DELUGE: tos-deluge corrupts mote ram data (AT45DB erase/inject commands)

[mcerveny]

"tos-deluge" corrupts mote ram data when erasing "ident" header (AT45DB erase/inject commands).

It is part of AT45DB erasing. "tos-deluge" sends too large serial packet and memcpy() destroys mote ram data. "tos-deluge" is trying to write "0xff" * DELUGE_IDENT_SIZE (==128) that is larger than usual serial packet length (SERIAL_DATA_LENGTH==28-8) and that is larger than prepared buffer size (uint8_t buffer[TOSH_DATA_LENGTH]).

Erasing of "nx_uint32_t uidhash;" at the begining of DelugeIdent structure seems to be sufficient.

M.C>

[vlahan]

Good catch. In addition to limiting this to the metadata, the erase should do the same payload length sanitation as the other commands like write , i.e.:

    # Calculates the payload size for the current packet
    if length >= SERIAL_DATA_LENGTH:
        sreqpkt.length = SERIAL_DATA_LENGTH
    else:
        sreqpkt.length = length
    sreqpkt.data = data[sreqpkt.offset:sreqpkt.offset+sreqpkt.length]

etc.