From 8dd1d4e4ae633eea3e7f80f8b0cde9aef35c7bee Mon Sep 17 00:00:00 2001
From: Stefan Wahren <info@lategoodbye.de>
Date: Wed, 3 Jul 2013 20:30:20 +0200
Subject: [PATCH 1/5] bugfix for +1 error in VIFE parser now VIFE and DIFE
 behave equal

---
 mbus/mbus-protocol.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mbus/mbus-protocol.c b/mbus/mbus-protocol.c
index b9243c6..8109c8d 100755
--- a/mbus/mbus-protocol.c
+++ b/mbus/mbus-protocol.c
@@ -2835,7 +2835,7 @@ mbus_data_variable_parse(mbus_frame *frame, mbus_data_variable *data)
                 {
                     unsigned char vife;
                     
-                    if (record->drh.vib.nvife > NITEMS(record->drh.vib.vife))
+                    if (record->drh.vib.nvife >= NITEMS(record->drh.vib.vife))
                     {
                         mbus_data_record_free(record);
                         snprintf(error_str, sizeof(error_str), "Too many VIFE.");

From 551176911fae1456265a39ed83936a2a433e59c6 Mon Sep 17 00:00:00 2001
From: Stefan Wahren <info@lategoodbye.de>
Date: Wed, 3 Jul 2013 20:34:30 +0200
Subject: [PATCH 2/5] fix memory leaks in error case

---
 mbus/mbus-protocol.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mbus/mbus-protocol.c b/mbus/mbus-protocol.c
index 8109c8d..81739e1 100755
--- a/mbus/mbus-protocol.c
+++ b/mbus/mbus-protocol.c
@@ -4047,11 +4047,13 @@ mbus_frame_get_secondary_address(mbus_frame *frame)
     if (frame->control_information != MBUS_CONTROL_INFO_RESP_VARIABLE)
     {
         snprintf(error_str, sizeof(error_str), "Non-variable data response (can't get secondary address from response).");
+        mbus_frame_data_free(data);
         return NULL;
     }
 
     if (mbus_frame_data_parse(frame, data) == -1)
     {
+        mbus_frame_data_free(data);
         return NULL;
     }
 

From 70f23567a80e717027cc438d676d3b17900a8386 Mon Sep 17 00:00:00 2001
From: Stefan Wahren <info@lategoodbye.de>
Date: Wed, 3 Jul 2013 20:36:43 +0200
Subject: [PATCH 3/5] fix potential segmentation fault

---
 mbus/mbus-protocol.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mbus/mbus-protocol.c b/mbus/mbus-protocol.c
index 81739e1..39d8c03 100755
--- a/mbus/mbus-protocol.c
+++ b/mbus/mbus-protocol.c
@@ -2181,16 +2181,16 @@ mbus_data_record_decode(mbus_data_record *record)
     static char buff[768];
     unsigned char vif, vife;
     
-    // ignore extension bit
-    vif = (record->drh.vib.vif & MBUS_DIB_VIF_WITHOUT_EXTENSION);       
-    vife = (record->drh.vib.vife[0] & MBUS_DIB_VIF_WITHOUT_EXTENSION);
-
     if (record)
     {
         int val;
         float val3;
         long long val4;
         struct tm time;
+        
+        // ignore extension bit
+        vif = (record->drh.vib.vif & MBUS_DIB_VIF_WITHOUT_EXTENSION);       
+        vife = (record->drh.vib.vife[0] & MBUS_DIB_VIF_WITHOUT_EXTENSION);
             
         switch (record->drh.dib.dif & 0x0F)
         {

From 7b897494fd3514d9382e26e044472ed2b865cbce Mon Sep 17 00:00:00 2001
From: Stefan Wahren <info@lategoodbye.de>
Date: Wed, 3 Jul 2013 20:46:47 +0200
Subject: [PATCH 4/5] Improve wildcard search - handle collisions after request
 for secondary address - check frame type correctly - ignore M-Bus devices
 without secondary address

---
 mbus/mbus-protocol-aux.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/mbus/mbus-protocol-aux.c b/mbus/mbus-protocol-aux.c
index 0987709..ddbabfd 100755
--- a/mbus/mbus-protocol-aux.c
+++ b/mbus/mbus-protocol-aux.c
@@ -2113,11 +2113,19 @@ mbus_probe_secondary_address(mbus_handle *handle, const char *mask, char *matchi
         }
 
         if (ret == MBUS_RECV_RESULT_INVALID)
+        {
+            /* check for more data (collision) */
+		    mbus_purge_frames(handle);
+            return MBUS_PROBE_COLLISION;
+        }
+        
+        /* check for more data (collision) */
+        if (mbus_purge_frames(handle))
         {
             return MBUS_PROBE_COLLISION;
         }
 
-        if (mbus_frame_type(&reply) != MBUS_FRAME_TYPE_ACK)
+        if (mbus_frame_type(&reply) == MBUS_FRAME_TYPE_LONG)
         {
             char *addr = mbus_frame_get_secondary_address(&reply);
 
@@ -2125,6 +2133,7 @@ mbus_probe_secondary_address(mbus_handle *handle, const char *mask, char *matchi
             {
                 // show error message, but procede with scan
                 MBUS_ERROR("Failed to generate secondary address from M-Bus reply frame: %s\n", mbus_error_str());
+                return MBUS_PROBE_NOTHING;
             }
             
             snprintf(matching_addr, 17, "%s", addr);
@@ -2138,7 +2147,7 @@ mbus_probe_secondary_address(mbus_handle *handle, const char *mask, char *matchi
         }
         else
         {
-            MBUS_ERROR("%s: Unexpected reply for address [mask %s]. Got ACK, expected data.\n",
+            MBUS_ERROR("%s: Unexpected reply for address [mask %s]. Expected long frame.\n",
                        __PRETTY_FUNCTION__, mask);
             return MBUS_PROBE_NOTHING;
         }

From dcc9e2c2b434c6c1379ad3bda2093f2fa75f1e39 Mon Sep 17 00:00:00 2001
From: Stefan Wahren <info@lategoodbye.de>
Date: Wed, 3 Jul 2013 20:52:27 +0200
Subject: [PATCH 5/5] fix indent

---
 mbus/mbus-protocol-aux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mbus/mbus-protocol-aux.c b/mbus/mbus-protocol-aux.c
index ddbabfd..60cdef4 100755
--- a/mbus/mbus-protocol-aux.c
+++ b/mbus/mbus-protocol-aux.c
@@ -2115,7 +2115,7 @@ mbus_probe_secondary_address(mbus_handle *handle, const char *mask, char *matchi
         if (ret == MBUS_RECV_RESULT_INVALID)
         {
             /* check for more data (collision) */
-		    mbus_purge_frames(handle);
+            mbus_purge_frames(handle);
             return MBUS_PROBE_COLLISION;
         }