Version in base suite: 2.9.1+ds-1 Base version: fastdds_2.9.1+ds-1 Target version: fastdds_2.9.1+ds-1+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/fastdds/fastdds_2.9.1+ds-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/f/fastdds/fastdds_2.9.1+ds-1+deb12u1.dsc changelog | 13 gbp.conf | 3 patches/backports/CVE-2023-39534.patch | 135 +++ patches/backports/CVE-2023-39945_CVE-2023-39948.patch | 778 ++++++++++++++++++ patches/backports/CVE-2023-39946_CVE-2023-39947.patch | 97 ++ patches/backports/CVE-2023-39949.patch | 28 patches/series | 4 7 files changed, 1058 insertions(+) diff -Nru fastdds-2.9.1+ds/debian/changelog fastdds-2.9.1+ds/debian/changelog --- fastdds-2.9.1+ds/debian/changelog 2023-01-31 09:57:13.000000000 +0000 +++ fastdds-2.9.1+ds/debian/changelog 2023-08-18 10:44:49.000000000 +0000 @@ -1,3 +1,16 @@ +fastdds (2.9.1+ds-1+deb12u1) bookworm-security; urgency=medium + + * Backport security fixes + - CVE-2023-39534 Malformed GAP submessage triggers assertion failure + - CVE-2023-39945 Unhandled exception on malformed data submessage + - CVE-2023-39946 Heap overflow triggered by PID_PROPERTY_LIST + - CVE-2023-39947 Heap overflow triggered by PID_PROPERTY_LIST + - CVE-2023-39948 Uncaught fastcdr exceptions + - CVE-2023-39949 Improper validation of sequence numbers + (Closes: #1043548) + + -- Timo Röhling Fri, 18 Aug 2023 12:44:49 +0200 + fastdds (2.9.1+ds-1) unstable; urgency=medium * New upstream version 2.9.1+ds diff -Nru fastdds-2.9.1+ds/debian/gbp.conf fastdds-2.9.1+ds/debian/gbp.conf --- fastdds-2.9.1+ds/debian/gbp.conf 1970-01-01 00:00:00.000000000 +0000 +++ fastdds-2.9.1+ds/debian/gbp.conf 2023-08-18 10:44:49.000000000 +0000 @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch = bookworm + diff -Nru fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39534.patch fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39534.patch --- fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39534.patch 1970-01-01 00:00:00.000000000 +0000 +++ fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39534.patch 2023-08-18 10:44:49.000000000 +0000 @@ -0,0 +1,135 @@ +From: =?utf-8?q?Timo_R=C3=B6hling?= +Date: Thu, 17 Aug 2023 23:28:40 +0200 +Subject: Improve auto gaps in data sharing + +Bug: https://github.com/eProsima/Fast-DDS/pull/3343 +Origin: https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0 +--- + src/cpp/rtps/DataSharing/DataSharingListener.cpp | 6 ++--- + src/cpp/rtps/DataSharing/ReaderPool.hpp | 6 +++++ + src/cpp/rtps/reader/StatefulReader.cpp | 6 ++--- + test/blackbox/common/RTPSBlackboxTestsBasic.cpp | 28 ++++++++++++++++++++++ + .../blackbox/common/RTPSWithRegistrationReader.hpp | 5 ++++ + 5 files changed, 45 insertions(+), 6 deletions(-) + +diff --git a/src/cpp/rtps/DataSharing/DataSharingListener.cpp b/src/cpp/rtps/DataSharing/DataSharingListener.cpp +index f6b174d..f76aa96 100644 +--- a/src/cpp/rtps/DataSharing/DataSharingListener.cpp ++++ b/src/cpp/rtps/DataSharing/DataSharingListener.cpp +@@ -157,16 +157,16 @@ void DataSharingListener::process_new_data () + pool->get_next_unread_payload(ch, last_sequence, last_payload); + has_new_payload = ch.sequenceNumber != c_SequenceNumber_Unknown; + +- if (has_new_payload) ++ if (has_new_payload && ch.sequenceNumber > SequenceNumber_t(0, 0)) + { +- if (last_sequence != c_SequenceNumber_Unknown && ch.sequenceNumber != last_sequence + 1) ++ if (last_sequence != c_SequenceNumber_Unknown && ch.sequenceNumber > last_sequence + 1) + { + EPROSIMA_LOG_WARNING(RTPS_READER, "GAP (" << last_sequence + 1 << " - " << ch.sequenceNumber - 1 << ")" + << " detected on datasharing writer " << pool->writer()); + reader_->processGapMsg(pool->writer(), last_sequence + 1, SequenceNumberSet_t(ch.sequenceNumber)); + } + +- if (last_sequence == c_SequenceNumber_Unknown && ch.sequenceNumber != SequenceNumber_t(0, 1)) ++ if (last_sequence == c_SequenceNumber_Unknown && ch.sequenceNumber > SequenceNumber_t(0, 1)) + { + EPROSIMA_LOG_INFO(RTPS_READER, "First change with SN " << ch.sequenceNumber + << " detected on datasharing writer " << +diff --git a/src/cpp/rtps/DataSharing/ReaderPool.hpp b/src/cpp/rtps/DataSharing/ReaderPool.hpp +index c5413a7..a0aa47a 100644 +--- a/src/cpp/rtps/DataSharing/ReaderPool.hpp ++++ b/src/cpp/rtps/DataSharing/ReaderPool.hpp +@@ -192,6 +192,12 @@ public: + continue; + } + ++ if (last_sn_ != c_SequenceNumber_Unknown && last_sn_ >= cache_change.sequenceNumber) ++ { ++ // Sequence number went backwards, it was most probably overriden. ++ continue; ++ } ++ + if (!ensure_reading_reference_is_in_bounds()) + { + // We may have been taken over and read a payload that is too far forward. Discard and continue +diff --git a/src/cpp/rtps/reader/StatefulReader.cpp b/src/cpp/rtps/reader/StatefulReader.cpp +index c123244..0421683 100644 +--- a/src/cpp/rtps/reader/StatefulReader.cpp ++++ b/src/cpp/rtps/reader/StatefulReader.cpp +@@ -851,7 +851,7 @@ bool StatefulReader::processGapMsg( + WriterProxy* pWP = nullptr; + + std::unique_lock lock(mp_mutex); +- if (!is_alive_) ++ if (!is_alive_ || gapStart < SequenceNumber_t(0, 1) || gapList.base() <= gapStart) + { + return false; + } +@@ -860,9 +860,9 @@ bool StatefulReader::processGapMsg( + { + // TODO (Miguel C): Refactor this inside WriterProxy + SequenceNumber_t auxSN; +- SequenceNumber_t finalSN = gapList.base() - 1; ++ SequenceNumber_t finalSN = gapList.base(); + History::const_iterator history_iterator = mp_history->changesBegin(); +- for (auxSN = gapStart; auxSN <= finalSN; auxSN++) ++ for (auxSN = gapStart; auxSN < finalSN; auxSN++) + { + if (pWP->irrelevant_change_set(auxSN)) + { +diff --git a/test/blackbox/common/RTPSBlackboxTestsBasic.cpp b/test/blackbox/common/RTPSBlackboxTestsBasic.cpp +index d056b57..4c61c6a 100644 +--- a/test/blackbox/common/RTPSBlackboxTestsBasic.cpp ++++ b/test/blackbox/common/RTPSBlackboxTestsBasic.cpp +@@ -865,6 +865,34 @@ TEST(RTPS, MultithreadedWriterCreation) + RTPSDomain::stopAll(); + } + ++/* Regression Test for improving gaps processing ++ * https://github.com/eProsima/Fast-DDS/pull/3343 ++ */ ++TEST(RTPS, RTPSCorrectGAPProcessing) ++{ ++ RTPSWithRegistrationReader reader(TEST_TOPIC_NAME); ++ RTPSWithRegistrationWriter writer(TEST_TOPIC_NAME); ++ ++ reader.durability(eprosima::fastrtps::rtps::DurabilityKind_t::TRANSIENT_LOCAL). ++ reliability(eprosima::fastrtps::rtps::ReliabilityKind_t::RELIABLE).init(); ++ ++ ASSERT_TRUE(reader.isInitialized()); ++ ++ writer.durability(eprosima::fastrtps::rtps::DurabilityKind_t::TRANSIENT_LOCAL). ++ reliability(eprosima::fastrtps::rtps::ReliabilityKind_t::RELIABLE).init(); ++ ++ ASSERT_TRUE(writer.isInitialized()); ++ ++ reader.wait_discovery(); ++ writer.wait_discovery(); ++ ++ SequenceNumberSet_t seq_set(SequenceNumber_t(0, 0)); ++ ++ //! GAP Message check ++ RTPSReader& native_reader = reader.get_native_reader(); ++ ASSERT_NO_FATAL_FAILURE(native_reader.processGapMsg(writer.guid(), {0, 0}, seq_set)); ++} ++ + #ifdef INSTANTIATE_TEST_SUITE_P + #define GTEST_INSTANTIATE_TEST_MACRO(x, y, z, w) INSTANTIATE_TEST_SUITE_P(x, y, z, w) + #else +diff --git a/test/blackbox/common/RTPSWithRegistrationReader.hpp b/test/blackbox/common/RTPSWithRegistrationReader.hpp +index 4ddb1bc..414ee06 100644 +--- a/test/blackbox/common/RTPSWithRegistrationReader.hpp ++++ b/test/blackbox/common/RTPSWithRegistrationReader.hpp +@@ -527,6 +527,11 @@ public: + return reader_->getGuid(); + } + ++ eprosima::fastrtps::rtps::RTPSReader& get_native_reader() const ++ { ++ return *reader_; ++ } ++ + private: + + void receive_one( diff -Nru fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39945_CVE-2023-39948.patch fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39945_CVE-2023-39948.patch --- fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39945_CVE-2023-39948.patch 1970-01-01 00:00:00.000000000 +0000 +++ fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39945_CVE-2023-39948.patch 2023-08-18 10:44:49.000000000 +0000 @@ -0,0 +1,778 @@ +From: =?utf-8?q?Timo_R=C3=B6hling?= +Date: Tue, 15 Aug 2023 21:23:34 +0200 +Subject: Capture all fastcdr exceptions + +Bug: https://github.com/eProsima/Fast-DDS/issues/3422 +Bug-Debian: https://bugs.debian.org/1043548 +Origin: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 +--- + src/cpp/dynamic-types/DynamicPubSubType.cpp | 18 ++-- + .../builtin/typelookup/common/TypeLookupTypes.cpp | 40 ++++---- + .../topic/DDSSQLFilter/DDSFilterExpression.cpp | 4 +- + src/cpp/rtps/transport/tcp/TCPControlMessage.cpp | 98 +++++++++---------- + .../security/cryptography/AESGCMGMAC_Transform.cpp | 106 ++++++++++----------- + 5 files changed, 136 insertions(+), 130 deletions(-) + +diff --git a/src/cpp/dynamic-types/DynamicPubSubType.cpp b/src/cpp/dynamic-types/DynamicPubSubType.cpp +index e535ab9..f1d1710 100644 +--- a/src/cpp/dynamic-types/DynamicPubSubType.cpp ++++ b/src/cpp/dynamic-types/DynamicPubSubType.cpp +@@ -108,15 +108,16 @@ bool DynamicPubSubType::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*)payload->data, payload->length); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { +- ((DynamicData*)data)->deserialize(deser); //Deserialize the object: ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; ++ //Deserialize the object: ++ ((DynamicData*)data)->deserialize(deser); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -184,14 +185,13 @@ bool DynamicPubSubType::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, eprosima::fastcdr::Cdr::DDS_CDR); + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + +- // Serialize encapsulation +- ser.serialize_encapsulation(); +- + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + ((DynamicData*)data)->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +diff --git a/src/cpp/fastdds/builtin/typelookup/common/TypeLookupTypes.cpp b/src/cpp/fastdds/builtin/typelookup/common/TypeLookupTypes.cpp +index c17b5a2..d1424df 100644 +--- a/src/cpp/fastdds/builtin/typelookup/common/TypeLookupTypes.cpp ++++ b/src/cpp/fastdds/builtin/typelookup/common/TypeLookupTypes.cpp +@@ -1204,14 +1204,15 @@ bool TypeLookup_RequestTypeSupport::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { +- type->serialize(ser); // Serialize the object: ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); ++ // Serialize the object ++ type->serialize(ser); + } +- catch(eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -1229,15 +1230,16 @@ bool TypeLookup_RequestTypeSupport::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*)payload->data, payload->max_size); + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { +- p_type->deserialize(deser); //Deserialize the object: ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; ++ // Deserialize the object ++ p_type->deserialize(deser); + } +- catch(eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -1302,14 +1304,15 @@ bool TypeLookup_ReplyTypeSupport::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { +- type->serialize(ser); // Serialize the object: ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); ++ // Serialize the object ++ type->serialize(ser); + } +- catch(eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -1326,15 +1329,16 @@ bool TypeLookup_ReplyTypeSupport::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer(reinterpret_cast(payload->data), payload->length); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { +- p_type->deserialize(deser); //Deserialize the object: ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; ++ // Deserialize the object ++ p_type->deserialize(deser); + } +- catch(eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +diff --git a/src/cpp/fastdds/topic/DDSSQLFilter/DDSFilterExpression.cpp b/src/cpp/fastdds/topic/DDSSQLFilter/DDSFilterExpression.cpp +index cf0b3b7..ec13fc0 100644 +--- a/src/cpp/fastdds/topic/DDSSQLFilter/DDSFilterExpression.cpp ++++ b/src/cpp/fastdds/topic/DDSSQLFilter/DDSFilterExpression.cpp +@@ -27,8 +27,10 @@ + #include + #include + #include ++ + #include + #include ++#include + + #include "DDSFilterCondition.hpp" + +@@ -59,7 +61,7 @@ bool DDSFilterExpression::evaluate( + deser.read_encapsulation(); + dyn_data_->deserialize(deser); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +diff --git a/src/cpp/rtps/transport/tcp/TCPControlMessage.cpp b/src/cpp/rtps/transport/tcp/TCPControlMessage.cpp +index b362367..e355eef 100644 +--- a/src/cpp/rtps/transport/tcp/TCPControlMessage.cpp ++++ b/src/cpp/rtps/transport/tcp/TCPControlMessage.cpp +@@ -157,14 +157,14 @@ bool ConnectionRequest_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -180,15 +180,15 @@ bool ConnectionRequest_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -244,14 +244,14 @@ bool OpenLogicalPortRequest_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -267,15 +267,15 @@ bool OpenLogicalPortRequest_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -332,14 +332,14 @@ bool CheckLogicalPortsRequest_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -355,15 +355,15 @@ bool CheckLogicalPortsRequest_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -419,14 +419,14 @@ bool KeepAliveRequest_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -442,15 +442,15 @@ bool KeepAliveRequest_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -506,14 +506,14 @@ bool LogicalPortIsClosedRequest_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -529,15 +529,15 @@ bool LogicalPortIsClosedRequest_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -593,14 +593,14 @@ bool BindConnectionResponse_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -616,15 +616,15 @@ bool BindConnectionResponse_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -681,14 +681,14 @@ bool CheckLogicalPortsResponse_t::serialize( + eprosima::fastcdr::Cdr ser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that serializes the data. + payload->encapsulation = ser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; +- // Serialize encapsulation +- ser.serialize_encapsulation(); + + try + { ++ // Serialize encapsulation ++ ser.serialize_encapsulation(); + p_type->serialize(ser); // Serialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +@@ -704,15 +704,15 @@ bool CheckLogicalPortsResponse_t::deserialize( + eprosima::fastcdr::FastBuffer fastbuffer((char*) payload->data, payload->length + 4); // Object that manages the raw buffer. + eprosima::fastcdr::Cdr deser(fastbuffer, eprosima::fastcdr::Cdr::DEFAULT_ENDIAN, + eprosima::fastcdr::Cdr::DDS_CDR); // Object that deserializes the data. +- // Deserialize encapsulation. +- deser.read_encapsulation(); +- payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + + try + { ++ // Deserialize encapsulation. ++ deser.read_encapsulation(); ++ payload->encapsulation = deser.endianness() == eprosima::fastcdr::Cdr::BIG_ENDIANNESS ? CDR_BE : CDR_LE; + p_type->deserialize(deser); //Deserialize the object: + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException& /*exception*/) ++ catch (eprosima::fastcdr::exception::Exception& /*exception*/) + { + return false; + } +diff --git a/src/cpp/security/cryptography/AESGCMGMAC_Transform.cpp b/src/cpp/security/cryptography/AESGCMGMAC_Transform.cpp +index c883689..9e3928a 100644 +--- a/src/cpp/security/cryptography/AESGCMGMAC_Transform.cpp ++++ b/src/cpp/security/cryptography/AESGCMGMAC_Transform.cpp +@@ -128,9 +128,9 @@ bool AESGCMGMAC_Transform::encode_serialized_payload( + serialize_SecureDataHeader(serializer, keyMat.transformation_kind, + keyMat.sender_key_id, session_id, initialization_vector_suffix); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataHeader"); + return false; + } + +@@ -145,9 +145,9 @@ bool AESGCMGMAC_Transform::encode_serialized_payload( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataBody"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataBody"); + return false; + } + +@@ -160,9 +160,9 @@ bool AESGCMGMAC_Transform::encode_serialized_payload( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataTag"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataTag"); + return false; + } + +@@ -257,7 +257,7 @@ bool AESGCMGMAC_Transform::encode_datawriter_submessage( + } + catch (eprosima::fastcdr::exception::NotEnoughMemoryException& ) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataHeader"); + return false; + } + +@@ -273,9 +273,9 @@ bool AESGCMGMAC_Transform::encode_datawriter_submessage( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataBody"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataBody"); + return false; + } + +@@ -302,9 +302,9 @@ bool AESGCMGMAC_Transform::encode_datawriter_submessage( + serializer << length; + serializer.setState(current_state); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataTag"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataTag"); + return false; + } + +@@ -395,9 +395,9 @@ bool AESGCMGMAC_Transform::encode_datareader_submessage( + serializer << length; + serializer.setState(current_state); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataHeader"); + return false; + } + +@@ -414,9 +414,9 @@ bool AESGCMGMAC_Transform::encode_datareader_submessage( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataBody"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataBody"); + return false; + } + +@@ -444,9 +444,9 @@ bool AESGCMGMAC_Transform::encode_datareader_submessage( + serializer << length; + serializer.setState(current_state); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataTag"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataTag"); + return false; + } + +@@ -536,9 +536,9 @@ bool AESGCMGMAC_Transform::encode_rtps_message( + serializer << length; + serializer.setState(current_state); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataHeader"); + return false; + } + +@@ -555,9 +555,9 @@ bool AESGCMGMAC_Transform::encode_rtps_message( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataBody"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataBody"); + return false; + } + +@@ -584,9 +584,9 @@ bool AESGCMGMAC_Transform::encode_rtps_message( + serializer << length; + serializer.setState(current_state); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to serialize SecureDataTag"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to serialize SecureDataTag"); + return false; + } + +@@ -672,9 +672,9 @@ bool AESGCMGMAC_Transform::decode_rtps_message( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataHeader"); + return false; + } + +@@ -701,9 +701,9 @@ bool AESGCMGMAC_Transform::decode_rtps_message( + { + is_encrypted = predeserialize_SecureDataBody(decoder, body_length, body_align); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataBody header"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataBody header"); + return false; + } + +@@ -784,9 +784,9 @@ bool AESGCMGMAC_Transform::decode_rtps_message( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataTag length"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataTag length"); + return false; + } + +@@ -873,9 +873,9 @@ bool AESGCMGMAC_Transform::preprocess_secure_submsg( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataHeader"); + return false; + } + +@@ -1033,9 +1033,9 @@ bool AESGCMGMAC_Transform::decode_datawriter_submessage( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataHeader"); + return false; + } + +@@ -1066,9 +1066,9 @@ bool AESGCMGMAC_Transform::decode_datawriter_submessage( + { + is_encrypted = predeserialize_SecureDataBody(decoder, body_length, body_align); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataBody header"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataBody header"); + return false; + } + +@@ -1120,9 +1120,9 @@ bool AESGCMGMAC_Transform::decode_datawriter_submessage( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataTag length"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataTag length"); + return false; + } + +@@ -1213,9 +1213,9 @@ bool AESGCMGMAC_Transform::decode_datareader_submessage( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataHeader"); + return false; + } + +@@ -1246,9 +1246,9 @@ bool AESGCMGMAC_Transform::decode_datareader_submessage( + { + is_encrypted = predeserialize_SecureDataBody(decoder, body_length, body_align); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataBody header"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataBody header"); + return false; + } + +@@ -1300,9 +1300,9 @@ bool AESGCMGMAC_Transform::decode_datareader_submessage( + return false; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataTag length"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataTag length"); + return false; + } + +@@ -1368,9 +1368,9 @@ bool AESGCMGMAC_Transform::decode_serialized_payload( + { + header = deserialize_SecureDataHeader(decoder); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataHeader"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataHeader"); + return false; + } + +@@ -1415,9 +1415,9 @@ bool AESGCMGMAC_Transform::decode_serialized_payload( + body_length -= sizeof(uint32_t) + 16; + } + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataBody header"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataBody header"); + return false; + } + +@@ -1428,9 +1428,9 @@ bool AESGCMGMAC_Transform::decode_serialized_payload( + { + deserialize_SecureDataTag(decoder, tag, {}, {}, {}, {}, {}, 0, exception); + } +- catch (eprosima::fastcdr::exception::NotEnoughMemoryException&) ++ catch (eprosima::fastcdr::exception::Exception&) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to deserialize SecureDataTag length"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to deserialize SecureDataTag length"); + return false; + } + +@@ -1577,7 +1577,7 @@ bool AESGCMGMAC_Transform::serialize_SecureDataBody( + if ((output_buffer.getBufferSize() - (serializer.getCurrentPosition() - serializer.getBufferPointer())) < + plain_buffer_len) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to copy payload"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to copy payload"); + EVP_CIPHER_CTX_free(e_ctx); + return false; + } +@@ -1639,7 +1639,7 @@ bool AESGCMGMAC_Transform::serialize_SecureDataBody( + if ((output_buffer.getBufferSize() - (serializer.getCurrentPosition() - serializer.getBufferPointer())) < + (plain_buffer_len + (2 * cipher_block_size) - 1)) + { +- EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Not enough memory to cipher payload"); ++ EPROSIMA_LOG_ERROR(SECURITY_CRYPTO, "Error in fastcdr trying to cipher payload"); + EVP_CIPHER_CTX_free(e_ctx); + return false; + } +@@ -2004,7 +2004,7 @@ bool AESGCMGMAC_Transform::deserialize_SecureDataBody( + // - EVP_DecryptUpdate needs at maximum: body_length + cipher_block_size. + if (plain_buffer_len < (protected_len + cipher_block_size)) + { +- EPROSIMA_LOG_WARNING(SECURITY_CRYPTO, "Not enough memory to decode payload"); ++ EPROSIMA_LOG_WARNING(SECURITY_CRYPTO, "Error in fastcdr trying to decode payload"); + EVP_CIPHER_CTX_free(d_ctx); + return false; + } +@@ -2034,7 +2034,7 @@ bool AESGCMGMAC_Transform::deserialize_SecureDataBody( + uint32_t cnt_len = do_encryption ? static_cast(actual_size + final_size) : body_length; + if (plain_buffer_len < cnt_len) + { +- EPROSIMA_LOG_WARNING(SECURITY_CRYPTO, "Not enough memory to decode payload"); ++ EPROSIMA_LOG_WARNING(SECURITY_CRYPTO, "Error in fastcdr trying to decode payload"); + return false; + } + diff -Nru fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39946_CVE-2023-39947.patch fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39946_CVE-2023-39947.patch --- fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39946_CVE-2023-39947.patch 1970-01-01 00:00:00.000000000 +0000 +++ fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39946_CVE-2023-39947.patch 2023-08-18 10:44:49.000000000 +0000 @@ -0,0 +1,97 @@ +From: =?utf-8?q?Timo_R=C3=B6hling?= +Date: Tue, 15 Aug 2023 21:28:02 +0200 +Subject: Improve validation on PID_PROPERTY_LIST deserialization + +Bug: https://github.com/eProsima/Fast-DDS/pull/3670 +Bug-Debian: https://bugs.debian.org/1043548 +Origin: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb +--- + .../fastdds/core/policy/ParameterSerializer.hpp | 53 +++++++++++++++++----- + 1 file changed, 42 insertions(+), 11 deletions(-) + +diff --git a/src/cpp/fastdds/core/policy/ParameterSerializer.hpp b/src/cpp/fastdds/core/policy/ParameterSerializer.hpp +index f32a3cd..0e12d5a 100644 +--- a/src/cpp/fastdds/core/policy/ParameterSerializer.hpp ++++ b/src/cpp/fastdds/core/policy/ParameterSerializer.hpp +@@ -637,39 +637,70 @@ inline bool ParameterSerializer::read_content_from_cdr_ + parameter.length = parameter_length; + + uint32_t pos_ref = cdr_message->pos; ++ uint32_t max_pos = pos_ref + parameter_length; ++ uint32_t remain = parameter_length; ++ if ((max_pos > cdr_message->length) || (remain < sizeof(uint32_t))) ++ { ++ return false; ++ } ++ + uint32_t num_properties = 0; + bool valid = fastrtps::rtps::CDRMessage::readUInt32(cdr_message, &num_properties); ++ remain -= sizeof(uint32_t); + if (!valid) + { + return false; + } +- //properties_.reserve(parameter_length - 4); + +- for (size_t i = 0; i < num_properties; ++i) ++ for (uint32_t i = 0; i < num_properties; ++i) + { +- uint32_t property1_size = 0, alignment1 = 0, property2_size = 0, alignment2 = 0, str1_pos = 0; ++ uint32_t property1_size = 0, alignment1 = 0, property2_size = 0, alignment2 = 0, str1_pos = 0, str2_pos = 0; + +- valid &= fastrtps::rtps::CDRMessage::readUInt32(cdr_message, &property1_size); ++ // Read and validate size of property name ++ remain = max_pos - cdr_message->pos; ++ valid &= (remain >= sizeof(uint32_t)) && fastrtps::rtps::CDRMessage::readUInt32(cdr_message, &property1_size); ++ remain -= sizeof(uint32_t); ++ valid = valid && (remain >= property1_size); + if (!valid) + { + return false; + } ++ + str1_pos = cdr_message->pos; ++ cdr_message->pos += property1_size; ++ remain -= property1_size; + alignment1 = ((property1_size + 3u) & ~3u) - property1_size; +- cdr_message->pos += (property1_size + alignment1); +- valid &= fastrtps::rtps::CDRMessage::readUInt32(cdr_message, &property2_size); ++ if (remain < alignment1) ++ { ++ return false; ++ } ++ cdr_message->pos += alignment1; ++ remain -= alignment1; ++ ++ // Read and validate size of property value ++ valid &= (remain >= sizeof(uint32_t)) && fastrtps::rtps::CDRMessage::readUInt32(cdr_message, &property2_size); ++ remain -= sizeof(uint32_t); ++ valid = valid && (remain >= property2_size); + if (!valid) + { + return false; + } +- parameter.push_back( +- &cdr_message->buffer[str1_pos], property1_size, +- &cdr_message->buffer[cdr_message->pos], property2_size); + ++ str2_pos = cdr_message->pos; ++ cdr_message->pos += property2_size; ++ remain -= property2_size; + alignment2 = ((property2_size + 3u) & ~3u) - property2_size; +- cdr_message->pos += (property2_size + alignment2); ++ if (remain < alignment2) ++ { ++ return false; ++ } ++ cdr_message->pos += alignment2; ++ remain -= alignment2; ++ ++ parameter.push_back( ++ &cdr_message->buffer[str1_pos], property1_size, ++ &cdr_message->buffer[str2_pos], property2_size); + } +- //Nproperties_ = num_properties; + + uint32_t length_diff = cdr_message->pos - pos_ref; + valid &= (parameter_length >= length_diff); diff -Nru fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39949.patch fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39949.patch --- fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39949.patch 1970-01-01 00:00:00.000000000 +0000 +++ fastdds-2.9.1+ds/debian/patches/backports/CVE-2023-39949.patch 2023-08-18 10:44:49.000000000 +0000 @@ -0,0 +1,28 @@ +From: =?utf-8?q?Timo_R=C3=B6hling?= +Date: Fri, 18 Aug 2023 12:30:34 +0200 +Subject: Implement a validity chek for firstSN + +Bug: https://github.com/eProsima/Fast-DDS/issues/3236 +Origin: https://github.com/eProsima/Fast-DDS/commit/3aa3ee0259deaebe3d578e0ec200947bdfe7d06f +--- + src/cpp/rtps/messages/MessageReceiver.cpp | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/cpp/rtps/messages/MessageReceiver.cpp b/src/cpp/rtps/messages/MessageReceiver.cpp +index a7f614b..ba54a8f 100644 +--- a/src/cpp/rtps/messages/MessageReceiver.cpp ++++ b/src/cpp/rtps/messages/MessageReceiver.cpp +@@ -1056,6 +1056,13 @@ bool MessageReceiver::proc_Submsg_Heartbeat( + SequenceNumber_t lastSN; + CDRMessage::readSequenceNumber(msg, &firstSN); + CDRMessage::readSequenceNumber(msg, &lastSN); ++ ++ SequenceNumber_t zeroSN; ++ if (firstSN <= zeroSN) ++ { ++ EPROSIMA_LOG_WARNING(RTPS_MSG_IN, IDSTRING "Invalid Heartbeat received (" << firstSN << " <= 0), ignoring"); ++ return false; ++ } + if (lastSN < firstSN && lastSN != firstSN - 1) + { + EPROSIMA_LOG_WARNING(RTPS_MSG_IN, IDSTRING "Invalid Heartbeat received (" << firstSN << ") - (" << diff -Nru fastdds-2.9.1+ds/debian/patches/series fastdds-2.9.1+ds/debian/patches/series --- fastdds-2.9.1+ds/debian/patches/series 2023-01-31 09:34:37.000000000 +0000 +++ fastdds-2.9.1+ds/debian/patches/series 2023-08-18 10:44:49.000000000 +0000 @@ -14,3 +14,7 @@ 0014-Fix-install-location-for-optionparser-targets.cmake.patch 0015-Fix-compatibility-with-tao-pegtl-3.x.patch 0016-Add-missing-mutex-include.patch +backports/CVE-2023-39945_CVE-2023-39948.patch +backports/CVE-2023-39946_CVE-2023-39947.patch +backports/CVE-2023-39534.patch +backports/CVE-2023-39949.patch