projects / platform / adaptation / emulator / vmodem-daemon-emulator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4fa4114)
[Title] fix risky codes.
authorSooyoung Ha <yoosah.ha@samsung.com>
Sat, 12 Jan 2013 08:57:37 +0000 (17:57 +0900)
committerSooyoung Ha <yoosah.ha@samsung.com>
Sat, 12 Jan 2013 08:57:37 +0000 (17:57 +0900)
[Desc.] modify lib/libsms/sms_tool.c, vmodem/db/db_ss.c, vmodem/server/client.c, server_common_network.c, server_common_security.c, server_common_ss.c

lib/libsms/sms_tool.c patch | blob | history
vmodem/db/db_ss.c patch | blob | history
vmodem/server/client.c patch | blob | history
vmodem/server/server_common_network.c patch | blob | history
vmodem/server/server_common_security.c patch | blob | history
vmodem/server/server_common_ss.c patch | blob | history

diff --git a/lib/libsms/sms_tool.c b/lib/libsms/sms_tool.c
index b3c2dd5..69ad949 100644 (file)
--- a/lib/libsms/sms_tool.c
+++ b/lib/libsms/sms_tool.c
@@ -723,7 +723,7 @@ int DecodeSmsSubmitTpdu(TPDU_SMS_SUBMIT *tpdu_submit, int pdu_len , char * pPDU,
        BYTE    tmp_buff[BUFF_SIZE];
        int size, udhl = 0;
        int i = 0, fillbits = 0;
-       size_t limit_len = TAPI_NETTEXT_SCADDRESS_LEN_MAX + 1;
+       size_t limit_len = TAPI_NETTEXT_SCADDRESS_LEN_MAX;
        position=0;
 
        /* SCA_ADDR */
diff --git a/vmodem/db/db_ss.c b/vmodem/db/db_ss.c
index bc0f524..38f7860 100644 (file)
--- a/vmodem/db/db_ss.c
+++ b/vmodem/db/db_ss.c
@@ -1148,7 +1148,7 @@ int send_call_barring_entry(call_barring_entry_t* entry)
 call_barring_entry_t *  find_call_barring_entry(int tel_class, int type)
 {
        int i, status = SS_MODE_DEACT, found = 0;
-       call_barring_entry_t * entry = (call_barring_entry_t*)malloc(sizeof(call_barring_entry_t));
+       call_barring_entry_t * entry;// = (call_barring_entry_t*)malloc(sizeof(call_barring_entry_t));
 
        log_msg(MSGL_VGSM_INFO,"1. [find_call_barring_entry]--------telclass : %d, type : %d\n", tel_class, type );
        for(i = 0; i<g_cb_entry[0].count; i++)
@@ -1305,7 +1305,7 @@ call_forwarding_entry_t g_cf_entry_tmp;
 
 call_forwarding_entry_t * find_call_forwarding_entry(int tel_class, int type)
 {
-       int i, class;
+       int i, class = -128;
        call_forwarding_entry_t * entry ;
 
        log_msg(MSGL_VGSM_INFO,"tel_class=0x%x  type=%d\n", tel_class,type);
diff --git a/vmodem/server/client.c b/vmodem/server/client.c
index 0ff4a1a..ef7a604 100644 (file)
--- a/vmodem/server/client.c
+++ b/vmodem/server/client.c
@@ -672,6 +672,8 @@ static void do_sim(PhoneServer * ps, TClientInfo * ci, LXT_MESSAGE * packet)
                {
                        type = p[0];
                        password = malloc(length-1);
+                       if(!password)
+                               return;
                        memcpy(password,&p[1],length-1);
 
                        switch(type)
@@ -893,6 +895,8 @@ static void do_sim(PhoneServer * ps, TClientInfo * ci, LXT_MESSAGE * packet)
                        log_msg(MSGL_VGSM_ERR,"ERROR - Not handled action =[%x] \n", action);
                break;
        }
+       if(password)
+               free(password);
 }
 
 
diff --git a/vmodem/server/server_common_network.c b/vmodem/server/server_common_network.c
index bcea4fd..f64faf7 100644 (file)
--- a/vmodem/server/server_common_network.c
+++ b/vmodem/server/server_common_network.c
@@ -67,7 +67,7 @@ gsm_network_nitz_info_t   g_network_identity ;
  */
 void init_plmn_list(void)
 {
-       NetworkEntry entry;
+       NetworkEntry entry = {0};
        /* Update for public open
           0x34, 0x35, 0x30, 0x30, 0x31, 0x23 // 45001#
           =>
@@ -95,7 +95,7 @@ void init_plmn_list(void)
        if (g_plmn_list.num_record == 0) {
                g_plmn_list.num_record = 1;
                g_plmn_list.precord = malloc(sizeof(gsm_network_plmn_record_t)*g_plmn_list.num_record); // it needs free().
-               memset(g_plmn_list.precord, '\0', sizeof(g_plmn_list.precord));
+               memset(g_plmn_list.precord, '\0', sizeof(gsm_network_plmn_record_t));
                g_plmn_list.precord[0].status = GSM_NET_PLMN_STATUS_AVAIL; // PLMN_STATUS
                
                //memcpy(g_plmn_list.precord[0].plmn, plmn, 6);
@@ -148,7 +148,7 @@ void init_plmn_list(void)
 void set_plmn_list( unsigned char *data, int len )
 {
        int i = 0, j = 1;
-       NetworkEntry entry;
+       NetworkEntry entry = {0};
        VGSM_DEBUG("\n");
 
        if (g_plmn_list.num_record != 0) {
diff --git a/vmodem/server/server_common_security.c b/vmodem/server/server_common_security.c
index 15c22ab..87aa14a 100644 (file)
--- a/vmodem/server/server_common_security.c
+++ b/vmodem/server/server_common_security.c
@@ -114,7 +114,9 @@ int server_sim_db_init()
 //080226 -for mem free in mem alloc func. void -> int.
 int server_sec_set_sec_db_info(SimSecurity *sim_sec,int  ncol)
 {
-       SIM_DEBUG("\n");
+       SIM_DEBUG("server_sec_set_sec_db_info\n");
+       if(sim_sec == NULL)
+               return -1;
 //init
        memset(g_pin_value,0,9);
        memset(g_puk_value,0,9);
diff --git a/vmodem/server/server_common_ss.c b/vmodem/server/server_common_ss.c
index e4a5224..720d322 100644 (file)
--- a/vmodem/server/server_common_ss.c
+++ b/vmodem/server/server_common_ss.c
@@ -55,6 +55,8 @@ static call_waiting_entry_t * setinitDB(call_waiting_entry_t *entry, int class,
 int init_ss_info_re(void)
 {
        call_waiting_entry_t * entry = malloc(sizeof(call_waiting_entry_t));
+       if(!entry)
+               return -1;
        memset(entry, 0, sizeof(call_waiting_entry_t));
 
 
@@ -112,6 +114,8 @@ int init_ss_info_re(void)
        if(cb_pwd_packet.length)
                FuncServer->Cast(&GlobalPS, LXT_ID_CLIENT_EVENT_INJECTOR, &cb_pwd_packet);      // &ServerHandle->server_cast
 
+       if(entry)
+               free(entry);
        return 1;
 }
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -119,6 +123,8 @@ int init_ss_info_re(void)
 int init_ss_info(void)
 {
        call_waiting_entry_t * entry = (call_waiting_entry_t *)malloc(sizeof(call_waiting_entry_t));
+       if(!entry)
+               return -1;
        memset(entry, 0, sizeof(call_waiting_entry_t));
 
 
@@ -189,6 +195,8 @@ int init_ss_info(void)
        if(cb_pwd_packet.length)
                FuncServer->Cast(&GlobalPS, LXT_ID_CLIENT_EVENT_INJECTOR, &cb_pwd_packet);      // &ServerHandle->server_cast
 
+       if(entry)
+               free(entry);
        return 1;
 }
 
Domain: SDK / Emulator;