Fix potential NULL pointer dereference errors in multiple instances
Functions get_param() and wifi_get_iface_handle() can return a NULL
value. Fix potential NULL pointer dereferences by adding explicit NULL
check before assigning the return value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
diff --git a/nan.c b/nan.c
index a492aa0..312ade8 100644
--- a/nan.c
+++ b/nan.c
@@ -188,10 +188,9 @@
struct sigma_cmd *cmd)
{
const char *oper_chan = get_param(cmd, "oper_chan");
- int channel = 0;
- channel = atoi(oper_chan);
- dut->sta_channel = channel;
+ if (oper_chan)
+ dut->sta_channel = atoi(oper_chan);
return 0;
}
@@ -494,9 +493,11 @@
nan_hex_dump(dut, req.rx_match_filter, filter_len_rx);
}
- strlcpy((char *) req.service_name, service_name,
- strlen(service_name) + 1);
- req.service_name_len = strlen(service_name);
+ if (service_name) {
+ strlcpy((char *) req.service_name, service_name,
+ strlen(service_name) + 1);
+ req.service_name_len = strlen(service_name);
+ }
nan_subscribe_request(0, global_interface_handle, &req);
return 0;
@@ -545,9 +546,12 @@
req.publish_type = NAN_PUBLISH_TYPE_UNSOLICITED;
req.tx_type = NAN_TX_TYPE_BROADCAST;
req.publish_count = 0;
- strlcpy((char *) req.service_name, service_name,
- strlen(service_name) + 1);
- req.service_name_len = strlen(service_name);
+
+ if (service_name) {
+ strlcpy((char *) req.service_name, service_name,
+ strlen(service_name) + 1);
+ req.service_name_len = strlen(service_name);
+ }
if (publish_type) {
if (strcasecmp(publish_type, "Solicited") == 0) {
@@ -601,9 +605,12 @@
memcpy(req.rx_match_filter, input_rx, filter_len_rx);
nan_hex_dump(dut, req.rx_match_filter, filter_len_rx);
}
- strlcpy((char *) req.service_name, service_name,
- strlen(service_name) + 1);
- req.service_name_len = strlen(service_name);
+
+ if (service_name) {
+ strlcpy((char *) req.service_name, service_name,
+ strlen(service_name) + 1);
+ req.service_name_len = strlen(service_name);
+ }
nan_publish_request(0, global_interface_handle, &req);
@@ -726,7 +733,9 @@
req.addr[5] = 0xFF;
req.priority = NAN_TX_PRIORITY_NORMAL;
req.dw_or_faw = 0;
- req.service_specific_info_len = strlen(service_name);
+
+ if (service_name)
+ req.service_specific_info_len = strlen(service_name);
if (requestor_id) {
/* int requestor_id_val = atoi(requestor_id); */
@@ -1014,6 +1023,7 @@
.EventDisabled = nan_event_disabled,
};
+
void nan_init(struct sigma_dut *dut)
{
pthread_t thread1; /* thread variables */
@@ -1031,7 +1041,8 @@
pthread_mutex_init(&gMutex, NULL);
pthread_cond_init(&gCondition, NULL);
- nan_register_handler(global_interface_handle, callbackHandler);
+ if (global_interface_handle)
+ nan_register_handler(global_interface_handle, callbackHandler);
}
@@ -1183,6 +1194,9 @@
{
const char *action = get_param(cmd, "Action");
+ if (!action)
+ return 0;
+
/* Check action for start, stop and get events. */
if (strcasecmp(action, "Start") == 0) {
memset(global_event_resp_buf, 0, sizeof(global_event_resp_buf));