tequilaOS/platform_system_qcom
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

softap: sscanf sanity check for SoftAP service

Browse source 
The sscanf return value is verified whether the three channel
variables, i.e. start channel, end channel and channel band,
are properly updated. If malformed input is given to sscanf, then
these variables may not properly updated. To provide validation
of input,  verifying that sscanf returned a correct value of 3.

Change-Id: Ibd185e7a0ffcf5803927990531fc33f0e8977cc9
CRs-fixed: 554349
This commit is contained in:
Shake M Subhani 2013-11-06 17:39:46 +05:30
parent 31088846f0
commit ff6440b26f
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
softap/sdk/qsap_api.c
View file

@ -1352,8 +1352,13 @@ int qsap_set_channel_range(s8 *buf)
if (ENABLE != is_softap_enabled()) {
strncpy(wrq.ifr_name, "wlan0", sizeof(wrq.ifr_name));
sta_chan_range.subioctl = WE_SET_SAP_CHANNELS;
sscanf(temp, "%d %d %d", &(sta_chan_range.stastartchan),
ret = sscanf(temp, "%d %d %d", &(sta_chan_range.stastartchan),
&(sta_chan_range.staendchan), &(sta_chan_range.staband));
if (3 != ret) {
ALOGE("%s : sscanf is not successful\n", __func__);
close(sock);
goto error;
}
memcpy(wrq.u.name, (char *)(&sta_chan_range), sizeof(sta_chan_range));
ALOGE("%s :Softap is off,Send SET_CHANNEL_RANGE over sta interface\n",
@ -1361,8 +1366,13 @@ int qsap_set_channel_range(s8 *buf)
ret = ioctl(sock, WLAN_PRIV_SET_THREE_INT_GET_NONE, &wrq);
} else {
strncpy(wrq.ifr_name, pif, sizeof(wrq.ifr_name));
sscanf(temp, "%d %d %d", &(sap_chan_range.startchan),
ret = sscanf(temp, "%d %d %d", &(sap_chan_range.startchan),
&(sap_chan_range.endchan), &(sap_chan_range.band));
if (3 != ret) {
ALOGE("%s : sscanf is not successful\n", __func__);
close(sock);
goto error;
}
memcpy(wrq.u.name, (char *)(&sap_chan_range), sizeof(sap_chan_range));
ALOGE("%s :SAP is on,Send SET_CHANNEL_RANGE over softap interface\n",