From 20e017678b0247991dd0d87d93b36cb881a9f115 Mon Sep 17 00:00:00 2001 From: Dominic Griesel Date: Tue, 9 Apr 2024 15:02:57 +0200 Subject: [PATCH 1/3] fix: disallow associating a node with itself --- packages/cc/src/lib/utils.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/cc/src/lib/utils.ts b/packages/cc/src/lib/utils.ts index 13bcc2fb8e70..d30eb2193aef 100644 --- a/packages/cc/src/lib/utils.ts +++ b/packages/cc/src/lib/utils.ts @@ -362,6 +362,14 @@ export async function addAssociations( ); } + // Disallow associating a node with itself + if (destinations.some((d) => d.nodeId === endpoint.nodeId)) { + throw new ZWaveError( + `Associating a node with itself is not allowed!`, + ZWaveErrorCodes.AssociationCC_NotAllowed, + ); + } + const assocGroupCount = assocInstance?.getGroupCountCached(applHost, endpoint) ?? 0; const mcGroupCount = mcInstance?.getGroupCountCached(applHost, endpoint) From da2abeaf03ac28591498a7b7cf566e7e461b4101 Mon Sep 17 00:00:00 2001 From: Dominic Griesel Date: Tue, 9 Apr 2024 15:04:41 +0200 Subject: [PATCH 2/3] fix: skip self-associations when rebuilding routes --- packages/zwave-js/src/lib/controller/Controller.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/zwave-js/src/lib/controller/Controller.ts b/packages/zwave-js/src/lib/controller/Controller.ts index 975347107da6..c6adbd1aaf8a 100644 --- a/packages/zwave-js/src/lib/controller/Controller.ts +++ b/packages/zwave-js/src/lib/controller/Controller.ts @@ -4446,6 +4446,8 @@ supported CCs: ${ ) // ...except the controller itself, which was handled by step 2 .filter((id) => id !== this._ownNodeId!) + // ...and the node itself + .filter((id) => id !== nodeId) .sort(); } catch { /* ignore */ From 91d41b15f469cb89640fc0a2f916f1dddab4c7eb Mon Sep 17 00:00:00 2001 From: Dominic Griesel Date: Tue, 9 Apr 2024 15:07:16 +0200 Subject: [PATCH 3/3] fix: add check to isAssociationAllowed --- packages/cc/src/lib/utils.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/cc/src/lib/utils.ts b/packages/cc/src/lib/utils.ts index d30eb2193aef..d3c87a3a6f06 100644 --- a/packages/cc/src/lib/utils.ts +++ b/packages/cc/src/lib/utils.ts @@ -130,6 +130,9 @@ export function isAssociationAllowed( // The following checks don't apply to Lifeline associations if (destination.nodeId === applHost.ownNodeId) return true; + // Disallow self-associations + if (destination.nodeId === endpoint.nodeId) return false; + // For Association version 1 and version 2 / MCA version 1-3: // A controlling node MUST NOT associate Node A to a Node B destination // if Node A and Node B’s highest Security Class are not identical. @@ -362,7 +365,8 @@ export async function addAssociations( ); } - // Disallow associating a node with itself + // Disallow associating a node with itself. This is technically checked as part of + // isAssociationAllowed, but here we provide a better error message. if (destinations.some((d) => d.nodeId === endpoint.nodeId)) { throw new ZWaveError( `Associating a node with itself is not allowed!`,