From 80064989b2da2f73bd32b30d1b289a0d3ad32afe Mon Sep 17 00:00:00 2001 From: Abhishek Srivastava Date: Thu, 3 Aug 2017 19:05:17 +0530 Subject: [PATCH 1/3] qsap: Allow empty wpa_passphrase With this commit, wpa_passphrase should follow below condition: 1. empty string (len = 0) 2. string with length >= 8 && length <= 64 Change-Id: I029ac7cc2b32b564b4e3d6b747cc584ba59e5fde --- softap/sdk/qsap_api.c | 2 +- softap/sdk/qsap_api.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) mode change 100755 => 100644 softap/sdk/qsap_api.c mode change 100755 => 100644 softap/sdk/qsap_api.h diff --git a/softap/sdk/qsap_api.c b/softap/sdk/qsap_api.c old mode 100755 new mode 100644 index 8b18c78..1a78194 --- a/softap/sdk/qsap_api.c +++ b/softap/sdk/qsap_api.c @@ -2544,7 +2544,7 @@ static void qsap_handle_set_request(s8 *pcmd, s8 *presp, u32 *plen) pVal = pcmd + strlen(cmd_list[cNum].name); if( (cNum != eCMD_COMMIT) && (cNum != eCMD_RESET_TO_DEFAULT) && - ((*pVal != '=') || (strlen(pVal) < 2)) ) { + ((*pVal != '=') || (((eCMD_PASSPHRASE != cNum)) && (strlen(pVal) < 2)))) { *plen = qsap_scnprintf(presp, *plen, "%s", ERR_INVALID_ARG); return; } diff --git a/softap/sdk/qsap_api.h b/softap/sdk/qsap_api.h old mode 100755 new mode 100644 index 0c5bf53..2d25de7 --- a/softap/sdk/qsap_api.h +++ b/softap/sdk/qsap_api.h @@ -509,7 +509,7 @@ typedef struct sap_auto_channel_info { #define IS_VALID_BSSID(x) (((value == ENABLE) || (value == DISABLE)) ? TRUE: FALSE) /** Validate the length of the passphrase */ -#define IS_VALID_PASSPHRASE_LEN(x) (((x >= PASSPHRASE_MIN) && (x <= PASSPHRASE_MAX)) ? TRUE: FALSE) +#define IS_VALID_PASSPHRASE_LEN(x) ((((x >= PASSPHRASE_MIN) && (x <= PASSPHRASE_MAX)) || (x == 0)) ? TRUE: FALSE) /** Validate the beacon interval */ #define IS_VALID_BEACON(x) (((x >= BCN_INTERVAL_MIN) && (x <= BCN_INTERVAL_MAX)) ? TRUE: FALSE) From a7f0080a40da49d945d64cb39a5771d5b52037db Mon Sep 17 00:00:00 2001 From: Srinivas Dasari Date: Sun, 27 Aug 2017 21:54:10 +0530 Subject: [PATCH 2/3] qsap: Initialize setCmd to avoid uninitialized memory access setCmd variable is used to prepare the command with the arguments received. This can be initialized to the string "str" to avoid possible uninitialized memory access. Change-Id: I60cb4de5b01560e4bb079ed92e6c3bde6cfbf9c7 CRs-Fixed: 2098740 --- softap/sdk/qsap_api.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/softap/sdk/qsap_api.c b/softap/sdk/qsap_api.c index 1a78194..5a29389 100644 --- a/softap/sdk/qsap_api.c +++ b/softap/sdk/qsap_api.c @@ -3157,7 +3157,7 @@ int qsapsetSoftap(int argc, char *argv[]) int i; int hidden = 0; int sec = SEC_MODE_NONE; - char setCmd[SET_BUF_LEN]; + char setCmd[SET_BUF_LEN] = "set"; int offset = 0; ALOGD("%s, %s, %s, %d\n", __FUNCTION__, argv[0], argv[1], argc); @@ -3167,16 +3167,10 @@ int qsapsetSoftap(int argc, char *argv[]) } // check if 2nd arg is dual2g/dual5g - if (argc > 2) { - // just match 'dual' - if (strncmp(argv[2], Conf_req[CONF_2g], 4) == 0) { + if (argc > 2 && (strncmp(argv[2], Conf_req[CONF_2g], 4) == 0)) { snprintf(setCmd, SET_BUF_LEN, "set %s", argv[2]); offset = 1; argc--; - } else { - snprintf(setCmd, SET_BUF_LEN, "set"); - offset = 0; - } } /* set interface */ From 4d42a1d2810a3866e7ff41fc1f62894d2225e381 Mon Sep 17 00:00:00 2001 From: Peng Xu Date: Tue, 19 Sep 2017 11:04:49 -0700 Subject: [PATCH 3/3] softap: Fix KW issue for array index out of bounds Check the length of the buffer before using it calculate the index of the data in the buffer to prevent index becoming a negative value. Change-Id: I3dc440dac2e4a5437e2ff70c39577876a3a97123 CRs-fixed: 2111307 --- softap/sdk/qsap_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/softap/sdk/qsap_api.c b/softap/sdk/qsap_api.c index 5a29389..061c501 100644 --- a/softap/sdk/qsap_api.c +++ b/softap/sdk/qsap_api.c @@ -260,6 +260,9 @@ static s32 qsap_read_cfg(s8 *pfile, struct Command * pcmd, s8 *presp, u32 *plen, while(NULL != fgets(buf, MAX_CONF_LINE_LEN, fcfg)) { s8 *pline = buf; + if (strlen(buf) == 0) + continue; + /** Skip the commented lines */ if(buf[0] == '#') { if (ignore_comment) {