diff options
| author | Etan Cohen <etancohen@google.com> | 2017-04-26 16:52:34 -0700 |
|---|---|---|
| committer | Etan Cohen <etancohen@google.com> | 2017-04-27 08:31:16 -0700 |
| commit | bbc0f097860295aedbb4c72dff9c273f702066f7 (patch) | |
| tree | f6664bf49a82b72c18836a157d700a3076939235 /wifi/1.0/default/hidl_struct_util.cpp | |
| parent | fd2259e756908383689214ef6c9cac282986a869 (diff) | |
[HIDL][AWARE] Check for and fix corrupted char[] from legacy HAL
Check that char[] from legacy HAL are:
- Null terminated
- ASCII (truncate up-to first non-ASCII)
Bug: 37704662
Test: integration (sl4a) tests passing (up-to other issues)
Change-Id: I84cf09923594b3a5c0dfa5267edd844fb375c595
Diffstat (limited to 'wifi/1.0/default/hidl_struct_util.cpp')
| -rw-r--r-- | wifi/1.0/default/hidl_struct_util.cpp | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/wifi/1.0/default/hidl_struct_util.cpp b/wifi/1.0/default/hidl_struct_util.cpp index 32206d8d5f..661cd785a1 100644 --- a/wifi/1.0/default/hidl_struct_util.cpp +++ b/wifi/1.0/default/hidl_struct_util.cpp @@ -26,6 +26,16 @@ namespace V1_0 { namespace implementation { namespace hidl_struct_util { +hidl_string safeConvertChar(const char* str, size_t max_len) { + const char* c = str; + size_t size = 0; + while (*c && (unsigned char)*c < 128 && size < max_len) { + ++size; + ++c; + } + return hidl_string(str, size); +} + IWifiChip::ChipCapabilityMask convertLegacyLoggerFeatureToHidlChipCapability( uint32_t feature) { using HidlChipCaps = IWifiChip::ChipCapabilityMask; @@ -134,7 +144,8 @@ bool convertLegacyDebugRingBufferStatusToHidl( return false; } *hidl_status = {}; - hidl_status->ringName = reinterpret_cast<const char*>(legacy_status.name); + hidl_status->ringName = safeConvertChar(reinterpret_cast<const char*>(legacy_status.name), + sizeof(legacy_status.name)); hidl_status->flags = 0; for (const auto flag : {WIFI_RING_BUFFER_FLAG_HAS_BINARY_ENTRIES, WIFI_RING_BUFFER_FLAG_HAS_ASCII_ENTRIES}) { @@ -449,7 +460,8 @@ bool convertLegacyGscanResultToHidl( hidl_scan_result->timeStampInUs = legacy_scan_result.ts; hidl_scan_result->ssid = std::vector<uint8_t>( legacy_scan_result.ssid, - legacy_scan_result.ssid + strlen(legacy_scan_result.ssid)); + legacy_scan_result.ssid + strnlen(legacy_scan_result.ssid, + sizeof(legacy_scan_result.ssid) - 1)); memcpy(hidl_scan_result->bssid.data(), legacy_scan_result.bssid, hidl_scan_result->bssid.size()); @@ -882,6 +894,12 @@ NanStatusType convertLegacyNanStatusTypeToHidl( CHECK(false); } +void convertToWifiNanStatus(legacy_hal::NanStatusType type, const char* str, size_t max_len, + WifiNanStatus* wifiNanStatus) { + wifiNanStatus->status = convertLegacyNanStatusTypeToHidl(type); + wifiNanStatus->description = safeConvertChar(str, max_len); +} + bool convertHidlNanEnableRequestToLegacy( const NanEnableRequest& hidl_request, legacy_hal::NanEnableRequest* legacy_request) { @@ -1539,8 +1557,8 @@ bool convertLegacyNanResponseHeaderToHidl( } *wifiNanStatus = {}; - wifiNanStatus->status = convertLegacyNanStatusTypeToHidl(legacy_response.status); - wifiNanStatus->description = legacy_response.nan_error; + convertToWifiNanStatus(legacy_response.status, legacy_response.nan_error, + sizeof(legacy_response.nan_error), wifiNanStatus); return true; } |