diff --git a/backupSession.c b/backupSession.c index 6fe97f2..09eafce 100644 --- a/backupSession.c +++ b/backupSession.c @@ -313,7 +313,8 @@ void bkp_session_move_inform_to_inform_send() pthread_mutex_lock(&mutex_backup_session); while (b) { mxml_node_t *p = mxmlGetParent(b); - if (mxmlGetType(b) == MXML_ELEMENT && !strcmp(mxmlGetElement(b), "queue_event") && mxmlGetType(p) == MXML_ELEMENT && !strcmp(mxmlGetElement(p), "cwmp")) + const char *name = mxmlGetElement(b); + if (mxmlGetType(b) == MXML_ELEMENT && name && !strcmp(name, "queue_event") && p && mxmlGetType(p) == MXML_ELEMENT && !strcmp(mxmlGetElement(p), "cwmp")) mxmlSetElement(b, "send_event"); b = mxmlWalkNext(b, bkp_tree, MXML_DESCEND); @@ -328,7 +329,8 @@ void bkp_session_move_inform_to_inform_queue() pthread_mutex_lock(&mutex_backup_session); while (b) { mxml_node_t *p = mxmlGetParent(b); - if (mxmlGetType(b) == MXML_ELEMENT && !strcmp(mxmlGetElement(b), "send_event") && mxmlGetType(p) == MXML_ELEMENT && !strcmp(mxmlGetElement(p), "cwmp")) + const char *name = mxmlGetElement(b); + if (mxmlGetType(b) == MXML_ELEMENT && name && !strcmp(name, "send_event") && p && mxmlGetType(p) == MXML_ELEMENT && !strcmp(mxmlGetElement(p), "cwmp")) mxmlSetElement(b, "queue_event"); b = mxmlWalkNext(b, bkp_tree, MXML_DESCEND); @@ -985,6 +987,10 @@ void load_change_du_state(mxml_node_t *tree) while (b) { if (mxmlGetType(b) == MXML_ELEMENT) { const char *element = mxmlGetElement(b); + if (element == NULL) { + b = mxmlWalkNext(b, tree, MXML_NO_DESCEND); + continue; + } if (strcmp(element, "update") == 0) { elem = (operations *)calloc(1, sizeof(operations)); elem->type = DU_UPDATE; @@ -1027,7 +1033,8 @@ void load_du_state_change_complete(mxml_node_t *tree, struct cwmp *cwmp) while (b) { if (mxmlGetType(b) == MXML_ELEMENT) { - if (strcmp(mxmlGetElement(b), "opresult") == 0) { + const char *name = mxmlGetElement(b); + if (name && strcmp(name, "opresult") == 0) { elem = (opresult *)calloc(1, sizeof(opresult)); list_add_tail(&(elem->list), &(du_state_change_complete_request->list_opresult)); @@ -1127,47 +1134,47 @@ int cwmp_load_saved_session(struct cwmp *cwmp, char **ret, enum backup_loading l mxml_type_t ntype = mxmlGetType(b); const char *elem_name = mxmlGetElement(b); if (load == ACS) { - if (ntype == MXML_ELEMENT && strcmp(elem_name, "acs") == 0) { + if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "acs") == 0) { *ret = load_child_value(b, "url"); break; } } if (load == CR_IP) { - if (ntype == MXML_ELEMENT && strcmp(elem_name, "connection_request") == 0) { + if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "connection_request") == 0) { *ret = load_child_value(b, "ip"); break; } } if (load == CR_IPv6) { - if (ntype == MXML_ELEMENT && strcmp(elem_name, "connection_request") == 0) { + if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "connection_request") == 0) { *ret = load_child_value(b, "ipv6"); break; } } if (load == CR_PORT) { - if (ntype == MXML_ELEMENT && strcmp(elem_name, "connection_request") == 0) { + if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "connection_request") == 0) { *ret = load_child_value(b, "port"); break; } } if (load == ALL) { - if (ntype == MXML_ELEMENT && strcmp(elem_name, "queue_event") == 0) { + if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "queue_event") == 0) { load_queue_event(b, cwmp); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "download") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "download") == 0) { load_download(b); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "upload") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "upload") == 0) { load_upload(b); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "transfer_complete") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "transfer_complete") == 0) { load_transfer_complete(b, cwmp); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "schedule_inform") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "schedule_inform") == 0) { load_schedule_inform(b); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "change_du_state") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "change_du_state") == 0) { load_change_du_state(b); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "du_state_change_complete") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "du_state_change_complete") == 0) { load_du_state_change_complete(b, cwmp); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "schedule_download") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "schedule_download") == 0) { load_schedule_download(b); - } else if (ntype == MXML_ELEMENT && strcmp(elem_name, "apply_schedule_download") == 0) { + } else if (ntype == MXML_ELEMENT && elem_name && strcmp(elem_name, "apply_schedule_download") == 0) { load_apply_schedule_download(b); } } diff --git a/common.c b/common.c index 4d899b7..f181fcd 100755 --- a/common.c +++ b/common.c @@ -147,6 +147,8 @@ void add_dm_parameter_to_list(struct list_head *head, char *param_name, char *pa list_for_each (ilist, head) { int cmp; dm_parameter = list_entry(ilist, struct cwmp_dm_parameter, list); + if (dm_parameter->name == NULL) + continue; cmp = strcmp(dm_parameter->name, param_name); if (cmp == 0) { if (param_val && strcmp(dm_parameter->value, param_val) != 0) { @@ -197,12 +199,10 @@ void cwmp_free_all_dm_parameter_list(struct list_head *list) void cwmp_add_list_fault_param(char *param, int fault, struct list_head *list_set_value_fault) { struct cwmp_param_fault *param_fault; - if (param == NULL) - param = ""; param_fault = calloc(1, sizeof(struct cwmp_param_fault)); list_add_tail(¶m_fault->list, list_set_value_fault); - param_fault->name = strdup(param); + param_fault->name = strdup(param ? param : ""); param_fault->fault = fault; } @@ -239,6 +239,8 @@ int cwmp_asprintf(char **s, const char *format, ...) } va_end(argcopy); str = (char *)calloc(sizeof(char), size + 1); + if (str == NULL) + return -1; vsnprintf(str, size + 1, format, arg); va_end(arg); *s = strdup(str); diff --git a/config.c b/config.c index d2aff6a..bb30082 100755 --- a/config.c +++ b/config.c @@ -228,7 +228,8 @@ static void config_get_cpe_elements(struct config *conf, struct uci_section *s) conf->supported_amd_version = conf->amd_version; CWMP_LOG(DEBUG, "CWMP CONFIG - amendement version: %d", conf->amd_version); if (cpe_tb[UCI_CPE_DEFAULT_WAN_IFACE]) { - conf->default_wan_iface = strdup(get_value_from_uci_option(cpe_tb[UCI_CPE_DEFAULT_WAN_IFACE])); + char *default_wan_iface = get_value_from_uci_option(cpe_tb[UCI_CPE_DEFAULT_WAN_IFACE]); + conf->default_wan_iface = strdup(default_wan_iface ? default_wan_iface : "wan"); } else { conf->default_wan_iface = strdup("wan"); } @@ -286,6 +287,8 @@ int get_preinit_config(struct config *conf) uci_foreach_element(&pkg->sections, e) { struct uci_section *s = uci_to_section(e); + if (s == NULL || s->type == NULL) + continue; if (strcmp(s->type, "acs") == 0) { config_get_acs_elements(conf, s); } else if (strcmp(s->type, "cpe") == 0) { diff --git a/cwmp.c b/cwmp.c index 4c98e15..f325f8c 100644 --- a/cwmp.c +++ b/cwmp.c @@ -762,7 +762,7 @@ static void lookup_event_cb(struct ubus_context *ctx __attribute__((unused)), struct blob_attr *attr; const char *path; - if (strcmp(type, "ubus.object.add") != 0) + if (type && strcmp(type, "ubus.object.add") != 0) return; blobmsg_parse(&policy, 1, &attr, blob_data(msg), blob_len(msg)); @@ -770,7 +770,7 @@ static void lookup_event_cb(struct ubus_context *ctx __attribute__((unused)), return; path = blobmsg_data(attr); - if (strcmp(path, USP_OBJECT_NAME) == 0) { + if (path && strcmp(path, USP_OBJECT_NAME) == 0) { g_usp_object_available = true; uloop_end(); } diff --git a/cwmp_du_state.c b/cwmp_du_state.c index 914811a..9d42bab 100644 --- a/cwmp_du_state.c +++ b/cwmp_du_state.c @@ -130,10 +130,10 @@ static char *get_software_module_object_eq(char *param1, char *val1, char *param } list_for_each_entry (param_value, sw_parameters, list) { - if (regexec(®ex1, param_value->name, 0, NULL, 0) == 0 && strcmp(param_value->value, val1) == 0) + if (regexec(®ex1, param_value->name, 0, NULL, 0) == 0 && param_value->value && strcmp(param_value->value, val1) == 0) softwaremodule_filter_param = true; - if (param2 && regexec(®ex2, param_value->name, 0, NULL, 0) == 0 && strcmp(param_value->value, val2) == 0) + if (param2 && regexec(®ex2, param_value->name, 0, NULL, 0) == 0 && param_value->value && strcmp(param_value->value, val2) == 0) softwaremodule_filter_param = true; if (softwaremodule_filter_param == false) @@ -158,16 +158,16 @@ static int get_deployment_unit_name_version(char *uuid, char **name, char **vers snprintf(environment_param, sizeof(environment_param), "Device.SoftwareModules.DeploymentUnit.%s.ExecutionEnvRef", sw_by_uuid_instance); struct cwmp_dm_parameter *param_value; list_for_each_entry (param_value, &sw_parameters, list) { - if (strcmp(param_value->name, name_param) == 0) { - *name = strdup(param_value->value); + if (param_value->name && strcmp(param_value->name, name_param) == 0) { + *name = strdup(param_value->value ? param_value->value : ""); continue; } - if (strcmp(param_value->name, version_param) == 0) { - *version = strdup(param_value->value); + if (param_value->name && strcmp(param_value->name, version_param) == 0) { + *version = strdup(param_value->value ? param_value->value : ""); continue; } - if (strcmp(param_value->name, environment_param) == 0) { - *env = strdup(param_value->value); + if (param_value->name && strcmp(param_value->name, environment_param) == 0) { + *env = strdup(param_value->value ? param_value->value : ""); continue; } } @@ -221,8 +221,8 @@ static char *get_exec_env_name(char *environment_path) struct cwmp_dm_parameter *param_value; snprintf(env_param, sizeof(env_param), "%sName", environment_path); list_for_each_entry (param_value, &environment_list, list) { - if (strcmp(param_value->name, env_param) == 0) { - env_name = strdup(param_value->value); + if (param_value->name && strcmp(param_value->name, env_param) == 0) { + env_name = strdup(param_value->value ? param_value->value : ""); break; } } @@ -356,11 +356,11 @@ void *thread_cwmp_rpc_cpe_change_du_state(void *v) list_for_each_entry_safe (p, q, &pchange_du_state->list_operation, list) { res = calloc(1, sizeof(struct opresult)); list_add_tail(&(res->list), &(pdu_state_change_complete->list_opresult)); - res->uuid = strdup(p->uuid); - res->version = strdup(p->version); + res->uuid = strdup(p->uuid ? p->uuid : ""); + res->version = strdup(p->version ? p->version : ""); res->current_state = strdup("Failed"); res->start_time = strdup(get_time(time(NULL))); - res->complete_time = strdup(res->start_time); + res->complete_time = strdup(res->start_time ? res->start_time : ""); res->fault = error; } bkp_session_insert_du_state_change_complete(pdu_state_change_complete); @@ -379,7 +379,7 @@ void *thread_cwmp_rpc_cpe_change_du_state(void *v) if (pdu_state_change_complete != NULL) { error = FAULT_CPE_NO_FAULT; INIT_LIST_HEAD(&(pdu_state_change_complete->list_opresult)); - pdu_state_change_complete->command_key = strdup(pchange_du_state->command_key); + pdu_state_change_complete->command_key = strdup(pchange_du_state->command_key ? pchange_du_state->command_key : ""); pdu_state_change_complete->timeout = pchange_du_state->timeout; list_for_each_entry_safe (p, q, &pchange_du_state->list_operation, list) { @@ -472,7 +472,7 @@ void *thread_cwmp_rpc_cpe_change_du_state(void *v) } res->du_ref = strdup(du_ref ? du_ref : ""); - res->uuid = strdup(p->uuid); + res->uuid = strdup(p->uuid ? p->uuid : ""); res->version = strdup(package_version); res->complete_time = strdup(get_time(time(NULL))); res->fault = error; diff --git a/cwmp_uci.c b/cwmp_uci.c index 67718fb..12f7eff 100644 --- a/cwmp_uci.c +++ b/cwmp_uci.c @@ -249,7 +249,7 @@ int cwmp_uci_get_value_by_section_string(struct uci_section *s, char *option, ch uci_foreach_element(&s->options, e) { o = (uci_to_option(e)); - if (!strcmp(o->e.name, option)) { + if (o && o->e.name && !strcmp(o->e.name, option)) { if (o->type == UCI_TYPE_LIST) { *value = cwmp_uci_list_to_string(&o->v.list, " "); } else { @@ -449,6 +449,9 @@ int cwmp_uci_get_option_value_list(char *package, char *section, char *option, u struct uci_list *list; char *pch = NULL, *spch = NULL, *dup = NULL; int option_type; + if (value == NULL) + return UCI_ERR_IO; + *value = NULL; if (package == NULL || section == NULL || option == NULL) { @@ -470,11 +473,16 @@ int cwmp_uci_get_option_value_list(char *package, char *section, char *option, u } list = calloc(1, sizeof(struct uci_list)); cwmp_uci_list_init(list); - dup = strdup(ptr.o->v.string); + dup = strdup((ptr.o && ptr.o->v.string) ? ptr.o->v.string : ""); pch = strtok_r(dup, " ", &spch); while (pch != NULL) { e = calloc(1, sizeof(struct uci_element)); - e->name = pch; + if (e == NULL) { + CWMP_LOG(ERROR, "uci %s: e is null", __FUNCTION__); + return UCI_ERR_IO; + } + if (e->name) + e->name = pch; cwmp_uci_list_add(list, &e->list); pch = strtok_r(NULL, " ", &spch); } @@ -668,7 +676,7 @@ int cwmp_uci_get_section_type(char *package, char *section, uci_config_paths uci return -1; } if (ptr.s) { - *value = icwmp_strdup(ptr.s->type); + *value = icwmp_strdup(ptr.s->type ? ptr.s->type : ""); } else { *value = ""; } @@ -697,7 +705,7 @@ struct uci_section *cwmp_uci_walk_section(char *package, char *stype, void *arg1 while (&e->list != list_section) { s = uci_to_section(e); - if (s && s->type && strcmp(s->type, stype) == 0) { + if (s && s->type && stype && strcmp(s->type, stype) == 0) { switch (cmp) { case CWMP_CMP_SECTION: goto end; diff --git a/datamodel_interface.c b/datamodel_interface.c index c5b5c74..4584f46 100755 --- a/datamodel_interface.c +++ b/datamodel_interface.c @@ -216,7 +216,7 @@ void ubus_transaction_status_callback(struct ubus_request *req __attribute__((un struct blob_attr *tb[2] = { NULL, NULL }; blobmsg_parse(p, 2, tb, blobmsg_data(msg), blobmsg_len(msg)); status_str = blobmsg_get_string(tb[0]); - if (strcmp(status_str, "on-going") == 0) + if (status_str && strcmp(status_str, "on-going") == 0) *status = true; else *status = false; @@ -408,7 +408,7 @@ int cwmp_get_leaf_value(char *leaf, char **value) } if (strncmp(leaf, dm_param.name, llen) == 0) { - *value = (dm_param.value) ? strdup(dm_param.value) : strdup(""); + *value = dm_param.value ? strdup(dm_param.value) : strdup(""); } else { CWMP_LOG(WARNING, "Param %s, does not return a value", leaf); return FAULT_CPE_INTERNAL_ERROR; diff --git a/diagnostic.c b/diagnostic.c index eba05e3..4a388de 100644 --- a/diagnostic.c +++ b/diagnostic.c @@ -124,9 +124,9 @@ static bool set_specific_diagnostic_object_parameter_structure_value(struct diag { int i; for (i = 0; i < number_inputs; i++) { - if (strcmp((*diagnostics_array)[i].parameter_name, parameter) == 0) { + if (parameter && (*diagnostics_array)[i].parameter_name && strcmp((*diagnostics_array)[i].parameter_name, parameter) == 0) { FREE((*diagnostics_array)[i].value); - (*diagnostics_array)[i].value = strdup(value); + (*diagnostics_array)[i].value = strdup(value ? value : ""); return true; } } diff --git a/digauth.c b/digauth.c index d4febe6..51b075e 100644 --- a/digauth.c +++ b/digauth.c @@ -406,28 +406,28 @@ int validate_http_digest_auth(const char *http_meth, const char *uri, const char { get_value_from_header(hdr); - if (strcmp(param[E_USERNAME].value, usr) != 0) + if (usr && param[E_USERNAME].value &&strcmp(param[E_USERNAME].value, usr) != 0) return 0; - if (strlen(param[E_REALM].value) == 0) + if (param[E_REALM].value == NULL || strlen(param[E_REALM].value) == 0) return 0; - if (strcmp(param[E_REALM].value, rlm) != 0) + if (rlm && strcmp(param[E_REALM].value, rlm) != 0) return 0; - if (strlen(param[E_CNONCE].value) == 0) + if (param[E_CNONCE].value == NULL || strlen(param[E_CNONCE].value) == 0) return 0; - if (strlen(param[E_QOP].value) == 0) + if (param[E_QOP].value == NULL || strlen(param[E_QOP].value) == 0) return 0; - if (strlen(param[E_NC].value) == 0) + if (param[E_NC].value == NULL || strlen(param[E_NC].value) == 0) return 0; - if (strlen(param[E_RESPONSE].value) == 0) + if (param[E_RESPONSE].value == NULL || strlen(param[E_RESPONSE].value) == 0) return 0; - int len = strlen(param[E_NONCE].value); + int len = param[E_NONCE].value ? strlen(param[E_NONCE].value) : 0; if (len == 0) return 0; @@ -450,27 +450,26 @@ int validate_http_digest_auth(const char *http_meth, const char *uri, const char char nonce[MD5_HASH_HEX_LEN + 9]; get_nonce(tm, http_meth, nonce_key, strlen(nonce_key), uri, rlm, nonce, sizeof(nonce)); - if (strcmp(param[E_NONCE].value, nonce) != 0) { + if (param[E_NONCE].value && strcmp(param[E_NONCE].value, nonce) != 0) { CWMP_LOG(ERROR, "Nonce value is probably fabricated"); return 0; } - if (strlen(param[E_URI].value) == 0) + if (param[E_URI].value == NULL || strlen(param[E_URI].value) == 0) return 0; - if (strncmp(param[E_URI].value, uri, strlen(uri)) != 0) { + if (uri && strncmp(param[E_URI].value, uri, strlen(uri)) != 0) { CWMP_LOG(ERROR, "Authentication failed, URI is not matched"); return 0; } - if ((strcmp(param[E_QOP].value, "auth") != 0) && (strcmp(param[E_QOP].value, "") != 0)) { - CWMP_LOG(ERROR, "Authentication failed, due to qop value: (%s)", param[E_QOP].value); + if (param[E_QOP].value && (strcmp(param[E_QOP].value, "auth") != 0) && (strcmp(param[E_QOP].value, "") != 0)) { + CWMP_LOG(ERROR, "Authentication failed, due to qop value: (%s)", param[E_QOP].value); return 0; } - char *tmp; unsigned long int nc_int = strtoul(param[E_NC].value, &tmp, 16); - if ((*tmp != '\0') || (nc_int == LONG_MAX && errno == ERANGE)) { + if ((tmp && *tmp != '\0') || (nc_int == LONG_MAX && errno == ERANGE)) { CWMP_LOG(ERROR, "Authentication failed due to invalid format"); return 0; } diff --git a/download.c b/download.c index 88268f0..5b134d4 100644 --- a/download.c +++ b/download.c @@ -253,7 +253,7 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e if (pdownload->file_type == NULL) { CWMP_LOG(ERROR, "download %s: pdownload.file_type is null", __FUNCTION__); - error = FAULT_CPE_INTERNAL_ERROR; + error = FAULT_CPE_INVALID_ARGUMENTS; goto end_download; } if (strcmp(pdownload->file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) == 0 || strcmp(pdownload->file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE) == 0) { @@ -304,7 +304,7 @@ end_download: } p->command_key = pdownload->command_key ? strdup(pdownload->command_key) : strdup(""); - p->start_time = strdup(download_startTime); + p->start_time = strdup(download_startTime ? download_startTime : ""); p->complete_time = strdup(get_time(time(NULL))); p->type = ltype; if (error != FAULT_CPE_NO_FAULT) { @@ -427,9 +427,9 @@ struct transfer_complete *set_download_error_transfer_complete(struct cwmp *cwmp struct transfer_complete *ptransfer_complete; ptransfer_complete = calloc(1, sizeof(struct transfer_complete)); if (ptransfer_complete != NULL) { - ptransfer_complete->command_key = strdup(pdownload->command_key); + ptransfer_complete->command_key = strdup(pdownload->command_key ? pdownload->command_key : ""); ptransfer_complete->start_time = strdup(get_time(time(NULL))); - ptransfer_complete->complete_time = strdup(ptransfer_complete->start_time); + ptransfer_complete->complete_time = strdup(ptransfer_complete->start_time ? ptransfer_complete->start_time : ""); ptransfer_complete->fault_code = ltype == TYPE_DOWNLOAD ? FAULT_CPE_DOWNLOAD_FAILURE : FAULT_CPE_DOWNLOAD_FAIL_WITHIN_TIME_WINDOW; ptransfer_complete->type = ltype; bkp_session_insert_transfer_complete(ptransfer_complete); @@ -532,9 +532,9 @@ int cwmp_add_apply_schedule_download(struct download *schedule_download, char *s } if (error == FAULT_CPE_NO_FAULT) { pthread_mutex_lock(&mutex_apply_schedule_download); - apply_schedule_download->command_key = strdup(schedule_download->command_key); - apply_schedule_download->file_type = strdup(schedule_download->file_type); - apply_schedule_download->start_time = strdup(start_time); + apply_schedule_download->command_key = strdup(schedule_download->command_key ? schedule_download->command_key : ""); + apply_schedule_download->file_type = strdup(schedule_download->file_type ? schedule_download->file_type : ""); + apply_schedule_download->start_time = strdup(start_time ? start_time : ""); for (i = 0; i < 2; i++) { apply_schedule_download->timeintervals[i].windowstart = schedule_download->timewindowstruct[i].windowstart; apply_schedule_download->timeintervals[i].windowend = schedule_download->timewindowstruct[i].windowend; diff --git a/event.c b/event.c index 9f31a9a..e9d0c10 100644 --- a/event.c +++ b/event.c @@ -463,7 +463,7 @@ void connection_request_ip_value_change(struct cwmp *cwmp, int version) bkp_session_save(); return; } - if (strcmp(bip, ip_value) != 0) { + if (ip_value && strcmp(bip, ip_value) != 0) { struct event_container *event_container; pthread_mutex_lock(&(cwmp->mutex_session_queue)); event_container = cwmp_add_event_container(cwmp, EVENT_IDX_4VALUE_CHANGE, ""); diff --git a/http.c b/http.c index 62e88d7..6340113 100644 --- a/http.c +++ b/http.c @@ -115,11 +115,11 @@ void http_client_exit(void) static size_t http_get_response(void *buffer, size_t size, size_t rxed, char **msg_in) { - char *c; + char *c = NULL; CWMP_LOG(INFO, "HTTP CURL handler function"); - if (*msg_in == NULL) { + if (msg_in == NULL) { CWMP_LOG(ERROR, "msg_in is null"); return 0; } diff --git a/notifications.c b/notifications.c index f4c7897..37b9c9b 100644 --- a/notifications.c +++ b/notifications.c @@ -232,7 +232,7 @@ int get_parameter_leaf_notification_from_childs_list(char *parameter_name, struc if (parameter_name == NULL) parameter_name = "Device."; list_for_each_entry (param_value, childs_list, list) { - if (strcmp(param_value->name, parameter_name) == 0) { + if (param_value->name && strcmp(param_value->name, parameter_name) == 0) { ret_notif = param_value->notification; break; } @@ -306,7 +306,7 @@ bool parameter_is_other_notif_object_child(char *parent, char *parameter) list_ptr = list_iter.prev; list_iter.prev = list_ptr->prev; list_iter.next = list_ptr->next; - if (strcmp(parent, dm_parameter->name) == 0) + if (dm_parameter->name && strcmp(parent, dm_parameter->name) == 0) continue; if (strncmp(parent, dm_parameter->name, strlen(parent)) == 0 && strncmp(parameter, dm_parameter->name, strlen(dm_parameter->name)) == 0) return true; @@ -506,7 +506,7 @@ void get_parameter_value_from_parameters_list(struct list_head *params_list, cha if (strcmp(parameter_name, param_value->name) != 0) continue; *value = strdup(param_value->value ? param_value->value : ""); - *type = strdup(param_value->type ? param_value->type : ""); + *type = strdup(param_value->type ? param_value->type : "xsd:string"); } } @@ -555,7 +555,7 @@ int check_value_change(void) value = NULL; continue; } - if ((notification >= 1) && (dm_value != NULL) && (strcmp(dm_value, value) != 0)) { + if ((notification >= 1) && (dm_value != NULL) && value && (strcmp(dm_value, value) != 0)) { if (notification == 1 || notification == 2) add_list_value_change(parameter, dm_value, dm_type); if (notification >= 3) diff --git a/rpc_soap.c b/rpc_soap.c index f6da0ef..5c551aa 100755 --- a/rpc_soap.c +++ b/rpc_soap.c @@ -131,7 +131,7 @@ int xml_handle_message(struct session *session) CWMP_LOG(INFO, "SOAP RPC message: %s", c); rpc_cpe = NULL; for (i = 1; i < __RPC_CPE_MAX; i++) { - if (i != RPC_CPE_FAULT && strcmp(c, rpc_cpe_methods[i].name) == 0 && rpc_cpe_methods[i].amd <= conf->supported_amd_version) { + if (i != RPC_CPE_FAULT && c && strcmp(c, rpc_cpe_methods[i].name) == 0 && rpc_cpe_methods[i].amd <= conf->supported_amd_version) { CWMP_LOG(INFO, "%s RPC is supported", c); rpc_cpe = cwmp_add_session_rpc_cpe(session, i); if (rpc_cpe == NULL) @@ -216,7 +216,8 @@ static int xml_prepare_parameters_inform(struct cwmp_dm_parameter *dm_parameter, if (!b) return 0; mxml_node_t *c = mxmlGetFirstChild(b); - if (c && strcmp(dm_parameter->value, mxmlGetOpaque(c)) == 0) + const char *opaque = c ? mxmlGetOpaque(c) : NULL; + if (c && opaque && strcmp(dm_parameter->value, opaque) == 0) return 0; mxmlDelete(b); (*size)--; @@ -605,7 +606,7 @@ int set_rpc_acs_to_supported(char *rpc_name) int i; for (i=1; i < __RPC_ACS_MAX; i++) { - if (strcmp(rpc_acs_methods[i].name, rpc_name) == 0) { + if (rpc_name && strcmp(rpc_acs_methods[i].name, rpc_name) == 0) { rpc_acs_methods[i].acs_support = RPC_ACS_SUPPORT; return i; } @@ -634,8 +635,8 @@ int cwmp_rpc_acs_parse_response_get_rpc_methods(struct cwmp *cwmp __attribute__( const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent_node = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); - - if (node_type == MXML_OPAQUE && mxmlGetType(parent_node) == MXML_ELEMENT && node_opaque && strcmp((char *) mxmlGetElement(parent_node), "string") == 0) + char *parent_name = (char *) mxmlGetElement(parent_node); + if (node_type == MXML_OPAQUE && mxmlGetType(parent_node) == MXML_ELEMENT && node_opaque && parent_name && strcmp(parent_name, "string") == 0) set_rpc_acs_to_supported((char*)node_opaque); b = mxmlWalkNext(b, session->body_in, MXML_DESCEND); @@ -956,7 +957,8 @@ int cwmp_handle_rpc_cpe_get_parameter_values(struct session *session, struct rpc mxml_node_t *parent_node = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); mxml_node_t *firstchild = mxmlGetFirstChild(b); - if (node_type == MXML_OPAQUE && mxmlGetType(parent_node) == MXML_ELEMENT && node_value && !strcmp((char *) mxmlGetElement(parent_node), "string")) { + char *parent_name = (char *) mxmlGetElement(parent_node); + if (node_type == MXML_OPAQUE && mxmlGetType(parent_node) == MXML_ELEMENT && node_value && parent_name && !strcmp(parent_name, "string")) { parameter_name = icwmp_strdup(node_value); } if (node_type == MXML_ELEMENT && /* added in order to support GetParameterValues with empty string*/ @@ -971,6 +973,8 @@ int cwmp_handle_rpc_cpe_get_parameter_values(struct session *session, struct rpc } struct cwmp_dm_parameter *param_value; list_for_each_entry (param_value, ¶meters_list, list) { + if (param_value->name == NULL) + continue; n = mxmlNewElement(parameter_list, "ParameterValueStruct"); if (!n) goto fault; @@ -979,7 +983,7 @@ int cwmp_handle_rpc_cpe_get_parameter_values(struct session *session, struct rpc if (!n) goto fault; - n = mxmlNewOpaque(n, param_value->name ? param_value->name : ""); + n = mxmlNewOpaque(n, param_value->name); if (!n) goto fault; @@ -1069,14 +1073,14 @@ int cwmp_handle_rpc_cpe_get_parameter_names(struct session *session, struct rpc mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); mxml_node_t *firstchild = mxmlGetFirstChild(b); - - if (node_type == MXML_OPAQUE && node_value && mxmlGetType(parent) == MXML_ELEMENT && !strcmp((char *) mxmlGetElement(parent), "ParameterPath")) { + char * parent_name = parent ? (char *) mxmlGetElement(parent) : NULL; + if (node_type == MXML_OPAQUE && node_value && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "ParameterPath")) { parameter_name = icwmp_strdup(node_value); } if (node_type == MXML_ELEMENT && node_name && !strcmp(node_name, "ParameterPath") && !firstchild) { parameter_name = icwmp_strdup(""); } - if (node_type == MXML_OPAQUE && node_value && mxmlGetType(parent) == MXML_ELEMENT && !strcmp((char *) mxmlGetElement(parent), "NextLevel")) { + if (node_type == MXML_OPAQUE && node_value && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "NextLevel")) { NextLevel = icwmp_strdup(node_value); } b = mxmlWalkNext(b, session->body_in, MXML_DESCEND); @@ -1098,6 +1102,8 @@ int cwmp_handle_rpc_cpe_get_parameter_names(struct session *session, struct rpc } struct cwmp_dm_parameter *param_value; list_for_each_entry (param_value, ¶meters_list, list) { + if (param_value->name == NULL) + continue; n = mxmlNewElement(parameter_list, "ParameterInfoStruct"); if (!n) goto fault; @@ -1184,8 +1190,8 @@ int cwmp_handle_rpc_cpe_get_parameter_attributes(struct session *session, struct mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); mxml_node_t *firstchild = mxmlGetFirstChild(b); - - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "string")) { + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "string")) { parameter_name = icwmp_strdup(node_opaque); } if (node_type == MXML_ELEMENT && !strcmp(node_name, "string") && !firstchild) { @@ -1199,6 +1205,8 @@ int cwmp_handle_rpc_cpe_get_parameter_attributes(struct session *session, struct } struct cwmp_dm_parameter *param_value; list_for_each_entry (param_value, ¶meters_list, list) { + if (param_value->name == NULL) + continue; n = mxmlNewElement(parameter_list, "ParameterAttributeStruct"); if (!n) goto fault; @@ -1218,7 +1226,7 @@ int cwmp_handle_rpc_cpe_get_parameter_attributes(struct session *session, struct if (!n) goto fault; - char notification[2]; + char notification[2] = {0}; snprintf(notification, sizeof(notification), "%d", param_value->notification); n = mxmlNewOpaque(n, notification); if (!n) @@ -1268,6 +1276,8 @@ fault: static int is_duplicated_parameter(mxml_node_t *param_node, struct session *session) { mxml_node_t *b = param_node; + if (b == NULL) + return 0; while ((b = mxmlWalkNext(b, session->body_in, MXML_DESCEND))) { const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); @@ -1275,7 +1285,7 @@ static int is_duplicated_parameter(mxml_node_t *param_node, struct session *sess if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Name")) { if (strcmp(node_opaque, mxmlGetOpaque(param_node)) == 0) - return -1; + return 1; } } return 0; @@ -1305,8 +1315,9 @@ int cwmp_handle_rpc_cpe_set_parameter_values(struct session *session, struct rpc mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); mxml_node_t *child = mxmlGetFirstChild(b); + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Name")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Name")) { parameter_name = icwmp_strdup(node_opaque); if (is_duplicated_parameter(b, session)) { fault_code = FAULT_CPE_INVALID_ARGUMENTS; @@ -1314,19 +1325,20 @@ int cwmp_handle_rpc_cpe_set_parameter_values(struct session *session, struct rpc } } - if (node_type == MXML_ELEMENT && !strcmp(node_name, "Name") && !child) { + if (node_type == MXML_ELEMENT && node_name && !strcmp(node_name, "Name") && !child) { parameter_name = icwmp_strdup(""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Value")) { - parameter_value = icwmp_strdup((char *)mxmlGetOpaque(b)); + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Value")) { + parameter_value = icwmp_strdup(node_opaque); while ((b = mxmlWalkNext(b, parent, MXML_DESCEND))) { v = (char *)mxmlGetOpaque(b); + c = NULL; icwmp_asprintf(&c, "%s %s", parameter_value, v); parameter_value = icwmp_strdup(c); } b = mxmlGetLastChild(parent); } - if (node_type == MXML_ELEMENT && !strcmp(node_name, "Value") && !child) { + if (node_type == MXML_ELEMENT && node_name && !strcmp(node_name, "Value") && !child) { parameter_value = icwmp_strdup(""); } if (parameter_name && parameter_value) { @@ -1343,8 +1355,9 @@ int cwmp_handle_rpc_cpe_set_parameter_values(struct session *session, struct rpc goto fault; } b = mxmlWalkNext(b, session->tree_in, MXML_DESCEND_FIRST); - if (b && mxmlGetType(b) == MXML_OPAQUE && mxmlGetOpaque(b)) - parameter_key = icwmp_strdup(mxmlGetOpaque(b)); + const char *op = mxmlGetOpaque(b); + if (b && mxmlGetType(b) == MXML_OPAQUE && op) + parameter_key = icwmp_strdup(op ? op : ""); if (!icwmp_validate_string_length(parameter_key, 32)) { fault_code = FAULT_CPE_INVALID_ARGUMENTS; @@ -1431,30 +1444,32 @@ int cwmp_handle_rpc_cpe_set_parameter_attributes(struct session *session, struct mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); mxml_node_t *child = mxmlGetFirstChild(b); + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; - if (node_type == MXML_ELEMENT && !strcmp(node_name, "SetParameterAttributesStruct")) { + if (node_type == MXML_ELEMENT && node_name && !strcmp(node_name, "SetParameterAttributesStruct")) { parameter_name = NULL; parameter_notification = NULL; notification_change = NULL; } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Name")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Name")) { parameter_name = icwmp_strdup(node_opaque); } - if (node_type == MXML_ELEMENT && !strcmp(node_name, "Name") && !child) { + if (node_type == MXML_ELEMENT && node_name && !strcmp(node_name, "Name") && !child) { parameter_name = icwmp_strdup(""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "NotificationChange")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "NotificationChange")) { notification_change = icwmp_strdup(node_opaque); } if (node_type == MXML_ELEMENT && !strcmp(node_name, "NotificationChange") && !child) { notification_change = icwmp_strdup(""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Notification")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "Notification")) { parameter_notification = icwmp_strdup(node_opaque); } - if (node_type == MXML_ELEMENT && !strcmp(node_name, "Notification") && !child) { + if (node_type == MXML_ELEMENT && node_name && !strcmp(node_name, "Notification") && !child) { parameter_notification = icwmp_strdup(""); } + if (parameter_name && parameter_notification && notification_change) { if (!icwmp_validate_boolean_value(notification_change)) { fault_code = FAULT_CPE_INVALID_ARGUMENTS; @@ -1511,11 +1526,12 @@ int cwmp_handle_rpc_cpe_add_object(struct session *session, struct rpc *rpc) const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "ParameterKey")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "ParameterKey")) { parameter_key = icwmp_strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "ObjectName")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "ObjectName")) { object_name = icwmp_strdup(node_opaque); } b = mxmlWalkNext(b, session->body_in, MXML_DESCEND); @@ -1615,11 +1631,12 @@ int cwmp_handle_rpc_cpe_delete_object(struct session *session, struct rpc *rpc) const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); + const char* parent_name = parent ? mxmlGetElement(parent) : NULL; - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "ObjectName")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "ObjectName")) { object_name = icwmp_strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "ParameterKey")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "ParameterKey")) { parameter_key = icwmp_strdup(node_opaque); } b = mxmlWalkNext(b, session->body_in, MXML_DESCEND); @@ -1808,8 +1825,8 @@ int cwmp_handle_rpc_cpe_cancel_transfer(struct session *session, struct rpc *rpc const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); - - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + const char *parent_name = parent ? mxmlGetElement(parent): NULL; + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "CommandKey")) { command_key = icwmp_strdup(node_opaque); } b = mxmlWalkNext(b, session->body_in, MXML_DESCEND); @@ -1818,9 +1835,9 @@ int cwmp_handle_rpc_cpe_cancel_transfer(struct session *session, struct rpc *rpc fault_code = FAULT_CPE_INVALID_ARGUMENTS; goto fault; } - if (command_key) { + if (command_key) cancel_transfer(command_key); - } + b = mxmlFindElement(session->tree_out, session->tree_out, "soap_env:Body", NULL, NULL, MXML_DESCEND); if (!b) goto fault; @@ -1845,7 +1862,7 @@ int cancel_transfer(char *key) if (list_download.next != &(list_download)) { list_for_each_safe (ilist, q, &(list_download)) { struct download *pdownload = list_entry(ilist, struct download, list); - if (strcmp(pdownload->command_key, key) == 0) { + if (key && strcmp(pdownload->command_key, key) == 0) { pthread_mutex_lock(&mutex_download); bkp_session_delete_download(pdownload); bkp_session_save(); @@ -1860,7 +1877,7 @@ int cancel_transfer(char *key) if (list_upload.next != &(list_upload)) { list_for_each_safe (ilist, q, &(list_upload)) { struct upload *pupload = list_entry(ilist, struct upload, list); - if (pupload->command_key && strcmp(pupload->command_key, key) == 0) { + if (key && pupload->command_key && strcmp(pupload->command_key, key) == 0) { pthread_mutex_lock(&mutex_upload); bkp_session_delete_upload(pupload); bkp_session_save(); @@ -1892,8 +1909,8 @@ int cwmp_handle_rpc_cpe_reboot(struct session *session, struct rpc *rpc) const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); - - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "CommandKey")) { command_key = icwmp_strdup(node_opaque); commandKey = icwmp_strdup(node_opaque); } @@ -1904,7 +1921,7 @@ int cwmp_handle_rpc_cpe_reboot(struct session *session, struct rpc *rpc) goto fault; } pthread_mutex_lock(&(cwmp_main.mutex_session_queue)); - event_container = cwmp_add_event_container(&cwmp_main, EVENT_IDX_M_Reboot, command_key); + event_container = cwmp_add_event_container(&cwmp_main, EVENT_IDX_M_Reboot, command_key ? command_key : ""); if (event_container == NULL) { pthread_mutex_unlock(&(cwmp_main.mutex_session_queue)); goto fault; @@ -1953,12 +1970,12 @@ int cwmp_handle_rpc_cpe_schedule_inform(struct session *session, struct rpc *rpc const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); - - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "CommandKey")) { command_key = icwmp_strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "DelaySeconds")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "DelaySeconds")) { delay_seconds = atoi(node_opaque); } b = mxmlWalkNext(b, session->body_in, MXML_DESCEND); @@ -2003,7 +2020,7 @@ int cwmp_handle_rpc_cpe_schedule_inform(struct session *session, struct rpc *rpc pthread_mutex_unlock(&mutex_schedule_inform); goto fault; } - schedule_inform->commandKey = strdup(command_key); + schedule_inform->commandKey = strdup(command_key ? command_key : ""); schedule_inform->scheduled_time = scheduled_time; list_add(&(schedule_inform->list), ilist->prev); bkp_session_insert_schedule_inform(schedule_inform->scheduled_time, schedule_inform->commandKey); @@ -2059,10 +2076,12 @@ int cwmp_handle_rpc_cpe_change_du_state(struct session *session, struct rpc *rpc const char *node_name = (char *) mxmlGetElement(b); mxml_type_t node_type = mxmlGetType(b); mxml_node_t *parent = mxmlGetParent(b); + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; + t = b; - if (node_type == MXML_ELEMENT && strcmp(node_name, "Operations") == 0) { + if (node_type == MXML_ELEMENT && node_name && strcmp(node_name, "Operations") == 0) { char *operation = (char *)mxmlElementGetAttr(b, "xsi:type"); - if (!strcmp(operation, "cwmp:InstallOpStruct")) { + if (operation && !strcmp(operation, "cwmp:InstallOpStruct")) { elem = (operations *)calloc(1, sizeof(operations)); elem->type = DU_INSTALL; list_add_tail(&(elem->list), &(change_du_state->list_operation)); @@ -2071,25 +2090,25 @@ int cwmp_handle_rpc_cpe_change_du_state(struct session *session, struct rpc *rpc const char *opaque = mxmlGetOpaque(t); mxml_node_t *prt = mxmlGetParent(t); mxml_type_t type = mxmlGetType(t); - - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "URL")) { + const char *opprt_name = prt ? mxmlGetElement(prt) : NULL; + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "URL")) { elem->url = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "UUID")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "UUID")) { elem->uuid = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "Username")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(opprt_name, "Username")) { elem->username = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "Password")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "Password")) { elem->password = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "ExecutionEnvRef")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "ExecutionEnvRef")) { elem->executionenvref = strdup(opaque); } t = mxmlWalkNext(t, b, MXML_DESCEND); } - } else if (!strcmp(operation, "cwmp:UpdateOpStruct")) { + } else if (operation && !strcmp(operation, "cwmp:UpdateOpStruct")) { elem = (operations *)calloc(1, sizeof(operations)); elem->type = DU_UPDATE; list_add_tail(&(elem->list), &(change_du_state->list_operation)); @@ -2098,26 +2117,27 @@ int cwmp_handle_rpc_cpe_change_du_state(struct session *session, struct rpc *rpc const char *opaque = mxmlGetOpaque(t); mxml_node_t *prt = mxmlGetParent(t); mxml_type_t type = mxmlGetType(t); + const char *opprt_name = prt ? mxmlGetElement(prt) : NULL; - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "Username")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "Username")) { elem->url = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "Version")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "Version")) { elem->uuid = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "URL")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "URL")) { elem->username = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "Password")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "Password")) { elem->password = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "UUID")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "UUID")) { elem->executionenvref = strdup(opaque); } t = mxmlWalkNext(t, b, MXML_DESCEND); } - } else if (!strcmp(operation, "cwmp:UninstallOpStruct")) { + } else if (operation && !strcmp(operation, "cwmp:UninstallOpStruct")) { elem = (operations *)calloc(1, sizeof(operations)); elem->type = DU_UNINSTALL; list_add_tail(&(elem->list), &(change_du_state->list_operation)); @@ -2126,14 +2146,15 @@ int cwmp_handle_rpc_cpe_change_du_state(struct session *session, struct rpc *rpc const char *opaque = mxmlGetOpaque(t); mxml_node_t *prt = mxmlGetParent(t); mxml_type_t type = mxmlGetType(t); + const char *opprt_name = prt ? mxmlGetElement(prt) : NULL; - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "Version")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "Version")) { elem->url = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "ExecutionEnvRef")) { + if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "ExecutionEnvRef")) { elem->uuid = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "URL")) { + if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && opprt_name && !strcmp(opprt_name, "URL")) { elem->username = strdup(opaque); } @@ -2141,7 +2162,7 @@ int cwmp_handle_rpc_cpe_change_du_state(struct session *session, struct rpc *rpc } } } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "CommandKey")) { change_du_state->command_key = strdup(node_opaque); } b = mxmlWalkNext(b, n, MXML_DESCEND); @@ -2209,7 +2230,15 @@ int create_download_upload_response(mxml_node_t *tree_out, enum load_type ltype) if (!b) return -1; - b = mxmlGetParent(mxmlGetParent(b)); + mxml_node_t *parent = mxmlGetParent(b); + + if (parent == NULL) + return -1; + + b = mxmlGetParent(parent); + if (!b) + return -1; + b = mxmlNewElement(t, "CompleteTime"); if (!b) return -1; @@ -2256,11 +2285,11 @@ int cwmp_handle_rpc_cpe_download(struct session *session, struct rpc *rpc) const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); - - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "CommandKey")) { download->command_key = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "FileType")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "FileType")) { if (download->file_type == NULL) { download->file_type = strdup(node_opaque); file_type = icwmp_strdup(node_opaque); @@ -2272,20 +2301,20 @@ int cwmp_handle_rpc_cpe_download(struct session *session, struct rpc *rpc) } } } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "URL")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "URL")) { download->url = strdup(node_opaque ? node_opaque : ""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Username")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Username")) { download->username = strdup(node_opaque ? node_opaque : ""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Password")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Password")) { download->password = strdup(node_opaque ? node_opaque : ""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "FileSize")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "FileSize")) { str_file_size = strdup(node_opaque ? node_opaque: "0"); download->file_size = atoi(node_opaque ? node_opaque : "0"); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "DelaySeconds")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "DelaySeconds")) { str_download_delay = strdup(node_opaque ? node_opaque: "0"); download_delay = atol(node_opaque ? node_opaque : "0"); } @@ -2320,7 +2349,7 @@ int cwmp_handle_rpc_cpe_download(struct session *session, struct rpc *rpc) } FREE(str_download_delay); - if (strcmp(file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) && strcmp(file_type, WEB_CONTENT_FILE_TYPE) && strcmp(file_type, VENDOR_CONFIG_FILE_TYPE) && strcmp(file_type, TONE_FILE_TYPE) && strcmp(file_type, RINGER_FILE_TYPE) && strcmp(file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE)) { + if (file_type && strcmp(file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) && strcmp(file_type, WEB_CONTENT_FILE_TYPE) && strcmp(file_type, VENDOR_CONFIG_FILE_TYPE) && strcmp(file_type, TONE_FILE_TYPE) && strcmp(file_type, RINGER_FILE_TYPE) && strcmp(file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE)) { error = FAULT_CPE_INVALID_ARGUMENTS; } else if (count_download_queue >= MAX_DOWNLOAD_QUEUE) { error = FAULT_CPE_RESOURCES_EXCEEDED; @@ -2410,36 +2439,37 @@ int cwmp_handle_rpc_cpe_schedule_download(struct session *session, struct rpc *r const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; t = b; - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "CommandKey")) { schedule_download->command_key = strdup(node_opaque ? node_opaque : ""); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "FileType")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "FileType")) { if (schedule_download->file_type != NULL) { tmp = file_type; - if (cwmp_asprintf(&file_type, "%s %s", tmp, node_opaque ? node_opaque : "") == -1) { + if (cwmp_asprintf(&file_type, "%s %s", tmp, node_opaque) == -1) { error = FAULT_CPE_INTERNAL_ERROR; goto fault; } } else { - schedule_download->file_type = strdup(node_opaque ? node_opaque : ""); + schedule_download->file_type = strdup(node_opaque); file_type = icwmp_strdup(node_opaque); } } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "URL")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "URL")) { schedule_download->url = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Username")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Username")) { schedule_download->username = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Password")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "Password")) { schedule_download->password = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "FileSize")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "FileSize")) { str_file_size = strdup(node_opaque); schedule_download->file_size = atoi(node_opaque); } - if (node_type== MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "TimeWindowList")) { + if (node_type== MXML_ELEMENT && parent_name && !strcmp(parent_name, "TimeWindowList")) { if (!t) return -1; //TO CHECK*/ t = mxmlWalkNext(t, b, MXML_DESCEND); @@ -2447,16 +2477,17 @@ int cwmp_handle_rpc_cpe_schedule_download(struct session *session, struct rpc *r const char *opaque = mxmlGetOpaque(t); mxml_node_t *prt = mxmlGetParent(t); mxml_type_t type = mxmlGetType(t); + const char *prt_name = prt ? mxmlGetElement(prt) : NULL; - if (type == MXML_OPAQUE && node_opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "WindowStart")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && prt_name && !strcmp(prt_name, "WindowStart")) { schedule_download_delay[j] = atol(opaque); j++; } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "WindowEnd")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && prt_name && !strcmp(prt_name, "WindowEnd")) { schedule_download_delay[j] = atol(opaque); j++; } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "WindowMode")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && prt_name && !strcmp(prt_name, "WindowMode")) { if (schedule_download->timewindowstruct[i].windowmode == NULL) { schedule_download->timewindowstruct[i].windowmode = strdup(opaque); if (i == 0) @@ -2477,10 +2508,10 @@ int cwmp_handle_rpc_cpe_schedule_download(struct session *session, struct rpc *r } } } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "UserMessage")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && prt_name && !strcmp(prt_name, "UserMessage")) { schedule_download->timewindowstruct[i].usermessage = strdup(opaque); } - if (type == MXML_OPAQUE && opaque && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(mxmlGetElement(prt), "MaxRetries")) { + if (type == MXML_OPAQUE && opaque && prt && mxmlGetType(prt) == MXML_ELEMENT && !strcmp(prt_name, "MaxRetries")) { schedule_download->timewindowstruct[i].maxretries = atoi(opaque); } t = mxmlWalkNext(t, b, MXML_DESCEND); @@ -2511,9 +2542,9 @@ int cwmp_handle_rpc_cpe_schedule_download(struct session *session, struct rpc *r goto fault; } FREE(str_file_size); - if (strcmp(file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) && strcmp(file_type, WEB_CONTENT_FILE_TYPE) && strcmp(file_type, VENDOR_CONFIG_FILE_TYPE) && strcmp(file_type, TONE_FILE_TYPE) && strcmp(file_type, RINGER_FILE_TYPE) && strcmp(file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE)) { + if (file_type && strcmp(file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) && strcmp(file_type, WEB_CONTENT_FILE_TYPE) && strcmp(file_type, VENDOR_CONFIG_FILE_TYPE) && strcmp(file_type, TONE_FILE_TYPE) && strcmp(file_type, RINGER_FILE_TYPE) && strcmp(file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE)) { error = FAULT_CPE_INVALID_ARGUMENTS; - } else if ((strcmp(windowmode0, "1 At Any Time") && strcmp(windowmode0, "2 Immediately") && strcmp(windowmode0, "3 When Idle")) || (strcmp(windowmode1, "1 At Any Time") && strcmp(windowmode1, "2 Immediately") && strcmp(windowmode1, "3 When Idle"))) { + } else if (windowmode0 == NULL || windowmode1 == NULL ||(strcmp(windowmode0, "1 At Any Time") && strcmp(windowmode0, "2 Immediately") && strcmp(windowmode0, "3 When Idle")) || (strcmp(windowmode1, "1 At Any Time") && strcmp(windowmode1, "2 Immediately") && strcmp(windowmode1, "3 When Idle"))) { error = FAULT_CPE_REQUEST_DENIED; } else if (count_download_queue >= MAX_DOWNLOAD_QUEUE) { error = FAULT_CPE_RESOURCES_EXCEEDED; @@ -2611,11 +2642,12 @@ int cwmp_handle_rpc_cpe_upload(struct session *session, struct rpc *rpc) const char *node_opaque = mxmlGetOpaque(b); mxml_node_t *parent = mxmlGetParent(b); mxml_type_t node_type = mxmlGetType(b); + const char *parent_name = parent ? mxmlGetElement(parent) : NULL; - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "CommandKey")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "CommandKey")) { upload->command_key = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "FileType")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && parent_name && !strcmp(parent_name, "FileType")) { char log_config[16]={0}; int ftype, instance = 0; sscanf(node_opaque, "%1d Vendor %15s File %8d", &ftype, log_config, &instance); @@ -2640,16 +2672,16 @@ int cwmp_handle_rpc_cpe_upload(struct session *session, struct rpc *rpc) upload->file_type = strdup(node_opaque); upload->f_instance = instance; } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "URL")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "URL")) { upload->url = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Username")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "Username")) { upload->username = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "Password")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "Password")) { upload->password = strdup(node_opaque); } - if (node_type == MXML_OPAQUE && node_opaque && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(mxmlGetElement(parent), "DelaySeconds")) { + if (node_type == MXML_OPAQUE && node_opaque && parent && mxmlGetType(parent) == MXML_ELEMENT && !strcmp(parent_name, "DelaySeconds")) { str_upload_delay = strdup(node_opaque); upload_delay = atol(node_opaque); }