Uncaught exception in error handling of invalid messages in ocpp message callbacks.

[SohamG]

Hello,

During fuzz testing of everest, the following bug was discovered. It would seem that the bug described below is visible as a consequence of the fix for the previous report in #1104.

Unwanted behaviour:

• EVerest crashes when receiving invalid messages from the CSMS when the size of the message combined with the size of the EVerest generated error text is larger than 255 characters (or perhaps bytes).

I believe this is due to the function "security_event_notification_req" in libocpp/lib/ocpp/v2/functional_blocks/security.cpp takes a CiString<255> without the Truncate option set. This function gets called in the catch block in the error handling of the ocpp chargepoint message_callbacks functions which causes an uncaught exception.

I can share coredumps if needed.

Affiliation: Discovery Partners Institute, University of Illinois Chicago, under Prof Rigel Gjomemo

[hikinggrass]

I could not reproduce this with libocpp after #1118 was merged, do you still see this issue? If yes, can you share the payload that you used, I tried replicating it with an OCRd version of your screenshot but as already mentioned, could not reproduce it