The memcpy writes (length - 4) bytes at offset 8 into a 50-byte buffer,
so the maximum safe length is 46 (8 + 42 = 50), not 50. With length=50
the previous check still allowed a 4-byte stack overflow.
After rewrite rules transform data (potentially changing the slot),
the code used the pre-rewrite slotNo for status tracking and timers.
Re-read slotNo after rewrite, matching the network-to-RF path.
Both functions copy packet data into 50-byte stack buffers without
validating the length parameter. Add bounds checks to reject packets
that would overflow the buffer or cause unsigned underflow.
Incoming DMRG and DMRA packets were copied into 50-byte buffers
without checking the packet length. UDP reads can return up to 500
bytes, overflowing the heap allocation. Drop oversized packets.
An empty or whitespace-only MQTT command message caused an unhandled
std::out_of_range exception that terminated the process. Check for
empty args before accessing. Also add null check on m_mqtt before
publishing response.
The background network thread started by mosquitto_loop_start() was not
being stopped before mosquitto_destroy(), which can cause a use-after-free
if the thread is still running when the mosquitto structure is freed.
The MQTT client ID was generated using sprintf with %ld and time(nullptr).
On platforms with 32-bit userland but 64-bit kernel (such as Raspberry Pi OS
and some custom Alpine Linux builds), time_t is a 64-bit long long but %ld
only reads 32 bits. Since the upper 32 bits of the current Unix timestamp
are zero, this always produces a client ID ending in .0, causing collisions
when multiple instances or restarts occur.
Replace time()-based client IDs with PID-based IDs using getpid(), which is
always a portable 32-bit value and unique per process. Platform-guarded for
Windows (_getpid) and POSIX (getpid).
There's a do...while(m_signal==1) intended to allow a SIGHUP (1) to
cause a restart, rather than an exit. But the current code doesn't
reset m_killed, so it does instantiate a new DMRGateway object, but
immediately exits.
