternary first, UA_Ternary second) {
     if(first == UA_TERNARY_FALSE || second == UA_TERNARY_FALSE)
         return UA_TERNARY_FALSE;
-    if(first == UA_TERNARY_TRUE && second == UA_TERNARY_TRUE)
-        return UA_TERNARY_TRUE;
-    return UA_TERNARY_NULL;
+    if(first == UA_TERNARY_NULL || second == UA_TERNARY_NULL)
+        return UA_TERNARY_NULL;
+    return UA_TERNARY_TRUE;
 }
 
 static UA_Ternary
 UA_Ternary_or(UA_Ternary first, UA_Ternary second) {
     if(first == UA_TERNARY_TRUE || second == UA_TERNARY_TRUE)
         return UA_TERNARY_TRUE;
     if(first == UA_TERNARY_NULL || second == UA_TERNARY_NULL)
-        return UA_TERNARY_TRUE;
+        return UA_TERNARY_NULL;
     return UA_TERNARY_FALSE;
 }
 

diff --git a/src/ua_securechannel.c b/src/ua_securechannel.c
@@ -71,6 +71,7 @@ hideErrors(UA_TcpErrorMessage *const error) {
     switch(error->error) {
     case UA_STATUSCODE_BADCERTIFICATEUNTRUSTED:
     case UA_STATUSCODE_BADCERTIFICATEREVOKED:
+    case UA_STATUSCODE_BADCERTIFICATEISSUERREVOKED:
         error->error = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
         error->reason = UA_STRING_NULL;
         break;

diff --git a/src/ua_types.c b/src/ua_types.c
@@ -1638,7 +1638,7 @@ extensionObjectOrder(const UA_ExtensionObject *p1, const UA_ExtensionObject *p2,
     case UA_EXTENSIONOBJECT_DECODED:
     default: {
             const UA_DataType *type1 = p1->content.decoded.type;
-            const UA_DataType *type2 = p1->content.decoded.type;
+            const UA_DataType *type2 = p2->content.decoded.type;
             if(type1 != type2)
                 return ((uintptr_t)type1 < (uintptr_t)type2) ? UA_ORDER_LESS : UA_ORDER_MORE;
             if(!type1)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -349,6 +349,7 @@ endif()
 
 if(UA_ENABLE_ENCRYPTION)
     ua_add_test(client/check_client_encryption.c)
+    ua_add_test(encryption/check_crl_validation.c)
 
     if(UA_ENABLE_ENCRYPTION_OPENSSL OR UA_ENABLE_ENCRYPTION_MBEDTLS)
         ua_add_test(client/check_client_authentication.c)