diff --git a/source/stats/wifi_monitor.c b/source/stats/wifi_monitor.c index 50a7d30b4..5ac2323a2 100644 --- a/source/stats/wifi_monitor.c +++ b/source/stats/wifi_monitor.c @@ -258,6 +258,9 @@ int get_vlan_from_vap_index(unsigned int vap_index, int *out_vlan) BOOL IsWiFiApStatsEnable(UINT uvAPIndex) { + if (uvAPIndex >= WIFI_INDEX_MAX) { + return FALSE; + } return ((sWiFiDmlApStatsEnableCfg[uvAPIndex]) ? TRUE : FALSE); } @@ -1299,7 +1302,7 @@ BOOL client_fast_redeauth(unsigned int apIndex, char *mac) static char* macbytes_to_string(mac_address_t mac, unsigned char* string) { - sprintf((char *)string, "%02x:%02x:%02x:%02x:%02x:%02x", + snprintf((char *)string, 18, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0] & 0xff, mac[1] & 0xff, mac[2] & 0xff, @@ -1361,7 +1364,7 @@ static void radio_stats_flag_changed(unsigned int radio_index, client_stats_enable_t *flag) { wifi_mgr_t *mgr = get_wifimgr_obj(); - for(UINT apIndex = 0; apIndex <= getTotalNumberVAPs(); apIndex++) + for(UINT apIndex = 0; apIndex < getTotalNumberVAPs(); apIndex++) { UINT vap_index = VAP_INDEX(mgr->hal_cap, apIndex); UINT radio = RADIO_INDEX(mgr->hal_cap, apIndex); @@ -2693,7 +2696,7 @@ int csi_getClientIpAddress(char *mac, char *ip, char *interface, int check) struct rtattr * table[NDA_MAX+1]; int fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); char if_name[IFNAMSIZ] = {'\0'}; - unsigned char tmp_mac[17]; + unsigned char tmp_mac[18]; unsigned char af_family; if(mac == NULL || ip == NULL || interface == NULL) { diff --git a/source/stats/wifi_stats_neighbor_report.c b/source/stats/wifi_stats_neighbor_report.c index 21fe53bbe..9e913a006 100644 --- a/source/stats/wifi_stats_neighbor_report.c +++ b/source/stats/wifi_stats_neighbor_report.c @@ -37,7 +37,7 @@ int validate_neighbor_ap_args(wifi_mon_stats_args_t *args) return RETURN_ERR; } - if (args->radio_index > getNumberRadios()) { + if (args->radio_index >= getNumberRadios()) { wifi_util_error_print(WIFI_MON, "%s:%d invalid radio index : %d\n",__func__,__LINE__, args->radio_index); return RETURN_ERR; } diff --git a/source/stats/wifi_stats_radio_channel.c b/source/stats/wifi_stats_radio_channel.c index ffd33f426..76c58fd63 100644 --- a/source/stats/wifi_stats_radio_channel.c +++ b/source/stats/wifi_stats_radio_channel.c @@ -42,7 +42,7 @@ int validate_radio_channel_args(wifi_mon_stats_args_t *args) return RETURN_ERR; } - if (args->radio_index > getNumberRadios()) { + if (args->radio_index >= getNumberRadios()) { wifi_util_error_print(WIFI_MON, "%s:%d invalid radio index : %d\n",__func__,__LINE__, args->radio_index); return RETURN_ERR; } diff --git a/source/stats/wifi_stats_radio_diagnostics.c b/source/stats/wifi_stats_radio_diagnostics.c index fbc912a31..161874f31 100644 --- a/source/stats/wifi_stats_radio_diagnostics.c +++ b/source/stats/wifi_stats_radio_diagnostics.c @@ -37,7 +37,7 @@ int validate_radio_diagnostic_args(wifi_mon_stats_args_t *args) return RETURN_ERR; } - if (args->radio_index > getNumberRadios()) { + if (args->radio_index >= getNumberRadios()) { wifi_util_error_print(WIFI_MON, "%s:%d invalid radio index : %d\n",__func__,__LINE__, args->radio_index); return RETURN_ERR; } diff --git a/source/stats/wifi_stats_radio_temperature.c b/source/stats/wifi_stats_radio_temperature.c index f510e09c8..e00f02c06 100644 --- a/source/stats/wifi_stats_radio_temperature.c +++ b/source/stats/wifi_stats_radio_temperature.c @@ -36,7 +36,7 @@ int validate_radio_temperature_args(wifi_mon_stats_args_t *args) return RETURN_ERR; } - if (args->radio_index > getNumberRadios()) { + if (args->radio_index >= getNumberRadios()) { wifi_util_error_print(WIFI_MON, "%s:%d invalid radio index : %d\n",__func__,__LINE__, args->radio_index); return RETURN_ERR; } diff --git a/source/webconfig/wifi_decoder.c b/source/webconfig/wifi_decoder.c index 534e592f4..9b583cf96 100644 --- a/source/webconfig/wifi_decoder.c +++ b/source/webconfig/wifi_decoder.c @@ -989,13 +989,14 @@ webconfig_error_t decode_radius_object(const cJSON *radius, wifi_radius_settings const cJSON *param; decode_param_allow_empty_string(radius, "RadiusServerIPAddr", param); - if (strlen(param->valuestring) == 0) { + const char *radius_ip_val = param->valuestring; + if (strlen(radius_ip_val) == 0) { wifi_util_dbg_print(WIFI_WEBCONFIG,"%s:%d: RadiusServerIPAddr is NULL\n", __func__, __LINE__); - strcpy(param->valuestring,"0.0.0.0"); + radius_ip_val = "0.0.0.0"; } - if (decode_ipv4_address(param->valuestring) == webconfig_error_none || decode_ipv6_address(param->valuestring) == webconfig_error_none) { + if (decode_ipv4_address((char *)radius_ip_val) == webconfig_error_none || decode_ipv6_address((char *)radius_ip_val) == webconfig_error_none) { #ifndef WIFI_HAL_VERSION_3_PHASE2 - strncpy((char *)radius_info->ip,param->valuestring,sizeof(radius_info->ip)-1); + strncpy((char *)radius_info->ip,radius_ip_val,sizeof(radius_info->ip)-1); } else { wifi_util_error_print(WIFI_WEBCONFIG,"%s:%d: Validation failed for RadiusServerIPAddr\n", __func__, __LINE__); @@ -1004,9 +1005,9 @@ webconfig_error_t decode_radius_object(const cJSON *radius, wifi_radius_settings } #else /* check the INET family and update the radius ip address */ - if(inet_pton(AF_INET, param->valuestring, &(radius_info->ip.u.IPv4addr)) > 0) { + if(inet_pton(AF_INET, radius_ip_val, &(radius_info->ip.u.IPv4addr)) > 0) { radius_info->ip.family = wifi_ip_family_ipv4; - } else if(inet_pton(AF_INET6, param->valuestring, &(radius_info->ip.u.IPv6addr)) > 0) { + } else if(inet_pton(AF_INET6, radius_ip_val, &(radius_info->ip.u.IPv6addr)) > 0) { radius_info->ip.family = wifi_ip_family_ipv6; } else { return webconfig_error_decode; @@ -1019,13 +1020,14 @@ webconfig_error_t decode_radius_object(const cJSON *radius, wifi_radius_settings snprintf(radius_info->key, sizeof(radius_info->key), "%s", param->valuestring); decode_param_allow_empty_string(radius, "SecondaryRadiusServerIPAddr", param); - if (strlen(param->valuestring) == 0) { + const char *secondary_ip_val = param->valuestring; + if (strlen(secondary_ip_val) == 0) { wifi_util_dbg_print(WIFI_WEBCONFIG,"%s:%d: SecondaryRadiusServerIPAddr is NULL\n", __func__, __LINE__); - strcpy(param->valuestring,"0.0.0.0"); + secondary_ip_val = "0.0.0.0"; } - if (decode_ipv4_address(param->valuestring) == webconfig_error_none || decode_ipv6_address(param->valuestring) == webconfig_error_none) { + if (decode_ipv4_address((char *)secondary_ip_val) == webconfig_error_none || decode_ipv6_address((char *)secondary_ip_val) == webconfig_error_none) { #ifndef WIFI_HAL_VERSION_3_PHASE2 - strncpy((char *)radius_info->s_ip,param->valuestring,sizeof(radius_info->s_ip)-1); + strncpy((char *)radius_info->s_ip,secondary_ip_val,sizeof(radius_info->s_ip)-1); } else { wifi_util_error_print(WIFI_WEBCONFIG,"%s:%d: Validation failed for SecondaryRadiusServerIPAddr\n", __func__, __LINE__); @@ -1034,9 +1036,9 @@ webconfig_error_t decode_radius_object(const cJSON *radius, wifi_radius_settings } #else /* check the INET family and update the radius ip address */ - if (inet_pton(AF_INET, param->valuestring, &(radius_info->s_ip.u.IPv4addr)) > 0) { + if (inet_pton(AF_INET, secondary_ip_val, &(radius_info->s_ip.u.IPv4addr)) > 0) { radius_info->s_ip.family = wifi_ip_family_ipv4; - } else if(inet_pton(AF_INET6, param->valuestring, &(radius_info->s_ip.u.IPv6addr)) > 0) { + } else if(inet_pton(AF_INET6, secondary_ip_val, &(radius_info->s_ip.u.IPv6addr)) > 0) { radius_info->s_ip.family = wifi_ip_family_ipv6; } else { return webconfig_error_decode; @@ -1049,13 +1051,14 @@ webconfig_error_t decode_radius_object(const cJSON *radius, wifi_radius_settings snprintf(radius_info->s_key, sizeof(radius_info->s_key), "%s", param->valuestring); decode_param_allow_empty_string(radius, "DasServerIPAddr", param); - if (strlen(param->valuestring) == 0) { + const char *das_ip_val = param->valuestring; + if (strlen(das_ip_val) == 0) { wifi_util_dbg_print(WIFI_WEBCONFIG,"%s:%d: DasServerIPAddr is NULL\n", __func__, __LINE__); - strcpy(param->valuestring,"0.0.0.0"); + das_ip_val = "0.0.0.0"; } - if (inet_pton(AF_INET, param->valuestring, &(radius_info->dasip.u.IPv4addr)) > 0) { + if (inet_pton(AF_INET, das_ip_val, &(radius_info->dasip.u.IPv4addr)) > 0) { radius_info->dasip.family = wifi_ip_family_ipv4; - } else if (inet_pton(AF_INET6, param->valuestring, &(radius_info->dasip.u.IPv6addr)) > 0) { + } else if (inet_pton(AF_INET6, das_ip_val, &(radius_info->dasip.u.IPv6addr)) > 0) { radius_info->dasip.family = wifi_ip_family_ipv6; } else { wifi_util_error_print(WIFI_WEBCONFIG,"%s:%d: Validation failed for DasServerIPAddr\n", __func__, __LINE__); @@ -2909,6 +2912,9 @@ void decode_acs_keep_out_json(const char *json_string, unsigned int num_of_radio if (convert_freq_band_to_radio_index(freq_band, &radioIndex) != RETURN_OK) { continue; } + if (radioIndex < 0 || (unsigned int)radioIndex >= num_of_radios) { + continue; + } radio_oper = &data->u.decoded.radios[radioIndex].oper; if (!radio_oper) { wifi_util_error_print(WIFI_CTRL, @@ -3383,16 +3389,16 @@ webconfig_error_t decode_device_info(const cJSON *device_cfg, wifi_platform_prop const cJSON *param; decode_param_string(device_cfg, "Manufacturer", param); - strcpy(info->manufacturer, param->valuestring); + snprintf(info->manufacturer, sizeof(info->manufacturer), "%s", param->valuestring); decode_param_string(device_cfg, "Model", param); - strcpy(info->manufacturerModel, param->valuestring); + snprintf(info->manufacturerModel, sizeof(info->manufacturerModel), "%s", param->valuestring); decode_param_string(device_cfg, "SerialNo", param); - strcpy(info->serialNo, param->valuestring); + snprintf(info->serialNo, sizeof(info->serialNo), "%s", param->valuestring); decode_param_string(device_cfg, "Software_version", param); - strcpy(info->software_version, param->valuestring); + snprintf(info->software_version, sizeof(info->software_version), "%s", param->valuestring); decode_param_string(device_cfg, "CMMAC", param); str_to_mac_bytes(param->valuestring,info->cm_mac); @@ -4597,7 +4603,7 @@ webconfig_error_t decode_harvester_object(const cJSON *obj, instant_measurement_ decode_param_bool(obj, "Enabled", param); harvester->b_inst_client_enabled = (param->type & cJSON_True) ? true:false; decode_param_string(obj, "MacAddress", param); - strcpy(harvester->mac_address, param->valuestring); + snprintf(harvester->mac_address, sizeof(harvester->mac_address), "%s", param->valuestring); decode_param_integer(obj, "ReportingPeriod", param); harvester->u_inst_client_reporting_period = param->valuedouble; decode_param_integer(obj, "DefReportingPeriod", param); diff --git a/source/webconfig/wifi_encoder.c b/source/webconfig/wifi_encoder.c index 37f53bca5..20c73780d 100644 --- a/source/webconfig/wifi_encoder.c +++ b/source/webconfig/wifi_encoder.c @@ -37,6 +37,30 @@ #define TCM_WEIGH "0.6" #define TCMTHRESHOLD "0.18" + +/* + * Safely add a bounded char[] field to a cJSON object. + * Prevents strlen overflow on potentially unterminated char arrays + * by copying to a local buffer with guaranteed null termination. + */ +static void cJSON_AddSafeStringToObject(cJSON *object, const char *name, + const void *field, size_t field_size) +{ + char safe_buf[512]; + size_t len = (field_size < sizeof(safe_buf)) ? field_size : sizeof(safe_buf) - 1; + memcpy(safe_buf, field, len); + safe_buf[len] = '\0'; + cJSON_AddStringToObject(object, name, safe_buf); +} + +/* + * Safely check if a char[] field is empty, using bounded length check + * to prevent strlen overflow on unterminated char arrays. + */ +static inline size_t safe_strlen(const void *field, size_t field_size) +{ + return strnlen((const char *)field, field_size); +} webconfig_error_t encode_radio_setup_object(const rdk_wifi_vap_map_t *vap_map, cJSON *radio_object) { cJSON *obj_array, *obj; @@ -223,9 +247,11 @@ webconfig_error_t encode_radio_object(const rdk_wifi_radio_t *radio, cJSON *radi // ChannelAvailability memset(chan_buf,0,sizeof(chan_buf)); i=0; - while (radio_info->channel_map[i].ch_number != 0) + while (radio_info->channel_map[i].ch_number != 0 && index < sizeof(buf) - 1) { - index+=sprintf(&buf[index],"%d:%d,", radio_info->channel_map[i].ch_number, radio_info->channel_map[i].ch_state); + int written = snprintf(&buf[index], sizeof(buf) - index, "%d:%d,", radio_info->channel_map[i].ch_number, radio_info->channel_map[i].ch_state); + if (written < 0 || (unsigned int)written >= sizeof(buf) - index) break; + index += written; i++; } if (strlen(buf) > 0) { @@ -518,34 +544,34 @@ webconfig_error_t encode_vap_common_object(const wifi_vap_info_t *vap_info, webconfig_error_t encode_postassoc_object(const wifi_postassoc_control_t *postassoc_info, cJSON *postassoc) { // RssiUpThreshold - if(strlen((char *)postassoc_info->rssi_up_threshold) == 0) { + if(safe_strlen(postassoc_info->rssi_up_threshold, sizeof(postassoc_info->rssi_up_threshold)) == 0) { cJSON_AddStringToObject(postassoc, "RssiUpThreshold", "disabled"); } else { - cJSON_AddStringToObject(postassoc, "RssiUpThreshold", postassoc_info->rssi_up_threshold); + cJSON_AddSafeStringToObject(postassoc, "RssiUpThreshold", postassoc_info->rssi_up_threshold, sizeof(postassoc_info->rssi_up_threshold)); } // SamplingInterval - if(strlen((char *)postassoc_info->sampling_interval) == 0) { + if(safe_strlen(postassoc_info->sampling_interval, sizeof(postassoc_info->sampling_interval)) == 0) { cJSON_AddStringToObject(postassoc, "SamplingInterval", "7"); } else { - cJSON_AddStringToObject(postassoc, "SamplingInterval", postassoc_info->sampling_interval); + cJSON_AddSafeStringToObject(postassoc, "SamplingInterval", postassoc_info->sampling_interval, sizeof(postassoc_info->sampling_interval)); } // SnrThreshold - if(strlen((char *)postassoc_info->snr_threshold) == 0) { + if(safe_strlen(postassoc_info->snr_threshold, sizeof(postassoc_info->snr_threshold)) == 0) { cJSON_AddStringToObject(postassoc, "SnrThreshold", "disabled"); } else { - cJSON_AddStringToObject(postassoc, "SnrThreshold", postassoc_info->snr_threshold); + cJSON_AddSafeStringToObject(postassoc, "SnrThreshold", postassoc_info->snr_threshold, sizeof(postassoc_info->snr_threshold)); } // SamplingCount - if(strlen((char *)postassoc_info->sampling_count) == 0) { + if(safe_strlen(postassoc_info->sampling_count, sizeof(postassoc_info->sampling_count)) == 0) { cJSON_AddStringToObject(postassoc, "SamplingCount", "3"); } else { - cJSON_AddStringToObject(postassoc, "SamplingCount", postassoc_info->sampling_count); + cJSON_AddSafeStringToObject(postassoc, "SamplingCount", postassoc_info->sampling_count, sizeof(postassoc_info->sampling_count)); } //CuThreshold - if(strlen((char *)postassoc_info->cu_threshold) == 0) { + if(safe_strlen(postassoc_info->cu_threshold, sizeof(postassoc_info->cu_threshold)) == 0) { cJSON_AddStringToObject(postassoc, "CuThreshold", "disabled"); } else { - cJSON_AddStringToObject(postassoc, "CuThreshold", postassoc_info->cu_threshold); + cJSON_AddSafeStringToObject(postassoc, "CuThreshold", postassoc_info->cu_threshold, sizeof(postassoc_info->cu_threshold)); } wifi_util_dbg_print(WIFI_PASSPOINT,"%s:%d: Encoding postassoc settings passed\n", __func__, __LINE__); @@ -556,52 +582,52 @@ webconfig_error_t encode_postassoc_object(const wifi_postassoc_control_t *postas webconfig_error_t encode_preassoc_object(const wifi_preassoc_control_t *preassoc_info, cJSON *preassoc) { // RssiUpThreshold - if(strlen((char *)preassoc_info->rssi_up_threshold) == 0) { + if(safe_strlen(preassoc_info->rssi_up_threshold, sizeof(preassoc_info->rssi_up_threshold)) == 0) { cJSON_AddStringToObject(preassoc, "RssiUpThreshold", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "RssiUpThreshold", preassoc_info->rssi_up_threshold); + cJSON_AddSafeStringToObject(preassoc, "RssiUpThreshold", preassoc_info->rssi_up_threshold, sizeof(preassoc_info->rssi_up_threshold)); } // SnrThreshold - if(strlen((char *)preassoc_info->snr_threshold) == 0) { + if(safe_strlen(preassoc_info->snr_threshold, sizeof(preassoc_info->snr_threshold)) == 0) { cJSON_AddStringToObject(preassoc, "SnrThreshold", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "SnrThreshold", preassoc_info->snr_threshold); + cJSON_AddSafeStringToObject(preassoc, "SnrThreshold", preassoc_info->snr_threshold, sizeof(preassoc_info->snr_threshold)); } // CuThreshold - if(strlen((char *)preassoc_info->cu_threshold) == 0) { + if(safe_strlen(preassoc_info->cu_threshold, sizeof(preassoc_info->cu_threshold)) == 0) { cJSON_AddStringToObject(preassoc, "CuThreshold", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "CuThreshold", preassoc_info->cu_threshold); + cJSON_AddSafeStringToObject(preassoc, "CuThreshold", preassoc_info->cu_threshold, sizeof(preassoc_info->cu_threshold)); } // basic_data_transmit_rate - if(strlen((char *)preassoc_info->basic_data_transmit_rates) == 0) { + if(safe_strlen(preassoc_info->basic_data_transmit_rates, sizeof(preassoc_info->basic_data_transmit_rates)) == 0) { cJSON_AddStringToObject(preassoc, "BasicDataTransmitRates", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "BasicDataTransmitRates", preassoc_info->basic_data_transmit_rates); + cJSON_AddSafeStringToObject(preassoc, "BasicDataTransmitRates", preassoc_info->basic_data_transmit_rates, sizeof(preassoc_info->basic_data_transmit_rates)); } // operational_data_transmit_rate - if(strlen((char *)preassoc_info->operational_data_transmit_rates) == 0) { + if(safe_strlen(preassoc_info->operational_data_transmit_rates, sizeof(preassoc_info->operational_data_transmit_rates)) == 0) { cJSON_AddStringToObject(preassoc, "OperationalDataTransmitRates", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "OperationalDataTransmitRates", preassoc_info->operational_data_transmit_rates); + cJSON_AddSafeStringToObject(preassoc, "OperationalDataTransmitRates", preassoc_info->operational_data_transmit_rates, sizeof(preassoc_info->operational_data_transmit_rates)); } // supported_data_transmit_rate - if(strlen((char *)preassoc_info->supported_data_transmit_rates) == 0) { + if(safe_strlen(preassoc_info->supported_data_transmit_rates, sizeof(preassoc_info->supported_data_transmit_rates)) == 0) { cJSON_AddStringToObject(preassoc, "SupportedDataTransmitRates", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "SupportedDataTransmitRates", preassoc_info->supported_data_transmit_rates); + cJSON_AddSafeStringToObject(preassoc, "SupportedDataTransmitRates", preassoc_info->supported_data_transmit_rates, sizeof(preassoc_info->supported_data_transmit_rates)); } // minimum_advertised_mcs - if(strlen((char *)preassoc_info->minimum_advertised_mcs) == 0) { + if(safe_strlen(preassoc_info->minimum_advertised_mcs, sizeof(preassoc_info->minimum_advertised_mcs)) == 0) { cJSON_AddStringToObject(preassoc, "MinimumAdvertisedMCS", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "MinimumAdvertisedMCS", preassoc_info->minimum_advertised_mcs); + cJSON_AddSafeStringToObject(preassoc, "MinimumAdvertisedMCS", preassoc_info->minimum_advertised_mcs, sizeof(preassoc_info->minimum_advertised_mcs)); } // 6GOpInfoMinRates - if(strlen((char *)preassoc_info->sixGOpInfoMinRate) == 0) { + if(safe_strlen(preassoc_info->sixGOpInfoMinRate, sizeof(preassoc_info->sixGOpInfoMinRate)) == 0) { cJSON_AddStringToObject(preassoc, "6GOpInfoMinRate", "disabled"); } else { - cJSON_AddStringToObject(preassoc, "6GOpInfoMinRate", preassoc_info->sixGOpInfoMinRate); + cJSON_AddSafeStringToObject(preassoc, "6GOpInfoMinRate", preassoc_info->sixGOpInfoMinRate, sizeof(preassoc_info->sixGOpInfoMinRate)); } wifi_util_dbg_print(WIFI_WEBCONFIG,"%s:%d: Encoding preassoc settings passed\n", __func__, __LINE__); @@ -732,7 +758,7 @@ webconfig_error_t encode_wifi_global_config(const wifi_global_param_t *global_in cJSON_AddNumberToObject(global_obj, "VlanCfgVersion", global_info->vlan_cfg_version); //WpsPin - cJSON_AddStringToObject(global_obj, "WpsPin", global_info->wps_pin); + cJSON_AddSafeStringToObject(global_obj, "WpsPin", global_info->wps_pin, sizeof(global_info->wps_pin)); // BandsteeringEnable cJSON_AddBoolToObject(global_obj, "BandsteeringEnable", (const cJSON_bool)global_info->bandsteering_enable); @@ -780,7 +806,7 @@ webconfig_error_t encode_wifi_global_config(const wifi_global_param_t *global_in cJSON_AddNumberToObject(global_obj, "FixedWmmParams", global_info->fixed_wmm_params); //WifiRegionCode - cJSON_AddStringToObject(global_obj, "WifiRegionCode", global_info->wifi_region_code); + cJSON_AddSafeStringToObject(global_obj, "WifiRegionCode", global_info->wifi_region_code, sizeof(global_info->wifi_region_code)); // DiagnosticEnable cJSON_AddBoolToObject(global_obj, "DiagnosticEnable", (const cJSON_bool) global_info->diagnostic_enable); @@ -792,7 +818,7 @@ webconfig_error_t encode_wifi_global_config(const wifi_global_param_t *global_in cJSON_AddNumberToObject(global_obj, "DeviceNetworkMode", global_info->device_network_mode); //Normalized_Rssi_List - cJSON_AddStringToObject(global_obj, "NormalizedRssiList", global_info->normalized_rssi_list); + cJSON_AddSafeStringToObject(global_obj, "NormalizedRssiList", global_info->normalized_rssi_list, sizeof(global_info->normalized_rssi_list)); //SNRList cJSON_AddStringToObject(global_obj, "SNRList", global_info->snr_list); @@ -878,6 +904,11 @@ webconfig_error_t encode_anqp_object(const char *vap_name, cJSON *inter,const un return webconfig_error_encode; } + if (anqp == NULL) { + wifi_util_dbg_print(WIFI_WEBCONFIG, "%s:%d Null anqp input\n", __func__, __LINE__); + return webconfig_error_none; + } + cJSON *p_root = cJSON_Parse((char *)anqp); if(p_root == NULL) { wifi_util_dbg_print(WIFI_WEBCONFIG, "%s:%d Unable to encode anqp json\n", __func__, __LINE__); @@ -1045,46 +1076,46 @@ webconfig_error_t encode_radius_object(const wifi_radius_settings_t *radius_info { char str[64]; - if (strlen((char *)radius_info->ip) == 0) { + if (safe_strlen(radius_info->ip, sizeof(radius_info->ip)) == 0) { cJSON_AddStringToObject(radius, "RadiusServerIPAddr", "0.0.0.0"); } else { - cJSON_AddStringToObject(radius, "RadiusServerIPAddr", (char *)radius_info->ip); + cJSON_AddSafeStringToObject(radius, "RadiusServerIPAddr", radius_info->ip, sizeof(radius_info->ip)); } cJSON_AddNumberToObject(radius, "RadiusServerPort", radius_info->port); - if (strlen((char *)radius_info->key) == 0) { + if (safe_strlen(radius_info->key, sizeof(radius_info->key)) == 0) { cJSON_AddStringToObject(radius, "RadiusSecret", INVALID_KEY); } else { - cJSON_AddStringToObject(radius, "RadiusSecret", radius_info->key); + cJSON_AddSafeStringToObject(radius, "RadiusSecret", radius_info->key, sizeof(radius_info->key)); } - if (strlen((char *)radius_info->s_ip) == 0) { + if (safe_strlen(radius_info->s_ip, sizeof(radius_info->s_ip)) == 0) { cJSON_AddStringToObject(radius, "SecondaryRadiusServerIPAddr", "0.0.0.0"); } else { - cJSON_AddStringToObject(radius, "SecondaryRadiusServerIPAddr", (char *)radius_info->s_ip); + cJSON_AddSafeStringToObject(radius, "SecondaryRadiusServerIPAddr", radius_info->s_ip, sizeof(radius_info->s_ip)); } cJSON_AddNumberToObject(radius, "SecondaryRadiusServerPort", radius_info->s_port); - if (strlen((char *)radius_info->s_key) == 0) { + if (safe_strlen(radius_info->s_key, sizeof(radius_info->s_key)) == 0) { cJSON_AddStringToObject(radius, "SecondaryRadiusSecret", INVALID_KEY); } else { - cJSON_AddStringToObject(radius, "SecondaryRadiusSecret", radius_info->s_key); + cJSON_AddSafeStringToObject(radius, "SecondaryRadiusSecret", radius_info->s_key, sizeof(radius_info->s_key)); } cJSON_AddNumberToObject(radius, "EAPType", radius_info->eap_type); cJSON_AddNumberToObject(radius, "Phase2Auth", radius_info->phase2); - if (strlen((char *)radius_info->identity) == 0) { + if (safe_strlen(radius_info->identity, sizeof(radius_info->identity)) == 0) { cJSON_AddStringToObject(radius, "Identity", "username_empty"); } else { - cJSON_AddStringToObject(radius, "Identity", radius_info->identity); + cJSON_AddSafeStringToObject(radius, "Identity", radius_info->identity, sizeof(radius_info->identity)); } - if (strlen((char *)radius_info->key) == 0) { + if (safe_strlen(radius_info->key, sizeof(radius_info->key)) == 0) { cJSON_AddStringToObject(radius, "Key", INVALID_KEY); } else { - cJSON_AddStringToObject(radius, "Key", radius_info->key); + cJSON_AddSafeStringToObject(radius, "Key", radius_info->key, sizeof(radius_info->key)); } memset(str, 0, sizeof(str)); @@ -1093,10 +1124,10 @@ webconfig_error_t encode_radius_object(const wifi_radius_settings_t *radius_info cJSON_AddNumberToObject(radius, "DasServerPort", radius_info->dasport); - if (strlen((char *)radius_info->daskey) == 0) { + if (safe_strlen(radius_info->daskey, sizeof(radius_info->daskey)) == 0) { cJSON_AddStringToObject(radius, "DasSecret", INVALID_KEY); } else { - cJSON_AddStringToObject(radius, "DasSecret", radius_info->daskey); + cJSON_AddSafeStringToObject(radius, "DasSecret", radius_info->daskey, sizeof(radius_info->daskey)); } //max_auth_attempts @@ -1625,16 +1656,16 @@ webconfig_error_t encode_ignite_radius_object(const wifi_radius_settings_t *radi { cJSON_AddNumberToObject(radius, "IgniteEAPType", radius_info->eap_type); cJSON_AddNumberToObject(radius, "IgnitePhase2Auth", radius_info->phase2); - if (strlen((char *)radius_info->identity) == 0) { + if (safe_strlen(radius_info->identity, sizeof(radius_info->identity)) == 0) { cJSON_AddStringToObject(radius, "IgniteIdentity", "username_empty"); } else { - cJSON_AddStringToObject(radius, "IgniteIdentity", radius_info->identity); + cJSON_AddSafeStringToObject(radius, "IgniteIdentity", radius_info->identity, sizeof(radius_info->identity)); } - if (strlen((char *)radius_info->key) == 0) { + if (safe_strlen(radius_info->key, sizeof(radius_info->key)) == 0) { cJSON_AddStringToObject(radius, "IgniteKey", INVALID_KEY); } else { - cJSON_AddStringToObject(radius, "IgniteKey", radius_info->key); + cJSON_AddSafeStringToObject(radius, "IgniteKey", radius_info->key, sizeof(radius_info->key)); } return webconfig_error_none; } @@ -2033,7 +2064,7 @@ webconfig_error_t encode_ignite_object(ignite_config_t *ignite_config, cJSON *ig } wifi_util_dbg_print(WIFI_WEBCONFIG, "[%s %d] ignite params : [%s %f %f %f]\n", __func__, __LINE__, ignite_config->ignite_name, ignite_config->min_chanutil_threshold, ignite_config->max_chanutil_threshold, ignite_config->SNR_difference); - cJSON_AddStringToObject(ignite_obj, "ignite_name", ignite_config->ignite_name); + cJSON_AddSafeStringToObject(ignite_obj, "ignite_name", ignite_config->ignite_name, sizeof(ignite_config->ignite_name)); cJSON_AddNumberToObject(ignite_obj, "ignite_minchutil_threshold", ignite_config->min_chanutil_threshold); cJSON_AddNumberToObject(ignite_obj, "ignite_maxchutil_threshold", ignite_config->max_chanutil_threshold); cJSON_AddNumberToObject(ignite_obj, "ignite_snr_difference", ignite_config->SNR_difference); @@ -2080,11 +2111,11 @@ webconfig_error_t encode_wifivapcap(wifi_interface_name_idex_map_t *interface_ma if (interface_map->vap_name[0] != '\0') { object = cJSON_CreateObject(); cJSON_AddItemToArray(hal_obj, object); - cJSON_AddStringToObject(object, "VapName", interface_map->vap_name); + cJSON_AddSafeStringToObject(object, "VapName", interface_map->vap_name, sizeof(interface_map->vap_name)); cJSON_AddNumberToObject(object, "PhyIndex", interface_map->phy_index); cJSON_AddNumberToObject(object, "RadioIndex", interface_map->rdk_radio_index); - cJSON_AddStringToObject(object, "InterfaceName", interface_map->interface_name); - cJSON_AddStringToObject(object, "BridgeName", interface_map->bridge_name); + cJSON_AddSafeStringToObject(object, "InterfaceName", interface_map->interface_name, sizeof(interface_map->interface_name)); + cJSON_AddSafeStringToObject(object, "BridgeName", interface_map->bridge_name, sizeof(interface_map->bridge_name)); cJSON_AddNumberToObject(object, "VLANID", interface_map->vlan_id); cJSON_AddNumberToObject(object, "Index", interface_map->index); } @@ -2099,7 +2130,7 @@ webconfig_error_t encode_wifiradiointerfacecap(radio_interface_mapping_t *radio_ cJSON_AddItemToArray(hal_obj, object); cJSON_AddNumberToObject(object, "PhyIndex", radio_interface_map->phy_index); cJSON_AddNumberToObject(object, "RadioIndex", radio_interface_map->radio_index); - cJSON_AddStringToObject(object, "InterfaceName", radio_interface_map->interface_name); + cJSON_AddSafeStringToObject(object, "InterfaceName", radio_interface_map->interface_name, sizeof(radio_interface_map->interface_name)); } return webconfig_error_none; } @@ -2155,16 +2186,16 @@ webconfig_error_t encode_device_info(wifi_platform_property_t *wifi_prop, cJSON mac_addr_str_t mac_str; mac_addr_str_t lan_mac_str; //Manufacturer - cJSON_AddStringToObject(device_obj, "Manufacturer", wifi_prop->manufacturer); + cJSON_AddSafeStringToObject(device_obj, "Manufacturer", wifi_prop->manufacturer, sizeof(wifi_prop->manufacturer)); // Model - cJSON_AddStringToObject(device_obj, "Model", wifi_prop->manufacturerModel); + cJSON_AddSafeStringToObject(device_obj, "Model", wifi_prop->manufacturerModel, sizeof(wifi_prop->manufacturerModel)); //serialNo - cJSON_AddStringToObject(device_obj, "SerialNo", wifi_prop->serialNo); + cJSON_AddSafeStringToObject(device_obj, "SerialNo", wifi_prop->serialNo, sizeof(wifi_prop->serialNo)); //software_version - cJSON_AddStringToObject(device_obj, "Software_version", wifi_prop->software_version); + cJSON_AddSafeStringToObject(device_obj, "Software_version", wifi_prop->software_version, sizeof(wifi_prop->software_version)); //CMMAC to_mac_str(wifi_prop->cm_mac, mac_str); @@ -2957,8 +2988,8 @@ webconfig_error_t encode_em_config_object(const em_config_t *em_config, cJSON *e } cJSON_AddItemToObject(policy_obj, "Algorithm Run Policy", param_obj); - cJSON_AddStringToObject(param_obj, "Collection Start Time", - em_config->alarm_report_policy.collection_start_time); + cJSON_AddSafeStringToObject(param_obj, "Collection Start Time", + em_config->alarm_report_policy.collection_start_time, sizeof(em_config->alarm_report_policy.collection_start_time)); cJSON_AddNumberToObject(param_obj, "Reporting Interval", em_config->alarm_report_policy.reporting_interval); cJSON_AddNumberToObject(param_obj, "Link Quality Threshold", em_config->alarm_report_policy.link_quality_threshold); @@ -2971,8 +3002,8 @@ webconfig_error_t encode_em_config_object(const em_config_t *em_config, cJSON *e cJSON_AddItemToObject(policy_obj, "AP Metrics Reporting Policy", param_obj); cJSON_AddNumberToObject(param_obj, "Interval", em_config->ap_metric_policy.interval); - cJSON_AddStringToObject(param_obj, "Managed Client Marker", - em_config->ap_metric_policy.managed_client_marker); + cJSON_AddSafeStringToObject(param_obj, "Managed Client Marker", + em_config->ap_metric_policy.managed_client_marker, sizeof(em_config->ap_metric_policy.managed_client_marker)); // Local Steering Disallowed Policy param_obj = cJSON_CreateObject(); @@ -2995,8 +3026,8 @@ webconfig_error_t encode_em_config_object(const em_config_t *em_config, cJSON *e __LINE__); } cJSON_AddItemToArray(param_arr, param_obj); - cJSON_AddStringToObject(param_obj, "MAC", - (const char *)em_config->local_steering_dslw_policy.disallowed_sta[i]); + cJSON_AddSafeStringToObject(param_obj, "MAC", + em_config->local_steering_dslw_policy.disallowed_sta[i], sizeof(em_config->local_steering_dslw_policy.disallowed_sta[i])); } // BTM Steering Disallowed Policy @@ -3020,8 +3051,8 @@ webconfig_error_t encode_em_config_object(const em_config_t *em_config, cJSON *e __LINE__); } cJSON_AddItemToArray(param_arr, param_obj); - cJSON_AddStringToObject(param_obj, "MAC", - (const char *)em_config->btm_steering_dslw_policy.disallowed_sta[i]); + cJSON_AddSafeStringToObject(param_obj, "MAC", + em_config->btm_steering_dslw_policy.disallowed_sta[i], sizeof(em_config->btm_steering_dslw_policy.disallowed_sta[i])); } // Backhaul BSS Configuration Policy @@ -3031,8 +3062,8 @@ webconfig_error_t encode_em_config_object(const em_config_t *em_config, cJSON *e __LINE__); } cJSON_AddItemToObject(policy_obj, "Backhaul BSS Configuration Policy", param_obj); - cJSON_AddStringToObject(param_obj, "BSSID", - (const char *)em_config->backhaul_bss_config_policy.bssid); + cJSON_AddSafeStringToObject(param_obj, "BSSID", + em_config->backhaul_bss_config_policy.bssid, sizeof(em_config->backhaul_bss_config_policy.bssid)); cJSON_AddBoolToObject(param_obj, "Profile-1 bSTA Disallowed", 0); // em_config->backhaul_bss_config_policy.profile_1_bsta_disallowed); cJSON_AddBoolToObject(param_obj, "Profile-2 bSTA Disallowed", diff --git a/source/webconfig/wifi_webconfig_wifiapi_radio.c b/source/webconfig/wifi_webconfig_wifiapi_radio.c index 1ebf8bfa9..c1590cd11 100644 --- a/source/webconfig/wifi_webconfig_wifiapi_radio.c +++ b/source/webconfig/wifi_webconfig_wifiapi_radio.c @@ -73,7 +73,7 @@ webconfig_error_t decode_wifiapiradio_subdoc(webconfig_t *config, webconfig_subd params = &data->u.decoded; doc = &config->subdocs[data->type]; - memset(params, 0, sizeof(webconfig_subdoc_decoded_data_t)); + //memset(params, 0, sizeof(webconfig_subdoc_decoded_data_t)); for (i = 0; i < doc->num_objects; i++) { if ((cJSON_GetObjectItem(json, doc->objects[i].name)) == NULL) {