diff --git a/source/core/services/vap_svc_public.c b/source/core/services/vap_svc_public.c index c97e48c78..bf66cd152 100644 --- a/source/core/services/vap_svc_public.c +++ b/source/core/services/vap_svc_public.c @@ -109,7 +109,7 @@ void process_prefer_private_mac_filter(mac_address_t prefer_private_mac) memcpy(acl_entry->mac, new_mac, sizeof(mac_address_t)); to_mac_str(acl_entry->mac, new_mac_str); str_tolower(new_mac_str); - strcpy(acl_entry->device_name,""); + snprintf(acl_entry->device_name, sizeof(acl_entry->device_name), "%s", ""); acl_entry->reason = PREFER_PRIVATE_RFC_REJECT; acl_entry->expiry_time = 0; diff --git a/source/core/wifi_ctrl_queue_handlers.c b/source/core/wifi_ctrl_queue_handlers.c index ed38d63fc..ebb693a55 100644 --- a/source/core/wifi_ctrl_queue_handlers.c +++ b/source/core/wifi_ctrl_queue_handlers.c @@ -820,7 +820,7 @@ void process_xfinity_vaps(wifi_hotspot_action_t param, bool hs_evt) vap_svc_t *pub_svc = NULL; wifi_ctrl_t *ctrl; ctrl = (wifi_ctrl_t *)get_wifictrl_obj(); - wifi_vap_info_t *lnf_2g_vap = NULL, *lnf_6g_vap = NULL, *lnf_vap_info = NULL, hotspot_5g_vap_info = { 0 }; + wifi_vap_info_t *lnf_2g_vap = NULL, *lnf_6g_vap = NULL, *lnf_vap_info = NULL, *hotspot_5g_vap_info = NULL; wifi_platform_property_t *wifi_prop = (&(get_wifimgr_obj())->hal_cap.wifi_prop); uint8_t num_radios = getNumberRadios(); bool open_2g_enabled = false, open_5g_enabled = false, open_6g_enabled = false,sec_2g_enabled = false,sec_5g_enabled = false, sec_6g_enabled = false; @@ -830,10 +830,18 @@ void process_xfinity_vaps(wifi_hotspot_action_t param, bool hs_evt) bool hotspot_5g_found = false; + hotspot_5g_vap_info = (wifi_vap_info_t *)malloc(sizeof(wifi_vap_info_t)); + if (hotspot_5g_vap_info == NULL) { + wifi_util_error_print(WIFI_CTRL, "%s:%d Failed to allocate memory for hotspot_5g_vap_info\n", __func__, __LINE__); + return; + } + tmp_vap_map = (wifi_vap_info_map_t *)malloc(sizeof(wifi_vap_info_map_t)); if (tmp_vap_map == NULL) { wifi_util_error_print(WIFI_CTRL, "%s:%d Failed to allocate memory for tmp_vap_map\n", __func__, __LINE__); + free(hotspot_5g_vap_info); + hotspot_5g_vap_info = NULL; return; } @@ -899,7 +907,7 @@ void process_xfinity_vaps(wifi_hotspot_action_t param, bool hs_evt) if (isVapHotspotSecure5g(wifi_vap_map->vap_array[j].vap_index)) { - memcpy((unsigned char *)&hotspot_5g_vap_info, (unsigned char *)&tmp_vap_map->vap_array[0], sizeof(wifi_vap_info_t)); + memcpy((unsigned char *)hotspot_5g_vap_info, (unsigned char *)&tmp_vap_map->vap_array[0], sizeof(wifi_vap_info_t)); hotspot_5g_found = true; } if(pub_svc->update_fn(pub_svc,radio_indx, tmp_vap_map, rdk_vap_info) != RETURN_OK) { @@ -918,6 +926,8 @@ void process_xfinity_vaps(wifi_hotspot_action_t param, bool hs_evt) wifi_util_info_print(WIFI_CTRL, "%s:%d lnf_vap_info is NULL for radio index = %d\n", __func__,__LINE__,radio_indx); free(tmp_vap_map); tmp_vap_map = NULL; + free(hotspot_5g_vap_info); + hotspot_5g_vap_info = NULL; return; } if (!strstr(lnf_vap_info->vap_name, NAME_FREQUENCY_2_4_G) && !strstr(lnf_vap_info->vap_name, NAME_FREQUENCY_6_G) && should_process_hotspot_config_change(lnf_vap_info, &tmp_vap_map->vap_array[0])) { @@ -925,6 +935,8 @@ void process_xfinity_vaps(wifi_hotspot_action_t param, bool hs_evt) wifi_util_error_print(WIFI_CTRL, "%s:%d Unable to update LnF VAP RADIUS config from Hotspot 5G\n", __func__,__LINE__); free(tmp_vap_map); tmp_vap_map = NULL; + free(hotspot_5g_vap_info); + hotspot_5g_vap_info = NULL; return; } wifi_util_info_print(WIFI_CTRL,"%s:%d LnF VAP %s config changed as per %s event\n",__func__,__LINE__,lnf_vap_info->vap_name, wifi_hotspot_action_to_string(param)); @@ -945,18 +957,22 @@ void process_xfinity_vaps(wifi_hotspot_action_t param, bool hs_evt) if (!lnf_2g_vap) { wifi_util_error_print(WIFI_CTRL,"%s:%d LnF 2.4GHz VAP is NULL\n", __func__,__LINE__); - } else if (hotspot_5g_found && should_process_hotspot_config_change(lnf_2g_vap, &hotspot_5g_vap_info)) { + } else if (hotspot_5g_found && should_process_hotspot_config_change(lnf_2g_vap, hotspot_5g_vap_info)) { if (update_vap_params_to_hal_and_db(lnf_2g_vap, lnf_2g_vap->u.bss_info.enabled) == -1) { wifi_util_error_print(WIFI_CTRL, "%s:%d Unable to update LnF 2G vaps\n", __func__,__LINE__); } wifi_util_info_print(WIFI_CTRL,"%s:%d LnF VAP %s RADIUS config updated from Hotspot 5G\n",__func__,__LINE__,lnf_2g_vap->vap_name); } - if (hotspot_5g_found && lnf_6g_vap && should_process_hotspot_config_change(lnf_6g_vap, &hotspot_5g_vap_info)) { + if (hotspot_5g_found && lnf_6g_vap && should_process_hotspot_config_change(lnf_6g_vap, hotspot_5g_vap_info)) { if (update_vap_params_to_hal_and_db(lnf_6g_vap, lnf_6g_vap->u.bss_info.enabled) == -1){ wifi_util_error_print(WIFI_CTRL, "%s:%d Unable to update LnF 6g vaps\n", __func__,__LINE__); } wifi_util_info_print(WIFI_CTRL,"%s:%d LnF VAP %s RADIUS config updated from Hotspot 5G\n",__func__,__LINE__,lnf_6g_vap->vap_name); } + if (hotspot_5g_vap_info) { + free(hotspot_5g_vap_info); + hotspot_5g_vap_info = NULL; + } } void convert_freq_to_channel(unsigned int freq, unsigned char *channel) @@ -1844,14 +1860,20 @@ void update_lm_wifi_sync_host_AssociatedDevice_DM_refs(unsigned int vap_index, L void process_wifi_host_sync() { wifi_util_dbg_print(WIFI_CTRL, "%s:%d Inside \n", __func__, __LINE__); - LM_wifi_hosts_t hosts; + LM_wifi_hosts_t *hosts = NULL; wifi_mgr_t *p_wifi_mgr = get_wifimgr_obj(); mac_addr_str_t mac_str; unsigned int itr, count; rdk_wifi_vap_info_t *rdk_vap_info = NULL; assoc_dev_data_t *assoc_dev_data = NULL; - memset(&hosts, 0, sizeof(LM_wifi_hosts_t)); + hosts = (LM_wifi_hosts_t *)malloc(sizeof(LM_wifi_hosts_t)); + if (hosts == NULL) { + wifi_util_error_print(WIFI_CTRL, "%s:%d Memory Allocation failed for hosts.\n", __func__, __LINE__); + return; + } + + memset(hosts, 0, sizeof(LM_wifi_hosts_t)); for (itr=0; itr= LM_MAX_HOSTS_NUM) { + pthread_mutex_lock(rdk_vap_info->associated_devices_lock); + if (hosts->count >= LM_MAX_HOSTS_NUM) { wifi_util_info_print(WIFI_CTRL, "%s:%d has reached LM_MAX_HOSTS_NUM\n", __func__, __LINE__); + pthread_mutex_unlock(rdk_vap_info->associated_devices_lock); break; } count = 0; - pthread_mutex_lock(rdk_vap_info->associated_devices_lock); if (rdk_vap_info->associated_devices_map != NULL) { assoc_dev_data = hash_map_get_first(rdk_vap_info->associated_devices_map); while (assoc_dev_data != NULL) { - if (assoc_dev_data->dev_stats.cli_MLDEnable == false || - (assoc_dev_data->dev_stats.cli_MLDEnable == true && assoc_dev_data->association_link == true)) { - update_lm_wifi_host_SSID_DM_ref(&hosts.host[hosts.count], assoc_dev_data, rdk_vap_info->vap_index); + if ((assoc_dev_data->dev_stats.cli_MLDEnable == false || + (assoc_dev_data->dev_stats.cli_MLDEnable == true && assoc_dev_data->association_link == true)) && hosts->count < LM_MAX_HOSTS_NUM) { + update_lm_wifi_host_SSID_DM_ref(&hosts->host[hosts->count], assoc_dev_data, rdk_vap_info->vap_index); to_mac_str(assoc_dev_data->dev_stats.cli_MACAddress, mac_str); str_tolower(mac_str); - snprintf((char *)hosts.host[hosts.count].phyAddr, sizeof(hosts.host[hosts.count].phyAddr), "%s", mac_str); - update_lm_wifi_sync_host_AssociatedDevice_DM_refs(rdk_vap_info->vap_index, &hosts.host[hosts.count], assoc_dev_data); + snprintf((char *)hosts->host[hosts->count].phyAddr, sizeof(hosts->host[hosts->count].phyAddr), "%s", mac_str); + update_lm_wifi_sync_host_AssociatedDevice_DM_refs(rdk_vap_info->vap_index, &hosts->host[hosts->count], assoc_dev_data); if (assoc_dev_data->dev_stats.cli_Active) { - hosts.host[hosts.count].Status = TRUE; + hosts->host[hosts->count].Status = TRUE; } else { - hosts.host[hosts.count].Status = FALSE; + hosts->host[hosts->count].Status = FALSE; } - update_lm_wifi_host_RSSI(&hosts.host[hosts.count], assoc_dev_data); - hosts.host[hosts.count].mld_sta = assoc_dev_data->dev_stats.cli_MLDEnable; - (hosts.count)++; + update_lm_wifi_host_RSSI(&hosts->host[hosts->count], assoc_dev_data); + hosts->host[hosts->count].mld_sta = assoc_dev_data->dev_stats.cli_MLDEnable; + (hosts->count)++; } count++; assoc_dev_data = hash_map_get_next(rdk_vap_info->associated_devices_map, assoc_dev_data); @@ -1901,10 +1924,12 @@ void process_wifi_host_sync() pthread_mutex_unlock(rdk_vap_info->associated_devices_lock); } } - if (notify_LM_Lite(&p_wifi_mgr->ctrl, &hosts, false) != RETURN_OK) { + if (notify_LM_Lite(&p_wifi_mgr->ctrl, hosts, false) != RETURN_OK) { wifi_util_error_print(WIFI_CTRL,"%s:%d Unable to send notification to LMLite", __func__, __LINE__); } + free(hosts); + hosts = NULL; } void lm_notify_disassoc(assoc_dev_data_t *assoc_dev_data, unsigned int vap_index) diff --git a/source/stats/wifi_monitor.c b/source/stats/wifi_monitor.c index 939dc0ffb..12879fcaa 100644 --- a/source/stats/wifi_monitor.c +++ b/source/stats/wifi_monitor.c @@ -2638,22 +2638,29 @@ unsigned short csum(unsigned short *ptr,int nbytes) return(answer); } -int frame_icmpv4_ping(char *buffer, char *dest_ip, char *source_ip) +static int frame_icmpv4_ping(char *buffer, size_t buffer_len, char *dest_ip, char *source_ip) { char *data; int buffer_size; - //ip header - struct iphdr *ip = (struct iphdr *) buffer; static int pingCount = 1; - //ICMP header - struct icmphdr *icmp = (struct icmphdr *) (buffer + sizeof (struct iphdr)); + if(buffer == NULL || dest_ip == NULL || source_ip == NULL) { wifi_util_error_print(WIFI_MON, "%s: Null arguments %p %p %p\n",__func__, buffer, dest_ip, source_ip); return 0; } - data = buffer + sizeof(struct iphdr) + sizeof(struct icmphdr); - strcpy(data , "stats ping"); - buffer_size = sizeof (struct iphdr) + sizeof (struct icmphdr) + strlen(data); + + size_t header_size = sizeof(struct iphdr) + sizeof(struct icmphdr); + if ( buffer_len <= header_size) { + return 0; + } + //ip header + struct iphdr *ip = (struct iphdr *) buffer; + //ICMP header + struct icmphdr *icmp = (struct icmphdr *) (buffer + sizeof (struct iphdr)); + + data = buffer + header_size; + snprintf(data , buffer_len - header_size, "stats ping"); + buffer_size = header_size + strlen(data); //ICMP_HEADER // @@ -2679,10 +2686,22 @@ int frame_icmpv4_ping(char *buffer, char *dest_ip, char *source_ip) return buffer_size; } -int frame_icmpv6_ping(char *buffer, char *dest_ip, char *source_ip) +static int frame_icmpv6_ping(char *buffer, size_t buffer_len, char *dest_ip, char *source_ip) { char *data; int buffer_size; + + if(buffer == NULL || dest_ip == NULL || source_ip == NULL) { + wifi_util_error_print(WIFI_MON, "%s: Null arguments %p %p %p\n",__func__, buffer, dest_ip, source_ip); + return 0; + } + + size_t header_size = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr); + + if ( buffer_len <= header_size) { + return 0; + } + struct ip6_hdr* ip = (struct ip6_hdr*) buffer; struct icmp6_hdr* icmp = (struct icmp6_hdr*)(buffer + sizeof(struct ip6_hdr)); @@ -2698,9 +2717,9 @@ int frame_icmpv6_ping(char *buffer, char *dest_ip, char *source_ip) char sample[1024] = {0}; struct ip6_pseu* pseu = (struct ip6_pseu*)sample; - data = (char *)(buffer + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)); - strcpy(data, "stats ping"); - buffer_size = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + strlen(data); + data = (char *)(buffer + header_size); + snprintf(data, buffer_len - header_size, "stats ping"); + buffer_size = header_size + strlen(data); icmp->icmp6_type = ICMP6_ECHO_REQUEST; icmp->icmp6_code = 0; @@ -2802,7 +2821,7 @@ static void send_ping_data(int ap_idx, unsigned char *mac, char *client_ip, char } //build a layer 3 packet , tcp ping if(af_family) { - frame_len = frame_icmpv4_ping(buffer, (char *)&cli_ip_str, (char *)&src_ip_str); + frame_len = frame_icmpv4_ping(buffer, sizeof(buffer), cli_ip_str, src_ip_str); //send buffer if(frame_len) { #if (defined (_XB7_PRODUCT_REQ_) && !defined (_COSA_BCM_ARM_)) @@ -2824,7 +2843,7 @@ static void send_ping_data(int ap_idx, unsigned char *mac, char *client_ip, char #endif } } else { - frame_len = frame_icmpv6_ping(buffer, (char *)&cli_ip_str, (char *)&src_ip_str); + frame_len = frame_icmpv6_ping(buffer, sizeof(buffer), cli_ip_str, src_ip_str); //send buffer if(frame_len) { #if (defined (_XB7_PRODUCT_REQ_) && !defined (_COSA_BCM_ARM_))