wlan: Fix static analysis issues in HDD files
Fix static analysis issues reported in following HDD files:
- wlan_hdd_cfg80211.c
- wlan_hdd_hostapd.c
- wlan_hdd_softap_tx_rx.c
Change-Id: I40064336c475784242062f55510a21b7921d10a0
CRs-Fixed: 609606
diff --git a/CORE/HDD/inc/wlan_hdd_hostapd.h b/CORE/HDD/inc/wlan_hdd_hostapd.h
index 60ac14f..bb7ff09 100644
--- a/CORE/HDD/inc/wlan_hdd_hostapd.h
+++ b/CORE/HDD/inc/wlan_hdd_hostapd.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -67,6 +67,9 @@
Preprocessor definitions and constants
-------------------------------------------------------------------------*/
+/* max length of command string in hostapd ioctl */
+#define HOSTAPD_IOCTL_COMMAND_STRLEN_MAX 2048
+
hdd_adapter_t* hdd_wlan_create_ap_dev( hdd_context_t *pHddCtx, tSirMacAddr macAddr, tANI_U8 *name);
VOS_STATUS hdd_register_hostapd(hdd_adapter_t *pAdapter, tANI_U8 rtnl_held);
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 852cd8e..bdcc128 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -2735,7 +2735,7 @@
{
struct wireless_dev *wdev;
hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR( ndev );
- hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX( pAdapter );
+ hdd_context_t *pHddCtx;
hdd_adapter_t *pP2pAdapter = NULL;
tCsrRoamProfile *pRoamProfile = NULL;
eCsrRoamBssType LastBSSType;
@@ -2746,6 +2746,21 @@
ENTER();
+ if (!pAdapter)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: Adapter context is null", __func__);
+ return VOS_STATUS_E_FAILURE;
+ }
+
+ pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+ if (!pHddCtx)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is null", __func__);
+ return VOS_STATUS_E_FAILURE;
+ }
+
status = wlan_hdd_validate_context(pHddCtx);
if (0 != status)
@@ -2788,6 +2803,12 @@
)
{
hdd_wext_state_t *pWextState = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
+ if (!pWextState)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: pWextState is null", __func__);
+ return VOS_STATUS_E_FAILURE;
+ }
pRoamProfile = &pWextState->roamProfile;
LastBSSType = pRoamProfile->BSSType;
@@ -6320,14 +6341,28 @@
int status;
hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR( ndev );
VOS_STATUS exitbmpsStatus = VOS_STATUS_E_INVAL;
- hdd_context_t *pHddCtx = NULL;
+ hdd_context_t *pHddCtx;
ENTER();
+ if (!pAdapter)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: Adapter context is null", __func__);
+ return VOS_STATUS_E_FAILURE;
+ }
+
hddLog(VOS_TRACE_LEVEL_INFO,
"%s: device_mode = %d",__func__,pAdapter->device_mode);
pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+ if (!pHddCtx)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is null", __func__);
+ return VOS_STATUS_E_FAILURE;
+ }
+
status = wlan_hdd_validate_context(pHddCtx);
if (0 != status)
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index 1786856..a75c811 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -297,7 +297,7 @@
}
if (priv_data.total_len <= 0 ||
- priv_data.total_len == INT_MAX)
+ priv_data.total_len > HOSTAPD_IOCTL_COMMAND_STRLEN_MAX)
{
/* below we allocate one more byte for command buffer.
* To avoid addition overflow total_len should be
@@ -1344,13 +1344,37 @@
union iwreq_data *wrqu, char *extra)
{
hdd_adapter_t *pHostapdAdapter = (netdev_priv(dev));
- tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(pHostapdAdapter);
+ tHalHandle hHal;
int *value = (int *)extra;
int sub_cmd = value[0];
int set_value = value[1];
eHalStatus status;
int ret = 0; /* success */
- v_CONTEXT_t pVosContext = (WLAN_HDD_GET_CTX(pHostapdAdapter))->pvosContext;
+ v_CONTEXT_t pVosContext;
+
+ if (!pHostapdAdapter || !pHostapdAdapter->pHddCtx)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: either hostapd Adapter is null or HDD ctx is null",
+ __func__);
+ return -1;
+ }
+
+ hHal = WLAN_HDD_GET_HAL_CTX(pHostapdAdapter);
+ if (!hHal)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: Hal ctx is null", __func__);
+ return -1;
+ }
+
+ pVosContext = (WLAN_HDD_GET_CTX(pHostapdAdapter))->pvosContext;
+ if (!pVosContext)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: Vos ctx is null", __func__);
+ return -1;
+ }
switch(sub_cmd)
{
@@ -1845,6 +1869,7 @@
int len = wrqu->data.length;
pstatbuf = wrqu->data.pointer;
+ memset(&statBuffer, 0, sizeof(statBuffer));
WLANSAP_GetStatistics((WLAN_HDD_GET_CTX(pHostapdAdapter))->pvosContext,
&statBuffer, (v_BOOL_t)wrqu->data.flags);
diff --git a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
index baa7b26..e7c7032 100644
--- a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
+++ b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -921,7 +921,7 @@
//Return the skb to the OS
status = vos_pkt_get_os_packet( pVosPacket, &pOsPkt, VOS_TRUE );
- if(!VOS_IS_STATUS_SUCCESS( status ))
+ if ((!VOS_IS_STATUS_SUCCESS(status)) || (!pOsPkt))
{
//This is bad but still try to free the VOSS resources if we can
VOS_TRACE( VOS_MODULE_ID_HDD_SOFTAP, VOS_TRACE_LEVEL_ERROR,"%s: Failure extracting skb from vos pkt", __func__);