ril: service: Get off my back

* Checking numInts and numStrings for strict equality when
  we're not looping is dumb, because Samsung is notorious
  for sending extra information in their RIL
* Check if there's *enough* data rather than the *exact amount*
  to fix a bunch of invalid response errors

Change-Id: I14bc37240e5760b4629fcb74b64f25ad95d4fdfc
tirimbino
Paul Keith 7 years ago committed by Christopher N. Hesse
parent d26f4c920f
commit 96ff312382
  1. 60
      ril/libril/ril_service.cpp

@ -2783,7 +2783,7 @@ int responseIntOrEmpty(RadioResponseInfo& responseInfo, int serial, int response
// Earlier RILs did not send a response for some cases although the interface // Earlier RILs did not send a response for some cases although the interface
// expected an integer as response. Do not return error if response is empty. Instead // expected an integer as response. Do not return error if response is empty. Instead
// Return -1 in those cases to maintain backward compatibility. // Return -1 in those cases to maintain backward compatibility.
} else if (response == NULL || responseLen != sizeof(int)) { } else if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("responseIntOrEmpty: Invalid response"); RLOGE("responseIntOrEmpty: Invalid response");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -2798,7 +2798,7 @@ int responseInt(RadioResponseInfo& responseInfo, int serial, int responseType, R
populateResponseInfo(responseInfo, serial, responseType, e); populateResponseInfo(responseInfo, serial, responseType, e);
int ret = -1; int ret = -1;
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("responseInt: Invalid response"); RLOGE("responseInt: Invalid response");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -3243,13 +3243,13 @@ int radio::getLastCallFailCauseResponse(int slotId,
if (response == NULL) { if (response == NULL) {
RLOGE("getCurrentCallsResponse Invalid response: NULL"); RLOGE("getCurrentCallsResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else if (responseLen == sizeof(int)) {
int *pInt = (int *) response;
info.causeCode = (LastCallFailCause) pInt[0];
} else if (responseLen == sizeof(RIL_LastCallFailCauseInfo)) { } else if (responseLen == sizeof(RIL_LastCallFailCauseInfo)) {
RIL_LastCallFailCauseInfo *pFailCauseInfo = (RIL_LastCallFailCauseInfo *) response; RIL_LastCallFailCauseInfo *pFailCauseInfo = (RIL_LastCallFailCauseInfo *) response;
info.causeCode = (LastCallFailCause) pFailCauseInfo->cause_code; info.causeCode = (LastCallFailCause) pFailCauseInfo->cause_code;
info.vendorCause = convertCharPtrToHidlString(pFailCauseInfo->vendor_cause); info.vendorCause = convertCharPtrToHidlString(pFailCauseInfo->vendor_cause);
} else if (responseLen % sizeof(int) != 0) {
int *pInt = (int *) response;
info.causeCode = (LastCallFailCause) pInt[0];
} else { } else {
RLOGE("getCurrentCallsResponse Invalid response: NULL"); RLOGE("getCurrentCallsResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
@ -3603,7 +3603,7 @@ int radio::getVoiceRegistrationStateResponse(int slotId,
RLOGE("getVoiceRegistrationStateResponse Invalid response: NULL"); RLOGE("getVoiceRegistrationStateResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else if (s_vendorFunctions->version <= 14) { } else if (s_vendorFunctions->version <= 14) {
if (numStrings != 15) { if (numStrings < 15) {
RLOGE("getVoiceRegistrationStateResponse Invalid response: NULL"); RLOGE("getVoiceRegistrationStateResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -3616,7 +3616,7 @@ int radio::getVoiceRegistrationStateResponse(int slotId,
voiceRegResponse.defaultRoamingIndicator = ATOI_NULL_HANDLED_DEF(resp[12], 0); voiceRegResponse.defaultRoamingIndicator = ATOI_NULL_HANDLED_DEF(resp[12], 0);
voiceRegResponse.reasonForDenial = ATOI_NULL_HANDLED_DEF(resp[13], 0); voiceRegResponse.reasonForDenial = ATOI_NULL_HANDLED_DEF(resp[13], 0);
fillCellIdentityFromVoiceRegStateResponseString(voiceRegResponse.cellIdentity, fillCellIdentityFromVoiceRegStateResponseString(voiceRegResponse.cellIdentity,
numStrings, resp); 15, resp);
} }
} else { } else {
RIL_VoiceRegistrationStateResponse *voiceRegState = RIL_VoiceRegistrationStateResponse *voiceRegState =
@ -3666,7 +3666,7 @@ int radio::getDataRegistrationStateResponse(int slotId,
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else if (s_vendorFunctions->version <= 14) { } else if (s_vendorFunctions->version <= 14) {
int numStrings = responseLen / sizeof(char *); int numStrings = responseLen / sizeof(char *);
if ((numStrings != 6) && (numStrings != 11)) { if (numStrings < 6) {
RLOGE("getDataRegistrationStateResponse Invalid response: NULL"); RLOGE("getDataRegistrationStateResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -3676,7 +3676,7 @@ int radio::getDataRegistrationStateResponse(int slotId,
dataRegResponse.reasonDataDenied = ATOI_NULL_HANDLED(resp[4]); dataRegResponse.reasonDataDenied = ATOI_NULL_HANDLED(resp[4]);
dataRegResponse.maxDataCalls = ATOI_NULL_HANDLED_DEF(resp[5], 1); dataRegResponse.maxDataCalls = ATOI_NULL_HANDLED_DEF(resp[5], 1);
fillCellIdentityFromDataRegStateResponseString(dataRegResponse.cellIdentity, fillCellIdentityFromDataRegStateResponseString(dataRegResponse.cellIdentity,
numStrings, resp); numStrings < 11 ? 6 : 11, resp);
} }
} else { } else {
RIL_DataRegistrationStateResponse *dataRegState = RIL_DataRegistrationStateResponse *dataRegState =
@ -3720,7 +3720,7 @@ int radio::getOperatorResponse(int slotId,
hidl_string shortName; hidl_string shortName;
hidl_string numeric; hidl_string numeric;
int numStrings = responseLen / sizeof(char *); int numStrings = responseLen / sizeof(char *);
if (response == NULL || numStrings != 3) { if (response == NULL || numStrings < 3) {
RLOGE("getOperatorResponse Invalid response: NULL"); RLOGE("getOperatorResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
@ -3982,7 +3982,7 @@ int radio::getClirResponse(int slotId,
populateResponseInfo(responseInfo, serial, responseType, e); populateResponseInfo(responseInfo, serial, responseType, e);
int n = -1, m = -1; int n = -1, m = -1;
int numInts = responseLen / sizeof(int); int numInts = responseLen / sizeof(int);
if (response == NULL || numInts != 2) { if (response == NULL || numInts < 2) {
RLOGE("getClirResponse Invalid response: NULL"); RLOGE("getClirResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -4094,7 +4094,7 @@ int radio::getCallWaitingResponse(int slotId,
bool enable = false; bool enable = false;
int serviceClass = -1; int serviceClass = -1;
int numInts = responseLen / sizeof(int); int numInts = responseLen / sizeof(int);
if (response == NULL || numInts != 2) { if (response == NULL || numInts < 2) {
RLOGE("getCallWaitingResponse Invalid response: NULL"); RLOGE("getCallWaitingResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -4272,7 +4272,7 @@ int radio::getNetworkSelectionModeResponse(int slotId,
populateResponseInfo(responseInfo, serial, responseType, e); populateResponseInfo(responseInfo, serial, responseType, e);
bool manual = false; bool manual = false;
int serviceClass; int serviceClass;
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("getNetworkSelectionModeResponse Invalid response: NULL"); RLOGE("getNetworkSelectionModeResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -4366,7 +4366,7 @@ int radio::getAvailableNetworksResponse(int slotId,
populateResponseInfo(responseInfo, serial, responseType, e); populateResponseInfo(responseInfo, serial, responseType, e);
hidl_vec<OperatorInfo> networks; hidl_vec<OperatorInfo> networks;
if ((response == NULL && responseLen != 0) if ((response == NULL && responseLen != 0)
|| responseLen % (mqanelements * sizeof(char *))!= 0) { || responseLen % (mqanelements * sizeof(char *)) != 0) {
RLOGE("getAvailableNetworksResponse Invalid response: NULL"); RLOGE("getAvailableNetworksResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -4511,7 +4511,7 @@ int radio::getMuteResponse(int slotId,
populateResponseInfo(responseInfo, serial, responseType, e); populateResponseInfo(responseInfo, serial, responseType, e);
bool enable = false; bool enable = false;
int serviceClass; int serviceClass;
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("getMuteResponse Invalid response: NULL"); RLOGE("getMuteResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -5028,7 +5028,7 @@ int radio::getPreferredVoicePrivacyResponse(int slotId,
populateResponseInfo(responseInfo, serial, responseType, e); populateResponseInfo(responseInfo, serial, responseType, e);
bool enable = false; bool enable = false;
int numInts = responseLen / sizeof(int); int numInts = responseLen / sizeof(int);
if (response == NULL || numInts != 1) { if (response == NULL || numInts < 1) {
RLOGE("getPreferredVoicePrivacyResponse Invalid response: NULL"); RLOGE("getPreferredVoicePrivacyResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -5314,7 +5314,7 @@ int radio::getCDMASubscriptionResponse(int slotId,
int numStrings = responseLen / sizeof(char *); int numStrings = responseLen / sizeof(char *);
hidl_string emptyString; hidl_string emptyString;
if (response == NULL || numStrings != 5) { if (response == NULL || numStrings < 5) {
RLOGE("getOperatorResponse Invalid response: NULL"); RLOGE("getOperatorResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
Return<void> retStatus Return<void> retStatus
@ -5394,7 +5394,7 @@ int radio::getDeviceIdentityResponse(int slotId,
int numStrings = responseLen / sizeof(char *); int numStrings = responseLen / sizeof(char *);
hidl_string emptyString; hidl_string emptyString;
if (response == NULL || numStrings != 4) { if (response == NULL || numStrings < 4) {
RLOGE("getDeviceIdentityResponse Invalid response: NULL"); RLOGE("getDeviceIdentityResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
Return<void> retStatus Return<void> retStatus
@ -5725,7 +5725,7 @@ int radio::getImsRegistrationStateResponse(int slotId,
bool isRegistered = false; bool isRegistered = false;
int ratFamily = 0; int ratFamily = 0;
int numInts = responseLen / sizeof(int); int numInts = responseLen / sizeof(int);
if (response == NULL || numInts != 2) { if (response == NULL || numInts < 2) {
RLOGE("getImsRegistrationStateResponse Invalid response: NULL"); RLOGE("getImsRegistrationStateResponse Invalid response: NULL");
if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE; if (e == RIL_E_SUCCESS) responseInfo.error = RadioError::INVALID_RESPONSE;
} else { } else {
@ -6642,7 +6642,7 @@ int radio::newSmsStatusReportInd(int slotId,
int radio::newSmsOnSimInd(int slotId, int indicationType, int radio::newSmsOnSimInd(int slotId, int indicationType,
int token, RIL_Errno e, void *response, size_t responseLen) { int token, RIL_Errno e, void *response, size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("newSmsOnSimInd: invalid response"); RLOGE("newSmsOnSimInd: invalid response");
return 0; return 0;
} }
@ -6663,7 +6663,7 @@ int radio::newSmsOnSimInd(int slotId, int indicationType,
int radio::onUssdInd(int slotId, int indicationType, int radio::onUssdInd(int slotId, int indicationType,
int token, RIL_Errno e, void *response, size_t responseLen) { int token, RIL_Errno e, void *response, size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != 2 * sizeof(char *)) { if (response == NULL || responseLen < 2 * sizeof(char *)) {
RLOGE("onUssdInd: invalid response"); RLOGE("onUssdInd: invalid response");
return 0; return 0;
} }
@ -7254,7 +7254,7 @@ int radio::stkEventNotifyInd(int slotId, int indicationType,
int radio::stkCallSetupInd(int slotId, int indicationType, int radio::stkCallSetupInd(int slotId, int indicationType,
int token, RIL_Errno e, void *response, size_t responseLen) { int token, RIL_Errno e, void *response, size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("stkCallSetupInd: invalid response"); RLOGE("stkCallSetupInd: invalid response");
return 0; return 0;
} }
@ -7465,7 +7465,7 @@ int radio::restrictedStateChangedInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("restrictedStateChangedInd: invalid response"); RLOGE("restrictedStateChangedInd: invalid response");
return 0; return 0;
} }
@ -7539,7 +7539,7 @@ int radio::cdmaOtaProvisionStatusInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("cdmaOtaProvisionStatusInd: invalid response"); RLOGE("cdmaOtaProvisionStatusInd: invalid response");
return 0; return 0;
} }
@ -7740,7 +7740,7 @@ int radio::indicateRingbackToneInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("indicateRingbackToneInd: invalid response"); RLOGE("indicateRingbackToneInd: invalid response");
return 0; return 0;
} }
@ -7779,7 +7779,7 @@ int radio::cdmaSubscriptionSourceChangedInd(int slotId,
int indicationType, int token, RIL_Errno e, int indicationType, int token, RIL_Errno e,
void *response, size_t responseLen) { void *response, size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("cdmaSubscriptionSourceChangedInd: invalid response"); RLOGE("cdmaSubscriptionSourceChangedInd: invalid response");
return 0; return 0;
} }
@ -7803,7 +7803,7 @@ int radio::cdmaPrlChangedInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("cdmaPrlChangedInd: invalid response"); RLOGE("cdmaPrlChangedInd: invalid response");
return 0; return 0;
} }
@ -7858,7 +7858,7 @@ int radio::voiceRadioTechChangedInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("voiceRadioTechChangedInd: invalid response"); RLOGE("voiceRadioTechChangedInd: invalid response");
return 0; return 0;
} }
@ -8069,7 +8069,7 @@ int radio::subscriptionStatusChangedInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("subscriptionStatusChangedInd: invalid response"); RLOGE("subscriptionStatusChangedInd: invalid response");
return 0; return 0;
} }
@ -8092,7 +8092,7 @@ int radio::srvccStateNotifyInd(int slotId,
int indicationType, int token, RIL_Errno e, void *response, int indicationType, int token, RIL_Errno e, void *response,
size_t responseLen) { size_t responseLen) {
if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) { if (radioService[slotId] != NULL && radioService[slotId]->mRadioIndication != NULL) {
if (response == NULL || responseLen != sizeof(int)) { if (response == NULL || responseLen % sizeof(int) != 0) {
RLOGE("srvccStateNotifyInd: invalid response"); RLOGE("srvccStateNotifyInd: invalid response");
return 0; return 0;
} }

Loading…
Cancel
Save