[PATCH 1/3] add some length verification to avoid reading not owned memory
by jr_extern@vfnet.de
From: Jens Rehsack <jr_extern(a)vfnet.de>
---
src/push.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/push.c b/src/push.c
index 6a54907..6107352 100644
--- a/src/push.c
+++ b/src/push.c
@@ -351,13 +351,16 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
/* Consume TID and Type */
nread = 2;
- if (wsp_decode_uintvar(pdu + nread, len,
+ if (wsp_decode_uintvar(pdu + nread, len - nread,
&headerslen, &consumed) == FALSE)
return FALSE;
/* Consume uintvar bytes */
nread += consumed;
+ /* Check if content type could be read */
+ if (headerslen > (len - nread))
+ return FALSE;
/* Try to decode content-type */
if (wsp_decode_content_type(pdu + nread, headerslen, &ct,
&consumed, ¶m_len) == FALSE)
@@ -370,6 +373,9 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
consumed += param_len;
nread += consumed;
+ /* Check if application_id could be read */
+ if ((headerslen - consumed) > (len - nread))
+ return FALSE;
/* Parse header to decode application_id */
wsp_header_iter_init(&iter, pdu + nread, headerslen - consumed, 0);
--
1.7.9.1
8 years, 10 months
[mmsd] Error handling while receiving message
by Ronald Tessier
Hi,
I'm working on handling errors while receiving an MMS (listed in TODO as
: "Error cases should handled and reported to the application layer." in
MMS Reception section).
What kind of error do you want to report to the application : generic
MMS reception error such as "Unable to decode message", "Unable to
download message" ... or more accurate error (error code, "HTTP error
XXX", "Communication error while downloading message"... ) ?
Since the reception is automatically performed, there is no D-Bus reply
msg to use to send error back to the application !
I cannot always handle the error in 'Message' interface since the D-Bus
object (associated to the message) does not exist before having
downloaded the entire message. More generally, how to handle errors that
occurs before the message D-Bus object has been published ?
Should I define a new signal ("MessageError") in 'Service' interface to
report errors ?
What kind of information the reported error should contain ? the sender
(if the notification has been decoded), the meta file path (if
available) ... ?
Thanks in advance,
Regards,
Ronald
8 years, 10 months
[PATCH v2 0/6] mmsd: bug fixing in send message recovery
by Sébastien Bianti
This series concerns mmsd for ofono mailing list.
Patch 1 to 3 fix some leaks when a problem arises when a send request is
created.
Patch 4 to 6 fix some mistakes in send message recovery.
Sébastien Bianti (6):
service: remove dead file
service: fixed possible meta with NULL uuid
service: remove pdu without meta
service: request_post_file opens the pdu itself
service: fix some leaks
service: request needs to keep msg
src/service.c | 29 +++++++++++++++++++++++------
1 files changed, 23 insertions(+), 6 deletions(-)
--
1.7.4.4
8 years, 10 months
[PATCHv2] sim: Use quoted string with AT+CRSM data parameter
by Nicolas Bertrand
Fix issue with some modems preventing to update elementary files
(speedup, ZTE, huawei, MBM)
---
drivers/atmodem/sim.c | 127 ++++++++++++++++---------------------------------
1 files changed, 41 insertions(+), 86 deletions(-)
diff --git a/drivers/atmodem/sim.c b/drivers/atmodem/sim.c
index 8ee9822..a75d51f 100644
--- a/drivers/atmodem/sim.c
+++ b/drivers/atmodem/sim.c
@@ -298,71 +298,44 @@ static void at_crsm_update_cb(gboolean ok, GAtResult *result,
cb(&error, cbd->data);
}
-static void at_sim_update_binary(struct ofono_sim *sim, int fileid,
- int start, int length,
- const unsigned char *value,
- ofono_sim_write_cb_t cb, void *data)
-{
- struct sim_data *sd = ofono_sim_get_data(sim);
- struct cb_data *cbd = cb_data_new(cb, data);
- char *buf = g_try_new(char, 36 + length * 2);
- int len, ret;
-
- if (buf == NULL)
- goto error;
-
- len = sprintf(buf, "AT+CRSM=214,%i,%i,%i,%i,", fileid,
- start >> 8, start & 0xff, length);
-
- for (; length; length--)
- len += sprintf(buf + len, "%02hhX", *value++);
-
- ret = g_at_chat_send(sd->chat, buf, crsm_prefix,
- at_crsm_update_cb, cbd, g_free);
-
- g_free(buf);
-
- if (ret > 0)
- return;
-
-error:
- g_free(cbd);
-
- CALLBACK_WITH_FAILURE(cb, data);
-}
-
-static void at_sim_update_record(struct ofono_sim *sim, int fileid,
- int record, int length,
- const unsigned char *value,
- ofono_sim_write_cb_t cb, void *data)
+static void at_sim_update_file(struct ofono_sim *sim, int cmd, int fileid,
+ int p1, int p2, int p3, const unsigned char *value,
+ ofono_sim_write_cb_t cb, void *data)
{
struct sim_data *sd = ofono_sim_get_data(sim);
struct cb_data *cbd = cb_data_new(cb, data);
char *buf;
+ char *quote = "";
int len, ret;
- int size = 36 + length * 2;
+ int size = 36 + p3 * 2;
- if (sd->vendor == OFONO_VENDOR_MBM)
- size += 2; /*Add quotes*/
+ DBG("");
+
+ /* Add quotes */
+ switch (sd->vendor) {
+ case OFONO_VENDOR_MBM:
+ case OFONO_VENDOR_ZTE:
+ case OFONO_VENDOR_HUAWEI:
+ case OFONO_VENDOR_SPEEDUP:
+ quote = "\"";
+ size += 2;
+ break;
+ }
buf = g_try_new(char, size);
if (buf == NULL)
goto error;
- len = sprintf(buf, "AT+CRSM=220,%i,%i,4,%i,", fileid,
- record, length);
+ len = sprintf(buf, "AT+CRSM=%i,%i,%i,%i,%i,%s", cmd, fileid,
+ p1, p2, p3, quote);
- if (sd->vendor == OFONO_VENDOR_MBM)
- len += sprintf(buf + len, "\"");
-
- for (; length; length--)
+ for (; p3; p3--)
len += sprintf(buf + len, "%02hhX", *value++);
- if (sd->vendor == OFONO_VENDOR_MBM)
- sprintf(buf + len, "\"");
+ sprintf(buf + len, "%s", quote);
ret = g_at_chat_send(sd->chat, buf, crsm_prefix,
- at_crsm_update_cb, cbd, g_free);
+ at_crsm_update_cb, cbd, g_free);
g_free(buf);
@@ -375,46 +348,28 @@ error:
CALLBACK_WITH_FAILURE(cb, data);
}
-static void at_sim_update_cyclic(struct ofono_sim *sim, int fileid,
- int length, const unsigned char *value,
- ofono_sim_write_cb_t cb, void *data)
+static void at_sim_update_binary(struct ofono_sim *sim, int fileid,
+ int start, int length, const unsigned char *value,
+ ofono_sim_write_cb_t cb, void *data)
{
- struct sim_data *sd = ofono_sim_get_data(sim);
- struct cb_data *cbd = cb_data_new(cb, data);
- char *buf;
- int len, ret;
- int size = 36 + length * 2;
-
- if (sd->vendor == OFONO_VENDOR_MBM)
- size += 2; /* Add quotes */
-
- buf = g_try_new(char, size);
- if (buf == NULL)
- goto error;
-
- len = sprintf(buf, "AT+CRSM=220,%i,0,3,%i,", fileid, length);
-
- if (sd->vendor == OFONO_VENDOR_MBM)
- len += sprintf(buf + len, "\"");
-
- for (; length; length--)
- len += sprintf(buf + len, "%02hhX", *value++);
-
- if (sd->vendor == OFONO_VENDOR_MBM)
- sprintf(buf + len, "\"");
-
- ret = g_at_chat_send(sd->chat, buf, crsm_prefix,
- at_crsm_update_cb, cbd, g_free);
-
- g_free(buf);
-
- if (ret > 0)
- return;
+ at_sim_update_file(sim, 214, fileid, start >> 8, start & 0xff,
+ length, value, cb, data);
+}
-error:
- g_free(cbd);
+static void at_sim_update_record(struct ofono_sim *sim, int fileid,
+ int record, int length, const unsigned char *value,
+ ofono_sim_write_cb_t cb, void *data)
+{
+ at_sim_update_file(sim, 220, fileid, record, 4,
+ length, value, cb, data);
+}
- CALLBACK_WITH_FAILURE(cb, data);
+static void at_sim_update_cyclic(struct ofono_sim *sim, int fileid,
+ int length, const unsigned char *value,
+ ofono_sim_write_cb_t cb, void *data)
+{
+ at_sim_update_file(sim, 220, fileid, 0, 3,
+ length, value, cb, data);
}
static void at_cimi_cb(gboolean ok, GAtResult *result, gpointer user_data)
--
1.7.5.4
8 years, 10 months
[PATCH 0/2] mmsd: fix problems when unregistering msg
by Ronald Tessier
Please find changes in mmsd in order to fix problems that occurred when
unregistering messages.
1) the messages table contains mms_message object and not uuid, now
every message is unregister with its correct path when the messages
table is destroyed. Furthermore, don't need to remove the message from
the table using g_hash_table_foreach_remove() since
mms_message_unregister() already removed it from the table.
2) use the msg_path (within the debug statement) before removing the
message from the table which free it
Ronald Tessier (2):
service: fix object path when unregistering msg
service: free the msg after tracing its path
src/service.c | 16 ++++++----------
1 files changed, 6 insertions(+), 10 deletions(-)
--
1.7.4.1
8 years, 10 months
[PATCH] sim: Use quoted string with AT+CRSM data parameter
by Nicolas Bertrand
Fix issue with some modems preventing to update elementary files
(speedup, ZTE, huawei, MBM)
---
drivers/atmodem/sim.c | 52 ++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/drivers/atmodem/sim.c b/drivers/atmodem/sim.c
index 8ee9822..f307708 100644
--- a/drivers/atmodem/sim.c
+++ b/drivers/atmodem/sim.c
@@ -305,18 +305,38 @@ static void at_sim_update_binary(struct ofono_sim *sim, int fileid,
{
struct sim_data *sd = ofono_sim_get_data(sim);
struct cb_data *cbd = cb_data_new(cb, data);
- char *buf = g_try_new(char, 36 + length * 2);
+ char *buf;
int len, ret;
+ int size = 36 + length * 2;
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
+ size += 2; /*Add quotes*/
+
+ buf = g_try_new(char, size);
if (buf == NULL)
goto error;
len = sprintf(buf, "AT+CRSM=214,%i,%i,%i,%i,", fileid,
start >> 8, start & 0xff, length);
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
+ sprintf(buf + len, "\"");
+
for (; length; length--)
len += sprintf(buf + len, "%02hhX", *value++);
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
+ sprintf(buf + len, "\"");
+
ret = g_at_chat_send(sd->chat, buf, crsm_prefix,
at_crsm_update_cb, cbd, g_free);
@@ -342,7 +362,10 @@ static void at_sim_update_record(struct ofono_sim *sim, int fileid,
int len, ret;
int size = 36 + length * 2;
- if (sd->vendor == OFONO_VENDOR_MBM)
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
size += 2; /*Add quotes*/
buf = g_try_new(char, size);
@@ -352,13 +375,19 @@ static void at_sim_update_record(struct ofono_sim *sim, int fileid,
len = sprintf(buf, "AT+CRSM=220,%i,%i,4,%i,", fileid,
record, length);
- if (sd->vendor == OFONO_VENDOR_MBM)
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
len += sprintf(buf + len, "\"");
for (; length; length--)
len += sprintf(buf + len, "%02hhX", *value++);
- if (sd->vendor == OFONO_VENDOR_MBM)
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
sprintf(buf + len, "\"");
ret = g_at_chat_send(sd->chat, buf, crsm_prefix,
@@ -385,7 +414,10 @@ static void at_sim_update_cyclic(struct ofono_sim *sim, int fileid,
int len, ret;
int size = 36 + length * 2;
- if (sd->vendor == OFONO_VENDOR_MBM)
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
size += 2; /* Add quotes */
buf = g_try_new(char, size);
@@ -394,13 +426,19 @@ static void at_sim_update_cyclic(struct ofono_sim *sim, int fileid,
len = sprintf(buf, "AT+CRSM=220,%i,0,3,%i,", fileid, length);
- if (sd->vendor == OFONO_VENDOR_MBM)
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
len += sprintf(buf + len, "\"");
for (; length; length--)
len += sprintf(buf + len, "%02hhX", *value++);
- if (sd->vendor == OFONO_VENDOR_MBM)
+ if (sd->vendor == OFONO_VENDOR_MBM ||
+ sd->vendor == OFONO_VENDOR_ZTE ||
+ sd->vendor == OFONO_VENDOR_HUAWEI ||
+ sd->vendor == OFONO_VENDOR_SPEEDUP)
sprintf(buf + len, "\"");
ret = g_at_chat_send(sd->chat, buf, crsm_prefix,
--
1.7.5.4
8 years, 10 months
[PATCHv3 00/12] Call forwarding state handling change
by Oleg Zhurakivskyy
Hello,
Please find the changes in order to correct call forwarding states.
Changes from v2:
- Re-run conditional queries on cfu removal and mark cached.
- Handle the caching properly on supplementary services path
unconditional/all/all conditional cfs modifications.
Regards,
Oleg
Oleg Zhurakivskyy (12):
call-forwarding: Remove cf_list_clear()
call-forwarding: Inline get_query_next_cf_cond()
call-forwarding: Refactor cf_condition_find_with_cls() slightly
call-forwarding: Refactor cf_find_unconditional()
call-forwarding: Minor cleanup of set_query_cf_callback
call-forwarding: Don't run conditional queries if cfu is active
call-forwarding: Re-run conditional queries on cfu removal
call-forwarding: Toggle the cached flag on CFU changes
call-forwarding: Cache cfs on CFU removal
call-forwarding: Re-run ss path cfs queries on cfu changes
call-forwarding: Cache cfs on all/all conditional removal
TODO: Remove completed call forwarding state task
TODO | 17 ----
src/call-forwarding.c | 237 +++++++++++++++++++++----------------------------
2 files changed, 100 insertions(+), 154 deletions(-)
--
1.7.5.4
8 years, 10 months
[PATCH v2 1/3] emulator: Add API to force indicator event
by Frédéric Danis
For AT+CHLD=2, +CIEV unsollicited event for callheld should be sent even
if it does not change
---
include/emulator.h | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/include/emulator.h b/include/emulator.h
index 5cd894b..39f4ad7 100644
--- a/include/emulator.h
+++ b/include/emulator.h
@@ -105,6 +105,9 @@ enum ofono_emulator_request_type ofono_emulator_request_get_type(
void ofono_emulator_set_indicator(struct ofono_emulator *em,
const char *name, int value);
+void ofono_emulator_set_indicator_forced(struct ofono_emulator *em,
+ const char *name, int value);
+
#ifdef __cplusplus
}
#endif
--
1.7.1
8 years, 10 months
[PATCH 0/3] mmsd: removing dead files
by Sébastien Bianti
These patches concern mmsd for ofono mailing list.
Sébastien Bianti (3):
service: remove dead file
service: fixed possible meta with NULL uuid
service: remove pdu without meta
src/service.c | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)
--
1.7.4.4
8 years, 10 months
Handling AT command with no response
by Neil Jerram
Hi there,
Is there a way in oFono of sending an AT command and not waiting for any
response?
Specifically, AT+VTS doesn't give any response according to 27.007, and
this appears to be true in practice for the Option HSO modem (GTM601).
Thanks,
Neil
8 years, 10 months
