summaryrefslogtreecommitdiffstats
path: root/ss.c
diff options
context:
space:
mode:
authorPaul Kocialkowski <contact@paulk.fr>2013-03-31 22:16:03 +0200
committerPaul Kocialkowski <contact@paulk.fr>2013-03-31 22:16:03 +0200
commitfa8710bd7790c41f67be6ca0713b398289e42fea (patch)
treed2b7cac212da4abd5bcf33964dbd41191e4b11f0 /ss.c
parent63e6cbe7f02c8746d3a8954db41206a6cfca39b2 (diff)
downloadhardware_ril_samsung-ril-fa8710bd7790c41f67be6ca0713b398289e42fea.zip
hardware_ril_samsung-ril-fa8710bd7790c41f67be6ca0713b398289e42fea.tar.gz
hardware_ril_samsung-ril-fa8710bd7790c41f67be6ca0713b398289e42fea.tar.bz2
ss: Refactor code, check for NULL pointers and prevent memory leaks
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Diffstat (limited to 'ss.c')
-rw-r--r--ss.c30
1 files changed, 26 insertions, 4 deletions
diff --git a/ss.c b/ss.c
index c0534cb..404dd37 100644
--- a/ss.c
+++ b/ss.c
@@ -26,9 +26,11 @@
void ipc_ss_ussd_complete(struct ipc_message_info *info)
{
- struct ipc_gen_phone_res *phone_res = (struct ipc_gen_phone_res *) info->data;
+ struct ipc_gen_phone_res *phone_res;
int rc;
+ phone_res = (struct ipc_gen_phone_res *) info->data;
+
rc = ipc_gen_phone_res_check(phone_res);
if (rc < 0) {
LOGE("There was an error, aborting USSD request");
@@ -42,7 +44,7 @@ void ipc_ss_ussd_complete(struct ipc_message_info *info)
ril_request_complete(ril_request_get_token(info->aseq), RIL_E_SUCCESS, NULL, 0);
}
-void ril_request_send_ussd(RIL_Token t, void *data, size_t datalen)
+void ril_request_send_ussd(RIL_Token t, void *data, size_t length)
{
char *data_enc = NULL;
int data_enc_len = 0;
@@ -52,6 +54,9 @@ void ril_request_send_ussd(RIL_Token t, void *data, size_t datalen)
int message_size = 0xc0;
+ if (data == NULL || length < (int) sizeof(char *))
+ goto error;
+
switch(ril_data.state.ussd_state) {
case 0:
case IPC_SS_USSD_NO_ACTION_REQUIRE:
@@ -61,7 +66,7 @@ void ril_request_send_ussd(RIL_Token t, void *data, size_t datalen)
case IPC_SS_USSD_TIME_OUT:
LOGD("USSD Tx encoding is GSM7");
- data_enc_len = ascii2gsm7(data, (unsigned char**)&data_enc, datalen);
+ data_enc_len = ascii2gsm7(data, (unsigned char**)&data_enc, length);
if (data_enc_len > message_size) {
LOGE("USSD message size is too long, aborting");
ril_request_complete(t, RIL_E_GENERIC_FAILURE, NULL, 0);
@@ -125,9 +130,14 @@ void ril_request_send_ussd(RIL_Token t, void *data, size_t datalen)
ipc_ss_ussd_complete);
ipc_fmt_send(IPC_SS_USSD, IPC_TYPE_EXEC, (void *) message, message_size, ril_request_get_id(t));
+
+ return;
+
+error:
+ ril_request_complete(t, RIL_E_GENERIC_FAILURE, NULL, 0);
}
-void ril_request_cancel_ussd(RIL_Token t, void *data, size_t datalen)
+void ril_request_cancel_ussd(RIL_Token t, void *data, size_t length)
{
struct ipc_ss_ussd ussd;
@@ -143,6 +153,9 @@ void ril_request_cancel_ussd(RIL_Token t, void *data, size_t datalen)
void ipc2ril_ussd_state(struct ipc_ss_ussd *ussd, char *message[2])
{
+ if (ussd == NULL || message == NULL)
+ return;
+
switch(ussd->state) {
case IPC_SS_USSD_NO_ACTION_REQUIRE:
asprintf(&message[0], "%d", 0);
@@ -176,6 +189,9 @@ void ipc_ss_ussd(struct ipc_message_info *info)
struct ipc_ss_ussd *ussd = NULL;
unsigned char state;
+ if (info == NULL || info->data == NULL || info->length < sizeof(struct ipc_ss_ussd))
+ goto error;
+
memset(message, 0, sizeof(message));
ussd = (struct ipc_ss_ussd *) info->data;
@@ -222,4 +238,10 @@ void ipc_ss_ussd(struct ipc_message_info *info)
}
ril_request_unsolicited(RIL_UNSOL_ON_USSD, message, sizeof(message));
+
+ return;
+
+error:
+ if (info != NULL)
+ ril_request_complete(ril_request_get_token(info->aseq), RIL_E_GENERIC_FAILURE, NULL, 0);
}