scan_mac_cmds doesn't handle erroneous MAC commands

[terrillmoore]

I'm wondering why 0 is returned in the error case, because in scan_mac_cmds I see no check except for line 887, which doesn't do what the comment says.

arduino-lmic/src/lmic/lmic.c

Lines 886 to 887 in 5322dd1

	int const cmdlen = getMacCmdSize(cmd);
	if (cmdlen > olen - oidx) {

Originally posted by @sualko in #481

[terrillmoore]

Yes, that's a bug too -- no test cases for bad mac commands, even in certification. (Which is probably a security issue -- we need to be able to fuzz the inputs from the radio.) getMacCmdSize() returns 0 if the command is not a recognized command. Since commands are always at least 1 byte long, this is an unambiguous indication of error; which the caller currently ignores.

The int cmdlen is sort of wrong, too, but chosen because olen and oidx are both int as well. It will be promoted in the comparison anyway, Since getMacCmdSize returns u1_t, we can just compare to zero, because cmdlen can't be negative. (We could also trust the compiler to optimize, but it might be as likely to warn pedantically "cmdlen can never be negative"; or we could change cmdlen to u1_t and let the compiler promote to int during the comparison.)

if (cmdlen == 0 || cmdlen > olen - oidx)