msm8998: Update to C1.07.00.00.375.020

msm8998:  from vendor/qcom/opensource/data-ipa-cfg-mgr
  cd3f815 Promotion of data.lnx.6.4.9-00093.
  60bc54b IPACM: fix security issue in querying if index
  9712b61 Promotion of data.lnx.6.4.9-00072.
  de85c67 SetDataLimit: Init Check

Test: build, boot, sanity checks
Bug: 65735819
Change-Id: Ie0c42323bc1d83c9bce185a067120546dfc2d9d1
Signed-off-by: Thierry Strudel <tstrudel@google.com>

2 files changed, 41 insertions, 28 deletions

diff --git a/msm8998/hal/src/HAL.cpp b/msm8998/hal/src/HAL.cpp
index d722e78..59f978d 100644
--- a/msm8998/hal/src/HAL.cpp
+++ b/msm8998/hal/src/HAL.cpp
@@ -463,11 +463,17 @@ Return<void> HAL::setDataLimit
     fl.addArg("upstream", upstream);
     fl.addArg("limit", limit);
 
-    RET ipaReturn = mIPA->setQuota(upstream.c_str(), limit);
-    BoolResult res = ipaResultToBoolResult(ipaReturn);
-    hidl_cb(res.success, res.errMsg);
+    if (!isInitialized()) {
+        BoolResult res = makeInputCheckFailure("Not initialized (setDataLimit)");
+        hidl_cb(res.success, res.errMsg);
+        fl.setResult(res.success, res.errMsg);
+    } else {
+        RET ipaReturn = mIPA->setQuota(upstream.c_str(), limit);
+        BoolResult res = ipaResultToBoolResult(ipaReturn);
+        hidl_cb(res.success, res.errMsg);
+        fl.setResult(res.success, res.errMsg);
+    }
 
-    fl.setResult(res.success, res.errMsg);
     mLogs.addLog(fl);
     return Void();
 } /* setDataLimit */
diff --git a/msm8998/ipacm/src/IPACM_Iface.cpp b/msm8998/ipacm/src/IPACM_Iface.cpp
index 4e0dc9e..149e417 100644
--- a/msm8998/ipacm/src/IPACM_Iface.cpp
+++ b/msm8998/ipacm/src/IPACM_Iface.cpp
@@ -930,30 +930,37 @@ int IPACM_Iface::ipa_get_if_index
   int * if_index
 )
 {
-  int fd;
-  struct ifreq ifr;
-
-  if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
-  {
-    IPACMERR("get interface index socket create failed \n");
-    return IPACM_FAILURE;
-  }
-
-  memset(&ifr, 0, sizeof(struct ifreq));
-  (void)strncpy(ifr.ifr_name, if_name, sizeof(ifr.ifr_name));
-  IPACMDBG_H("interface name (%s)\n", if_name);
-
-  if (ioctl(fd,SIOCGIFINDEX , &ifr) < 0)
-  {
-    IPACMERR("call_ioctl_on_dev: ioctl failed, interface name (%s):\n", ifr.ifr_name);
-    close(fd);
-    return IPACM_FAILURE;
-  }
-
-  *if_index = ifr.ifr_ifindex;
-  IPACMDBG_H("Interface index %d\n", *if_index);
-  close(fd);
-  return IPACM_SUCCESS;
+	int fd;
+	struct ifreq ifr;
+
+	if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	{
+		IPACMERR("get interface index socket create failed \n");
+		return IPACM_FAILURE;
+	}
+
+	if(strlen(if_name) >= sizeof(ifr.ifr_name))
+	{
+		IPACMERR("interface name overflows: len %zu\n", strlen(if_name));
+		close(fd);
+		return IPACM_FAILURE;
+	}
+
+	memset(&ifr, 0, sizeof(struct ifreq));
+	(void)strlcpy(ifr.ifr_name, if_name, sizeof(ifr.ifr_name));
+	IPACMDBG_H("interface name (%s)\n", if_name);
+
+	if(ioctl(fd,SIOCGIFINDEX , &ifr) < 0)
+	{
+		IPACMERR("call_ioctl_on_dev: ioctl failed, interface name (%s):\n", ifr.ifr_name);
+		close(fd);
+		return IPACM_FAILURE;
+	}
+
+	*if_index = ifr.ifr_ifindex;
+	IPACMDBG_H("Interface index %d\n", *if_index);
+	close(fd);
+	return IPACM_SUCCESS;
 }
 
 void IPACM_Iface::config_ip_type(ipa_ip_type iptype)