psmattas/android_system_qcom-lineage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

softap: sscanf sanity check for SoftAP service

Browse Source 
The sscanf return value is verified whether the three channel
variables, i.e. start channel, end channel and channel band,
are properly updated. If malformed input is given to sscanf, then
these variables may not properly updated. To provide validation
of input,  verifying that sscanf returned a correct value of 3.

Change-Id: Ibd185e7a0ffcf5803927990531fc33f0e8977cc9
CRs-fixed: 554349
This commit is contained in:
Shake M Subhani
2013-11-06 17:39:46 +05:30
committed by Arne Coucheron
parent 52fd77178b
commit 5d5650caf1
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
softap/sdk/qsap_api.c
View File

@@ -1352,8 +1352,13 @@ int qsap_set_channel_range(s8 *buf)
if (ENABLE != is_softap_enabled()) {
strncpy(wrq.ifr_name, "wlan0", sizeof(wrq.ifr_name));
sta_chan_range.subioctl = WE_SET_SAP_CHANNELS;
sscanf(temp, "%d %d %d", &(sta_chan_range.stastartchan),
ret = sscanf(temp, "%d %d %d", &(sta_chan_range.stastartchan),
&(sta_chan_range.staendchan), &(sta_chan_range.staband));
if (3 != ret) {
ALOGE("%s : sscanf is not successful\n", __func__);
close(sock);
goto error;
}
memcpy(wrq.u.name, (char *)(&sta_chan_range), sizeof(sta_chan_range));
ALOGE("%s :Softap is off,Send SET_CHANNEL_RANGE over sta interface\n",
@@ -1361,8 +1366,13 @@ int qsap_set_channel_range(s8 *buf)
ret = ioctl(sock, WLAN_PRIV_SET_THREE_INT_GET_NONE, &wrq);
} else {
strncpy(wrq.ifr_name, pif, sizeof(wrq.ifr_name));
sscanf(temp, "%d %d %d", &(sap_chan_range.startchan),
ret = sscanf(temp, "%d %d %d", &(sap_chan_range.startchan),
&(sap_chan_range.endchan), &(sap_chan_range.band));
if (3 != ret) {
ALOGE("%s : sscanf is not successful\n", __func__);
close(sock);
goto error;
}
memcpy(wrq.u.name, (char *)(&sap_chan_range), sizeof(sap_chan_range));
ALOGE("%s :SAP is on,Send SET_CHANNEL_RANGE over softap interface\n",