Bug: Slave answers with malformed packet
qdlmcfresh opened this issue · comments
Lets say the Slave receives a packet like this, with a faulty length field
packet = (
#Request - modbus_read_coil
#Block - modbus_head
b'\x01\x00' # Word - transId
b'\x00\x00' # Word - protoId
+ b'\x00' * 2 + # Word -length
b'\xff' # Byte - unit Identifier
#Block - pdu
b'\x01' # Byte - funcCode read coil memory
b'\x00\x01' # Word - start_address
b'\x00\x00' # Word - quantity
)
After correcty registering that the request is faulty, the slave will response with a malformed modbus packet with only
8 bytes length, since:
_len
first gets set to 2 here:
Lines 454 to 457 in 2996663
then substracted by 1 here:
modbus-esp8266/src/ModbusTCPTemplate.h
Lines 272 to 276 in 2996663
and reused for calculating the size of the response packet:
modbus-esp8266/src/ModbusTCPTemplate.h
Lines 336 to 343 in 2996663
The exception code gets lost in that process.
Also
modbus-esp8266/src/ModbusTCPTemplate.h
Line 275 in 2996663
is only dropping 1 byte because of
_len
always being 1
at this pointFixed in 644c324