From 0126286f75bed55eb5ddae619ea1d719e20ceb0f Mon Sep 17 00:00:00 2001
From: Orne Brocaar <info@brocaar.com>
Date: Wed, 15 Feb 2023 12:04:11 +0000
Subject: [PATCH] Add missing validation to avoid enqueue on fPort=0.

---
 chirpstack/src/storage/device_queue.rs | 31 ++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/chirpstack/src/storage/device_queue.rs b/chirpstack/src/storage/device_queue.rs
index 95176fb0..e8510760 100644
--- a/chirpstack/src/storage/device_queue.rs
+++ b/chirpstack/src/storage/device_queue.rs
@@ -24,6 +24,18 @@ pub struct DeviceQueueItem {
     pub timeout_after: Option<DateTime<Utc>>,
 }
 
+impl DeviceQueueItem {
+    fn validate(&self) -> Result<(), Error> {
+        if self.f_port == 0 || self.f_port > 255 {
+            return Err(Error::Validation(
+                "FPort must be between 1 - 255".to_string(),
+            ));
+        }
+
+        Ok(())
+    }
+}
+
 impl Default for DeviceQueueItem {
     fn default() -> Self {
         let now = Utc::now();
@@ -43,6 +55,8 @@ impl Default for DeviceQueueItem {
 }
 
 pub async fn enqueue_item(qi: DeviceQueueItem) -> Result<DeviceQueueItem, Error> {
+    qi.validate()?;
+
     let qi = task::spawn_blocking({
         move || -> Result<DeviceQueueItem, Error> {
             let mut c = get_db_conn()?;
@@ -214,6 +228,23 @@ pub mod test {
         )
         .await;
 
+        // invalid fport
+        let qi = DeviceQueueItem {
+            dev_eui: d.dev_eui,
+            f_port: 0,
+            data: vec![0x01, 0x02, 0x03],
+            ..Default::default()
+        };
+        assert!(enqueue_item(qi).await.is_err());
+
+        let qi = DeviceQueueItem {
+            dev_eui: d.dev_eui,
+            f_port: 256,
+            data: vec![0x01, 0x02, 0x03],
+            ..Default::default()
+        };
+        assert!(enqueue_item(qi).await.is_err());
+
         // create
         let mut qi = DeviceQueueItem {
             dev_eui: d.dev_eui,