diff options
author | saerome.kim <saerome.kim@samsung.com> | 2019-08-13 14:43:58 +0900 |
---|---|---|
committer | saerome.kim <saerome.kim@samsung.com> | 2019-08-13 15:12:36 +0900 |
commit | ac4d3aaa06f9c20610fd3513d788a00743488a2e (patch) | |
tree | 5654758463aa154265018dba5a976e1d38a6c5e1 /src | |
parent | cd3fbf809f30c4d786f42b600804b22c9fbdb420 (diff) | |
download | ua-plugin-wifi-dummy-ac4d3aaa06f9c20610fd3513d788a00743488a2e.tar.gz ua-plugin-wifi-dummy-ac4d3aaa06f9c20610fd3513d788a00743488a2e.tar.bz2 ua-plugin-wifi-dummy-ac4d3aaa06f9c20610fd3513d788a00743488a2e.zip |
1. Changed API names.
2. Fixed security vulnerability issues.
Change-Id: I273dfed976b300cd125a1174857c466423e730bb
Signed-off-by: saerome.kim <saerome.kim@samsung.com>
Diffstat (limited to 'src')
-rwxr-xr-x[-rw-r--r--] | src/wifi-networkmanager.c | 80 | ||||
-rwxr-xr-x[-rw-r--r--] | src/wifi-plugin.c | 10 | ||||
-rwxr-xr-x[-rw-r--r--] | src/wifi-scan.c | 40 | ||||
-rwxr-xr-x[-rw-r--r--] | src/wifi-util.c | 6 |
4 files changed, 82 insertions, 54 deletions
diff --git a/src/wifi-networkmanager.c b/src/wifi-networkmanager.c index 14ced49..9add2be 100644..100755 --- a/src/wifi-networkmanager.c +++ b/src/wifi-networkmanager.c @@ -20,32 +20,17 @@ #include <string.h> #include <glib.h> +#include <wifi-plugin.h> #include <wifi-networkmanager.h> -typedef enum { - NM_NETWORK_TYPE_UNKNOWN, /**< Netwrok type unknown */ - NM_NETWORK_TYPE_DISCONNECTED, /**< Netwrok type disconnected */ - NM_NETWORK_TYPE_ETHERNET, /**< Netwrok type ethernet */ - NM_NETWORK_TYPE_WIFI /**< Netwrok type Wi-Fi */ -} nm_network_type; - -typedef struct { - char ip_addr[MAX_SIZE_BUFFER]; /**< IP address of the network interface */ - char hw_type[MAX_SIZE_BUFFER]; /**< HW type for the network interface */ - char flags[MAX_SIZE_BUFFER]; /**< Network interface flag */ - char hw_addr[MAX_SIZE_BUFFER]; /**< MAC address of the network interface */ - char mask[MAX_SIZE_BUFFER]; /**< Submnet mask of the network interface */ - char device[MAX_SIZE_BUFFER]; /**< Name of the network interface */ -} nm_linux_arp_entry; - #define NETCONN_LOCAL_MAC "00:00:00:00:00:00" /**< So called, link local MAC address */ #define PROC_ARP_PATH "/proc/net/arp" /**< ARP table in linux */ connection_h h_conn = NULL; +nm_network_type network_type = NM_NETWORK_TYPE_UNKNOWN; connection_profile_iterator_h profile_iter = NULL; -nm_network_type network_type = NM_NETWORK_TYPE_UNKNOWN; -static char connected_bssid[MAX_SIZE_BUFFER]; +static char connected_bssid[MAX_SIZE_BUFFER + 1]; bool __nm_init() { @@ -93,7 +78,7 @@ void __nm_deinit() } -bool __nm_get_interface_name(char** iface_name) +bool __nm_get_interface_name(char **iface_name) { FUNC_ENTER; bool ret = true; @@ -195,11 +180,11 @@ void __nm_destroy_profile_iterator() FUNC_EXIT; } -bool __nm_get_gateway_address(char* gateway) +bool __nm_get_gateway_address(char *gateway) { FUNC_ENTER; int ret = -1; - char* gateway_local = NULL; + char *gateway_local = NULL; connection_profile_h profile; __nm_get_connection_profile_handler(&profile); @@ -209,15 +194,15 @@ bool __nm_get_gateway_address(char* gateway) CONNECTION_ADDRESS_FAMILY_IPV4, &gateway_local); if (ret == CONNECTION_ERROR_NONE) { - g_strlcpy(gateway, gateway_local, 16); + g_strlcpy(gateway, gateway_local, IP_ADDRESS_STRING_SIZE); free(gateway_local); } else { UA_WIFI_ERR("get gateway failed"); - strncpy(gateway, "0.0.0.0", 7); + g_strlcpy(gateway, "0.0.0.0", IP_ADDRESS_STRING_SIZE); } } else { UA_WIFI_ERR("Failed to get profile handle !!!"); - strncpy(gateway, "0.0.0.0", 7); + g_strlcpy(gateway, "0.0.0.0", IP_ADDRESS_STRING_SIZE); } UA_WIFI_INFO("gateway is [%s]", gateway); @@ -225,7 +210,7 @@ bool __nm_get_gateway_address(char* gateway) return true; } -void __nm_get_linux_arp_table(char* ip_addr, char* mac_addr) +void __nm_get_linux_arp_table(char *ip_addr, char *mac_addr) { FUNC_ENTER; @@ -233,6 +218,9 @@ void __nm_get_linux_arp_table(char* ip_addr, char* mac_addr) char data[1024]; int matches; + ret_if(NULL == ip_addr); + ret_if(NULL == mac_addr); + fp = fopen(PROC_ARP_PATH, "r"); if (!fp) { @@ -256,7 +244,21 @@ void __nm_get_linux_arp_table(char* ip_addr, char* mac_addr) if ((matches == 6) && !strcmp(ip_addr, entry.ip_addr)) { UA_WIFI_INFO("IP[%s] found in ARP table", ip_addr); - memcpy(mac_addr, entry.hw_addr, strlen(entry.hw_addr)+1); + /* + * It is gurranteed that mac_addr is same to entry.hw_addr + * For instance, + * char macaddr[MAX_SIZE_BUFFER]; + * typedef struct { + * char ip_addr[MAX_SIZE_BUFFER]; + * char hw_type[MAX_SIZE_BUFFER]; + * char flags[MAX_SIZE_BUFFER]; + * char hw_addr[MAX_SIZE_BUFFER]; + * char mask[MAX_SIZE_BUFFER]; + * char device[MAX_SIZE_BUFFER]; + * } nm_linux_arp_entry; + */ + g_strlcpy(mac_addr, entry.hw_addr, MAX_SIZE_BUFFER); + mac_addr[strlen(entry.hw_addr)] = '\0'; fclose(fp); FUNC_EXIT; return; @@ -274,7 +276,17 @@ void __nm_get_ips_mac(char *ip_addr, char *mac_addr) FUNC_ENTER; UA_WIFI_INFO("IP address of GetIPsMAC: %s", ip_addr); - memcpy(mac_addr, NETCONN_LOCAL_MAC, strlen(NETCONN_LOCAL_MAC)+1); + + ret_if(NULL == ip_addr); + ret_if(NULL == mac_addr); + + /* + * It is gurranteed that mac_addr is greater than NETCONN_LOCAL_MAC + * For instance, + * char macaddr[MAX_SIZE_BUFFER]; + * #define NETCONN_LOCAL_MAC "00:00:00:00:00:00" + */ + g_strlcpy(mac_addr, NETCONN_LOCAL_MAC, sizeof(NETCONN_LOCAL_MAC)); /*! local IP has a wildcard MAC address, for now at least */ if (!strcmp(ip_addr, "127.0.0.1")) @@ -312,10 +324,10 @@ void __nm_update_network_type(bool isConnect) if (isConnect) { UA_WIFI_INFO("update network status %s", isConnect ? "CONNECT" : "DISCONNECT"); - char gateway[16]; - char macaddr[128]; + char gateway[IP_ADDRESS_STRING_SIZE]; + char macaddr[MAX_SIZE_BUFFER]; - memset(gateway, 0, 16); + memset(gateway, 0, IP_ADDRESS_STRING_SIZE); if (__nm_get_gateway_address(gateway) == true) UA_WIFI_INFO("currently gateway address : %s", gateway); @@ -325,8 +337,8 @@ void __nm_update_network_type(bool isConnect) UA_WIFI_INFO("IPv4 mac address of the resource: %s", macaddr); - strncpy(connected_bssid, macaddr, strlen(macaddr)); - connected_bssid[strlen(macaddr) + 1] = '\0'; + g_strlcpy(connected_bssid, macaddr, MAX_SIZE_BUFFER); + connected_bssid[strlen(connected_bssid)] = '\0'; } else { UA_WIFI_INFO("update network status %s", isConnect ? "CONNECT" : "DISCONNECT"); memset(connected_bssid, 0, sizeof(connected_bssid)); @@ -335,7 +347,7 @@ void __nm_update_network_type(bool isConnect) FUNC_EXIT; } -bool __nm_get_mac_address(char** mac_addr) +bool __nm_get_mac_address(char **mac_addr) { FUNC_ENTER; connection_type_e conn_type; @@ -382,7 +394,7 @@ char* __nm_get_ip_address(void) return NULL; } - //UA_WIFI_DBG("Connected AP's IP : %s", ip_addr); +// UA_WIFI_DBG("Connected AP's IP : %s", ip_addr); return ip_addr; } diff --git a/src/wifi-plugin.c b/src/wifi-plugin.c index 7d0c09c..50ce667 100644..100755 --- a/src/wifi-plugin.c +++ b/src/wifi-plugin.c @@ -127,12 +127,12 @@ int __check_mobilelist(void) for (l = dev_list; NULL != l; l = g_slist_next(l)) { uas_wifi_info_t *wifi_info = l->data; - if (wifi_info->mobile_flag != detect_count) + if (wifi_info->device_flag != detect_count) continue; if (WIFI_PRESENCE_STATUS_ABSENCE == wifi_info->presence) { UA_WIFI_INFO("Detect this mobild id %s start presence request MAC %s", - wifi_info->mobile_id, wifi_info->mac_addr); + wifi_info->device_id, wifi_info->mac_addr); if (initial_bursts == true) { if (UAS_STATUS_SUCCESS != __init_ip_mac_count()) { UA_WIFI_ERR("ARP Init fail"); @@ -195,7 +195,7 @@ void __check_device_found(char* sbuf, char* ip_sbuf) uas_wifi_info_t *wifi_info = l->data; uas_device_info_t *dev_info = NULL; - if (wifi_info->mobile_flag == detect_count) { + if (wifi_info->device_flag == detect_count) { wifi_info->presence = WIFI_PRESENCE_STATUS_PRESENCE; g_strlcpy(wifi_info->mac_addr, sbuf, MAC_ADDRESS_STRING_SIZE); @@ -388,7 +388,7 @@ static int set_registered_devices(int num_devices, uas_device_info_t *devices) } else dev_count++; - wifi_info->mobile_flag = dev_count; + wifi_info->device_flag = dev_count; dev_list = g_slist_prepend(dev_list, wifi_info); } @@ -426,7 +426,7 @@ static int remove_device(uas_device_info_t *device) for (l = dev_list; NULL != l; l = g_slist_next(l)) { uas_wifi_info_t *wifi_info = l->data; - if (!strcasecmp(wifi_info->mobile_id, device->device_id)) { + if (!strcasecmp(wifi_info->device_id, device->device_id)) { dev_list = g_slist_remove(dev_list, wifi_info); free(wifi_info); return UAS_STATUS_SUCCESS; diff --git a/src/wifi-scan.c b/src/wifi-scan.c index 714737b..22cedbc 100644..100755 --- a/src/wifi-scan.c +++ b/src/wifi-scan.c @@ -43,9 +43,8 @@ static int __arp_packet_make(const char *mac) return UAS_STATUS_FAIL; } - strncpy(arp_data->arp_source_mac, source_mac_address, strlen(source_mac_address)); - arp_data->arp_source_mac[strlen(source_mac_address) + 1] = '\0'; - + memcpy(arp_data->arp_source_mac, source_mac_address, MAX_SIZE_BUFFER-1); + arp_data->arp_source_mac[MAX_SIZE_BUFFER-1]=0x00; source_mac = ether_aton(source_mac_address); if (source_mac == NULL) { @@ -58,8 +57,8 @@ static int __arp_packet_make(const char *mac) source_mac_address, ether_ntoa(source_mac)); memset(&arp_data->arp, 0, sizeof(arp_data->arp)); - memcpy(arp_data->arp.h_source, source_mac, sizeof(arp_data->arp)); - memcpy(arp_data->arp.s_hwaddr, source_mac, sizeof(arp_data->arp)); + memcpy(arp_data->arp.h_source, source_mac, MAC_ADD_LENGTH); + memcpy(arp_data->arp.s_hwaddr, source_mac, MAC_ADD_LENGTH); dest_mac = ether_aton(mac); @@ -167,6 +166,8 @@ gboolean __arp_packet_receive(GIOChannel *source, GIOCondition condition, uint32_t target_ip = 0; memset(&arp_recv, 0, sizeof(arp_recv)); + /* The size of arp_message is fixed length and defined Ethernet specification + Therefore we will use sizeof() instead of null-terminiated buffer */ memcpy(&arp_recv, buffer, sizeof(arp_recv)); target_ip = inet_addr(arp_data->arp_source_ip); @@ -282,6 +283,7 @@ static int __init_arp(const char *mac) char error_buf[MAX_SIZE_ERROR_BUFFER]; char *iface_name = NULL; int val = 1; + int if_name_len ; struct ether_addr *dest_mac = NULL; dest_mac = ether_aton(mac); @@ -321,10 +323,11 @@ static int __init_arp(const char *mac) } UA_WIFI_INFO("Network interface %s", iface_name); + if_name_len = strlen(iface_name); - if (strlen(iface_name) < sizeof(net_ifr.ifr_name)) { - strncpy(net_ifr.ifr_name, iface_name, strlen(iface_name)); - net_ifr.ifr_name[strlen(iface_name)] = 0; + if (if_name_len < sizeof(net_ifr.ifr_name)) { + memcpy(net_ifr.ifr_name, iface_name, if_name_len); + net_ifr.ifr_name[if_name_len] = 0; } else { UA_WIFI_ERR("Error : Interface name is too long"); free(iface_name); @@ -348,6 +351,8 @@ static int __init_arp(const char *mac) arp_data->addr.sll_ifindex = net_ifr.ifr_ifindex; arp_data->addr.sll_halen = ETHER_ADDR_LEN; arp_data->addr.sll_protocol = htons(ETH_P_ARP); + /* sll_addr is not a null-terminated buffer, it is defined in linux header files + * therefore, it is impossible to addd NULL character to tail */ memcpy(arp_data->addr.sll_addr, dest_mac, sizeof(arp_data->addr.sll_addr)); arp_data->arp_sock_io = g_io_channel_unix_new(arp_data->arp_id); @@ -394,14 +399,19 @@ gboolean __send_arp_ip_packet_timeout(gpointer user_data) memset(arp_target_ip, '\0', MAX_SIZE_BUFFER); source_ip = inet_addr(__nm_get_ip_address()); + /* s_IPaddr is not a null-terminated buffer, it is defined in linux header files + * therefore, it is impossible to addd NULL character to tail */ memcpy(arp_data->arp.s_IPaddr, &source_ip, sizeof(arp_data->arp.s_IPaddr)); // source IP address - //snprintf(ip_buff, 16, "%d.%d.%d.%d",arp.s_IPaddr[0],arp.s_IPaddr[1],arp.s_IPaddr[2],pArping->arp_send_ip_addr); + /* + snprintf(ip_buff, IP_ADDRESS_STRING_SIZE, "%d.%d.%d.%d", + arp.s_IPaddr[0],arp.s_IPaddr[1],arp.s_IPaddr[2],pArping->arp_send_ip_addr); + */ target_ip = inet_addr(arp_data->arp_source_ip); memcpy(arp_data->arp.t_IPaddr, &target_ip, sizeof(arp_data->arp.t_IPaddr)); // target IP address - memcpy(arp_target_ip, arp_data->arp_source_ip , strlen(arp_data->arp_source_ip)); + g_strlcpy(arp_target_ip, arp_data->arp_source_ip, MAX_SIZE_BUFFER); UA_WIFI_INFO("arp_target_ip = %s ", arp_target_ip); @@ -427,15 +437,21 @@ gboolean __send_arp_unimul_packet_timeout(gpointer user_data) memset(error_buf, '\0', MAX_SIZE_ERROR_BUFFER); memset(ip_buff, '\0', IP_ADDRESS_STRING_SIZE); + /* s_IPaddr is not a null-terminated buffer, it is defined in linux header files + * therefore, it is impossible to addd NULL character to tail */ source_ip = inet_addr(__nm_get_ip_address()); memcpy(arp_data->arp.s_IPaddr, &source_ip, sizeof(arp_data->arp.s_IPaddr)); // source IP address + snprintf(ip_buff, sizeof(ip_buff), "%d.%d.%d.%d", arp_data->arp.s_IPaddr[0], arp_data->arp.s_IPaddr[1], arp_data->arp.s_IPaddr[2], arp_data->arp_send_ip_addr); target_ip = inet_addr(ip_buff); - memcpy(arp_target_ip, ip_buff, strlen(ip_buff)); + g_strlcpy(arp_target_ip, ip_buff, MAX_SIZE_BUFFER); + + /* t_IPaddr is not a null-terminated buffer, it is defined in linux header files + * therefore, it is impossible to addd NULL character to tail */ memcpy(arp_data->arp.t_IPaddr, &target_ip, sizeof(arp_data->arp.s_IPaddr)); // target IP address @@ -497,7 +513,7 @@ static int __arp_make_send(const char *ip, const char *mac) return ret; } - memcpy(arp_data->arp_target_mac, mac, strlen(mac)); + g_strlcpy(arp_data->arp_target_mac, mac, MAX_SIZE_BUFFER); UA_WIFI_INFO("Request mac address %s IP address %s", mac, ip); __send_arp_uni_mode(ip); diff --git a/src/wifi-util.c b/src/wifi-util.c index 6244df2..d9e9e1a 100644..100755 --- a/src/wifi-util.c +++ b/src/wifi-util.c @@ -40,7 +40,7 @@ uas_wifi_info_t *_wifi_plugin_util_get_wifi_info_from_dev_info( wifi_info->discriminant = dev_info->discriminant; wifi_info->supported_techs = dev_info->supported_techs; - g_strlcpy(wifi_info->mobile_id, dev_info->device_id, UAS_DEVICE_ID_MAX_LEN); + g_strlcpy(wifi_info->device_id, dev_info->device_id, UAS_DEVICE_ID_MAX_LEN); for (i = 0; i < dev_info->num_addr; i++) { if (UAS_ADDR_TYPE_WIFI == dev_info->addr_list[i].type) { @@ -64,7 +64,7 @@ uas_wifi_info_t *_wifi_plugin_util_get_wifi_info_from_dev_info( UA_WIFI_DBG("User Id: [0x%X], OS: [0x%X], Device Id: [%s], " \ "MAC Addr: [%s], IP Addr: [%s] discriminant: [%d]", - wifi_info->user_id, wifi_info->os, wifi_info->mobile_id, + wifi_info->user_id, wifi_info->os, wifi_info->device_id, wifi_info->mac_addr, wifi_info->ip_addr, wifi_info->discriminant); FUNC_EXIT; @@ -86,7 +86,7 @@ uas_device_info_t *_wifi_plugin_util_get_dev_info_from_wifi_info( dev_info->os = wifi_info->os; dev_info->discriminant = wifi_info->discriminant; dev_info->supported_techs = wifi_info->supported_techs; - dev_info->device_id = g_strdup(wifi_info->mobile_id); + dev_info->device_id = g_strdup(wifi_info->device_id); if (strlen(wifi_info->mac_addr) != 0) { count++; |