diff options
Diffstat (limited to 'msm8998/gnss/GnssAdapter.cpp')
| -rw-r--r-- | msm8998/gnss/GnssAdapter.cpp | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/msm8998/gnss/GnssAdapter.cpp b/msm8998/gnss/GnssAdapter.cpp index 4de1129..98535f4 100644 --- a/msm8998/gnss/GnssAdapter.cpp +++ b/msm8998/gnss/GnssAdapter.cpp @@ -2544,6 +2544,12 @@ void GnssAdapter::dataConnOpenCommand( new char[apnLen + 1]), mApnLen(apnLen), mIpType(ipType) { LOC_LOGV("AgpsMsgAtlOpenSuccess"); + if (mApnName == nullptr) { + LOC_LOGE("%s] new allocation failed, fatal error.", __func__); + // Reporting the failure here + mAgpsManager->reportAtlClosed(mAgpsType); + return; + } memcpy(mApnName, apnName, apnLen); mApnName[apnLen] = 0; } @@ -2559,9 +2565,15 @@ void GnssAdapter::dataConnOpenCommand( mIpType); } }; - + // Added inital length checks for apnlen check to avoid security issues + // In case of failure reporting the same + if (NULL == apnName || apnLen <= 0 || apnLen > MAX_APN_LEN || (strlen(apnName) != apnLen)) { + LOC_LOGe("%s]: incorrect apnlen length or incorrect apnName", __func__); + mAgpsManager.reportAtlClosed(agpsType); + } else { sendMsg( new AgpsMsgAtlOpenSuccess( &mAgpsManager, (AGpsExtType)agpsType, apnName, apnLen, ipType)); + } } void GnssAdapter::dataConnClosedCommand(AGpsExtType agpsType){ |