If the value in the field of length in MBAP header is invalid/inconsistent with the following bytes (PDU length), e.g, larger than the specification limit, what does Modbus Organization officially provide?
How will the Modbus/TCP slave handle the message? Reject it? Will you answer with the exception or something else? Couldn't find the answer in http://www.modbus.org/specs.php
I interpret "MODBUS Messaging on TCP/IP Implementation Guide V1.0b", section 3.1.2, as any message (source either client or server) where the message length field data does not correspond with the actual message length as an invalid messageto be discarded and an error response generated. It's basic protection against message corruption, accidental or deliberate.
3.1.2 MODBUS On TCP/IP Application Data Unit
When MODBUS is carried over TCP, additional length information is carried in the MBAP header to allow the recipient to recognize message boundaries even if the message has been split into multiple packets for transmission. The existence of explicit and implicit length rules, and use of a CRC-32 error check code (on Ethernet) results in an infinitesimal chance of undetected corruption to a request or response message.