diff options
-rw-r--r-- | msm8998/android/location_api/GnssAPIClient.cpp | 33 | ||||
-rw-r--r-- | msm8998/android/location_api/GnssAPIClient.h | 4 | ||||
-rw-r--r-- | msm8998/gnss/Agps.cpp | 15 | ||||
-rw-r--r-- | msm8998/gnss/GnssAdapter.cpp | 14 |
4 files changed, 47 insertions, 19 deletions
diff --git a/msm8998/android/location_api/GnssAPIClient.cpp b/msm8998/android/location_api/GnssAPIClient.cpp index efcc1c6..400051e 100644 --- a/msm8998/android/location_api/GnssAPIClient.cpp +++ b/msm8998/android/location_api/GnssAPIClient.cpp @@ -74,10 +74,10 @@ void GnssAPIClient::gnssUpdateCallbacks(const sp<IGnssCallback>& gpsCb, const sp<IGnssNiCallback>& niCb) { LOC_LOGD("%s]: (%p %p)", __FUNCTION__, &gpsCb, &niCb); - + mMutex.lock(); mGnssCbIface = gpsCb; mGnssNiCbIface = niCb; - + mMutex.unlock(); LocationCallbacks locationCallbacks; locationCallbacks.size = sizeof(LocationCallbacks); @@ -234,7 +234,10 @@ void GnssAPIClient::onCapabilitiesCb(LocationCapabilitiesMask capabilitiesMask) LOC_LOGD("%s]: (%02x)", __FUNCTION__, capabilitiesMask); mLocationCapabilitiesMask = capabilitiesMask; mLocationCapabilitiesCached = true; - sp<IGnssCallback> gnssCbIface = mGnssCbIface; + + mMutex.lock(); + auto gnssCbIface(mGnssCbIface); + mMutex.unlock(); if (gnssCbIface != nullptr) { uint32_t data = 0; @@ -275,7 +278,9 @@ void GnssAPIClient::onCapabilitiesCb(LocationCapabilitiesMask capabilitiesMask) void GnssAPIClient::onTrackingCb(Location location) { LOC_LOGD("%s]: (flags: %02x)", __FUNCTION__, location.flags); - sp<IGnssCallback> gnssCbIface = mGnssCbIface; + mMutex.lock(); + auto gnssCbIface(mGnssCbIface); + mMutex.unlock(); if (gnssCbIface != nullptr) { GnssLocation gnssLocation; @@ -291,7 +296,9 @@ void GnssAPIClient::onTrackingCb(Location location) void GnssAPIClient::onGnssNiCb(uint32_t id, GnssNiNotification gnssNiNotification) { LOC_LOGD("%s]: (id: %d)", __FUNCTION__, id); - sp<IGnssNiCallback> gnssNiCbIface = mGnssNiCbIface; + mMutex.lock(); + auto gnssNiCbIface(mGnssNiCbIface); + mMutex.unlock(); if (gnssNiCbIface == nullptr) { LOC_LOGE("%s]: mGnssNiCbIface is nullptr", __FUNCTION__); @@ -364,7 +371,9 @@ void GnssAPIClient::onGnssNiCb(uint32_t id, GnssNiNotification gnssNiNotificatio void GnssAPIClient::onGnssSvCb(GnssSvNotification gnssSvNotification) { LOC_LOGD("%s]: (count: %zu)", __FUNCTION__, gnssSvNotification.count); - sp<IGnssCallback> gnssCbIface = mGnssCbIface; + mMutex.lock(); + auto gnssCbIface(mGnssCbIface); + mMutex.unlock(); if (gnssCbIface != nullptr) { IGnssCallback::GnssSvStatus svStatus; @@ -379,7 +388,9 @@ void GnssAPIClient::onGnssSvCb(GnssSvNotification gnssSvNotification) void GnssAPIClient::onGnssNmeaCb(GnssNmeaNotification gnssNmeaNotification) { - sp<IGnssCallback> gnssCbIface = mGnssCbIface; + mMutex.lock(); + auto gnssCbIface(mGnssCbIface); + mMutex.unlock(); if (gnssCbIface != nullptr) { android::hardware::hidl_string nmeaString; @@ -396,7 +407,9 @@ void GnssAPIClient::onGnssNmeaCb(GnssNmeaNotification gnssNmeaNotification) void GnssAPIClient::onStartTrackingCb(LocationError error) { LOC_LOGD("%s]: (%d)", __FUNCTION__, error); - sp<IGnssCallback> gnssCbIface = mGnssCbIface; + mMutex.lock(); + auto gnssCbIface(mGnssCbIface); + mMutex.unlock(); if (error == LOCATION_ERROR_SUCCESS && gnssCbIface != nullptr) { auto r = gnssCbIface->gnssStatusCb(IGnssCallback::GnssStatusValue::ENGINE_ON); @@ -415,7 +428,9 @@ void GnssAPIClient::onStartTrackingCb(LocationError error) void GnssAPIClient::onStopTrackingCb(LocationError error) { LOC_LOGD("%s]: (%d)", __FUNCTION__, error); - sp<IGnssCallback> gnssCbIface = mGnssCbIface; + mMutex.lock(); + auto gnssCbIface(mGnssCbIface); + mMutex.unlock(); if (error == LOCATION_ERROR_SUCCESS && gnssCbIface != nullptr) { auto r = gnssCbIface->gnssStatusCb(IGnssCallback::GnssStatusValue::SESSION_END); diff --git a/msm8998/android/location_api/GnssAPIClient.h b/msm8998/android/location_api/GnssAPIClient.h index d447157..904ee25 100644 --- a/msm8998/android/location_api/GnssAPIClient.h +++ b/msm8998/android/location_api/GnssAPIClient.h @@ -30,7 +30,7 @@ #ifndef GNSS_API_CLINET_H #define GNSS_API_CLINET_H - +#include <mutex> #include <android/hardware/gnss/1.0/IGnss.h> #include <android/hardware/gnss/1.0/IGnssCallback.h> #include <android/hardware/gnss/1.0/IGnssNiCallback.h> @@ -89,7 +89,7 @@ public: private: sp<IGnssCallback> mGnssCbIface; sp<IGnssNiCallback> mGnssNiCbIface; - + std::mutex mMutex; LocationCapabilitiesMask mLocationCapabilitiesMask; bool mLocationCapabilitiesCached; diff --git a/msm8998/gnss/Agps.cpp b/msm8998/gnss/Agps.cpp index e671daa..f2fcdd9 100644 --- a/msm8998/gnss/Agps.cpp +++ b/msm8998/gnss/Agps.cpp @@ -452,19 +452,20 @@ void AgpsStateMachine::setAPN(char* apn, unsigned int len){ if (NULL != mAPN) { delete mAPN; + mAPN = NULL; } - if (apn == NULL || len <= 0) { + if (NULL == apn || len <= 0 || len > MAX_APN_LEN || strlen(apn) != len) { LOC_LOGD("Invalid apn len (%d) or null apn", len); mAPN = NULL; mAPNLen = 0; - } - - if (NULL != apn) { + } else { mAPN = new char[len+1]; - memcpy(mAPN, apn, len); - mAPN[len] = '\0'; - mAPNLen = len; + if (NULL != mAPN) { + memcpy(mAPN, apn, len); + mAPN[len] = '\0'; + mAPNLen = len; + } } } diff --git a/msm8998/gnss/GnssAdapter.cpp b/msm8998/gnss/GnssAdapter.cpp index 4de1129..98535f4 100644 --- a/msm8998/gnss/GnssAdapter.cpp +++ b/msm8998/gnss/GnssAdapter.cpp @@ -2544,6 +2544,12 @@ void GnssAdapter::dataConnOpenCommand( new char[apnLen + 1]), mApnLen(apnLen), mIpType(ipType) { LOC_LOGV("AgpsMsgAtlOpenSuccess"); + if (mApnName == nullptr) { + LOC_LOGE("%s] new allocation failed, fatal error.", __func__); + // Reporting the failure here + mAgpsManager->reportAtlClosed(mAgpsType); + return; + } memcpy(mApnName, apnName, apnLen); mApnName[apnLen] = 0; } @@ -2559,9 +2565,15 @@ void GnssAdapter::dataConnOpenCommand( mIpType); } }; - + // Added inital length checks for apnlen check to avoid security issues + // In case of failure reporting the same + if (NULL == apnName || apnLen <= 0 || apnLen > MAX_APN_LEN || (strlen(apnName) != apnLen)) { + LOC_LOGe("%s]: incorrect apnlen length or incorrect apnName", __func__); + mAgpsManager.reportAtlClosed(agpsType); + } else { sendMsg( new AgpsMsgAtlOpenSuccess( &mAgpsManager, (AGpsExtType)agpsType, apnName, apnLen, ipType)); + } } void GnssAdapter::dataConnClosedCommand(AGpsExtType agpsType){ |