Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / utils / sigma-dut / 132c6d2b9998ef155e24aa58e26fc27b966e32c0^! / . / nan.c
commit132c6d2b9998ef155e24aa58e26fc27b966e32c0[log] [tgz]
authorKantesh Mundaragi <kanteshm@qca.qualcomm.com>Fri Oct 28 16:17:50 2016 -0700
committerJouni Malinen <jouni@qca.qualcomm.com>Mon Nov 14 19:14:37 2016 +0200
tree9a5caf840d0fa45b12fe1ecd5f982630487fab85
parent8ce2a23daa99b25f50af3460aa20abd2142c6575 [diff] [blame]
Fix potential NULL pointer dereference errors in multiple instances

Functions get_param() and wifi_get_iface_handle() can return a NULL
value. Fix potential NULL pointer dereferences by adding explicit NULL
check before assigning the return value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/nan.c b/nan.c
index a492aa0..312ade8 100644
--- a/nan.c
+++ b/nan.c

@@ -188,10 +188,9 @@
 				      struct sigma_cmd *cmd)
 {
 	const char *oper_chan = get_param(cmd, "oper_chan");
-	int channel = 0;
 
-	channel = atoi(oper_chan);
-	dut->sta_channel = channel;
+	if (oper_chan)
+		dut->sta_channel = atoi(oper_chan);
 
 	return 0;
 }
@@ -494,9 +493,11 @@
 		nan_hex_dump(dut, req.rx_match_filter, filter_len_rx);
 	}
 
-	strlcpy((char *) req.service_name, service_name,
-		strlen(service_name) + 1);
-	req.service_name_len = strlen(service_name);
+	if (service_name) {
+		strlcpy((char *) req.service_name, service_name,
+			strlen(service_name) + 1);
+		req.service_name_len = strlen(service_name);
+	}
 
 	nan_subscribe_request(0, global_interface_handle, &req);
 	return 0;
@@ -545,9 +546,12 @@
 	req.publish_type = NAN_PUBLISH_TYPE_UNSOLICITED;
 	req.tx_type = NAN_TX_TYPE_BROADCAST;
 	req.publish_count = 0;
-	strlcpy((char *) req.service_name, service_name,
-		strlen(service_name) + 1);
-	req.service_name_len = strlen(service_name);
+
+	if (service_name) {
+		strlcpy((char *) req.service_name, service_name,
+			strlen(service_name) + 1);
+		req.service_name_len = strlen(service_name);
+	}
 
 	if (publish_type) {
 		if (strcasecmp(publish_type, "Solicited") == 0) {
@@ -601,9 +605,12 @@
 		memcpy(req.rx_match_filter, input_rx, filter_len_rx);
 		nan_hex_dump(dut, req.rx_match_filter, filter_len_rx);
 	}
-	strlcpy((char *) req.service_name, service_name,
-		strlen(service_name) + 1);
-	req.service_name_len = strlen(service_name);
+
+	if (service_name) {
+		strlcpy((char *) req.service_name, service_name,
+			strlen(service_name) + 1);
+		req.service_name_len = strlen(service_name);
+	}
 
 	nan_publish_request(0, global_interface_handle, &req);
 
@@ -726,7 +733,9 @@
 	req.addr[5] = 0xFF;
 	req.priority = NAN_TX_PRIORITY_NORMAL;
 	req.dw_or_faw = 0;
-	req.service_specific_info_len = strlen(service_name);
+
+	if (service_name)
+		req.service_specific_info_len = strlen(service_name);
 
 	if (requestor_id) {
 		/* int requestor_id_val = atoi(requestor_id); */
@@ -1014,6 +1023,7 @@
 	.EventDisabled = nan_event_disabled,
 };
 
+
 void nan_init(struct sigma_dut *dut)
 {
 	pthread_t thread1;	/* thread variables */
@@ -1031,7 +1041,8 @@
 
 	pthread_mutex_init(&gMutex, NULL);
 	pthread_cond_init(&gCondition, NULL);
-	nan_register_handler(global_interface_handle, callbackHandler);
+	if (global_interface_handle)
+		nan_register_handler(global_interface_handle, callbackHandler);
 }
 
 
@@ -1183,6 +1194,9 @@
 {
 	const char *action = get_param(cmd, "Action");
 
+	if (!action)
+		return 0;
+
 	/* Check action for start, stop and get events. */
 	if (strcasecmp(action, "Start") == 0) {
 		memset(global_event_resp_buf, 0, sizeof(global_event_resp_buf));