From da88c8c28656b2db54ab205d26faccda68546c05 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta Date: Fri, 11 Feb 2022 15:41:34 +0000 Subject: [PATCH] Fix probable crashes --- common.c | 30 ---------------- cwmp.c | 9 +++-- digestauth.c | 41 ++++++++++++++++----- event.c | 34 ++++++++---------- http.c | 4 +-- inc/common.h | 5 ++- notifications.c | 7 ++-- reboot.c | 4 +-- ubus.c | 94 ++++++++++++++++++++++++++----------------------- 9 files changed, 114 insertions(+), 114 deletions(-) diff --git a/common.c b/common.c index 55db0ca..fbac93f 100755 --- a/common.c +++ b/common.c @@ -18,7 +18,6 @@ #include #include #include -#include #include "common.h" #include "cwmp_uci.h" @@ -665,35 +664,6 @@ char *string_to_hex(const unsigned char *str, size_t size) return hex; } -char *generate_random_string(size_t size) -{ - unsigned char *buf = NULL; - char *hex = NULL; - - buf = (unsigned char *)calloc(size + 1, sizeof(unsigned char)); - if (buf == NULL) { - CWMP_LOG(ERROR, "Unable to allocate memory for buf string\n"); - goto end; - } - - int written = RAND_bytes(buf, size); - if (written != 1) { - printf("Failed to get random bytes"); - goto end; - } - - hex = string_to_hex(buf, size); - if (hex == NULL) - goto end; - - hex[size] = '\0'; - -end: - FREE(buf); - return hex; -} - - int copy_file(char *source_file, char *target_file) { char ch; diff --git a/cwmp.c b/cwmp.c index 3c93419..122c709 100644 --- a/cwmp.c +++ b/cwmp.c @@ -326,7 +326,7 @@ int run_session_end_func(void) static void cwmp_schedule_session(struct cwmp *cwmp) { int t, error = CWMP_OK; - static struct timespec time_to_wait = { 0, 0 }; + struct timespec time_to_wait = { 0, 0 }; bool retry = false; char *exec_download = NULL; int is_notify = 0; @@ -584,7 +584,7 @@ static void lookup_event_cb(struct ubus_context *ctx __attribute__((unused)), struct ubus_event_handler *ev __attribute__((unused)), const char *type, struct blob_attr *msg) { - static const struct blobmsg_policy policy = { + const struct blobmsg_policy policy = { "path", BLOBMSG_TYPE_STRING }; struct blob_attr *attr; @@ -674,7 +674,10 @@ static int cwmp_init(int argc, char **argv, struct cwmp *cwmp) return error; icwmp_init_list_services(); - + cwmp->event_id = 0; + cwmp->cwmp_period = 0; + cwmp->cwmp_periodic_time = 0; + cwmp->cwmp_periodic_enable = false; /* Only One instance should run*/ cwmp->pid_file = fopen("/var/run/icwmpd.pid", "w+"); fcntl(fileno(cwmp->pid_file), F_SETFD, fcntl(fileno(cwmp->pid_file), F_GETFD) | FD_CLOEXEC); diff --git a/digestauth.c b/digestauth.c index d84b145..e2b92de 100644 --- a/digestauth.c +++ b/digestauth.c @@ -14,6 +14,7 @@ #include #include #include +#include #include "common.h" #include "digestauth.h" @@ -41,6 +42,34 @@ char *nonce_privacy_key = NULL; +char *generate_random_string(size_t size) +{ + unsigned char *buf = NULL; + char *hex = NULL; + + buf = (unsigned char *)calloc(size + 1, sizeof(unsigned char)); + if (buf == NULL) { + CWMP_LOG(ERROR, "Unable to allocate memory for buf string\n"); + goto end; + } + + int written = RAND_bytes(buf, size); + if (written != 1) { + printf("Failed to get random bytes"); + goto end; + } + + hex = string_to_hex(buf, size); + if (hex == NULL) + goto end; + + hex[size] = '\0'; + +end: + FREE(buf); + return hex; +} + int generate_nonce_priv_key() { nonce_privacy_key = generate_random_string(28); @@ -116,7 +145,7 @@ static void calculate_nonce(uint32_t nonce_time, const char *method, const char md5_final(tmpnonce, &md5); cvthex(tmpnonce, sizeof(tmpnonce), nonce); cvthex(timestamp, 4, timestamphex); - strncat(nonce, timestamphex, 8); + strcat(nonce, timestamphex); } /** @@ -166,13 +195,9 @@ static int lookup_sub_value(char *dest, size_t size, const char *data, const cha } if ((0 == strncasecmp(ptr, key, keylen)) && (eq == &ptr[keylen])) { if (NULL == q2) { - len = strlen(q1) + 1; - if (size > len) - size = len; - size--; - strncpy(dest, q1, size); - dest[size] = '\0'; - return size; + len = strlen(q1); + strcpy(dest, q1); + return len; } else { diff = (q2 - q1) + 1; if (size > diff) diff --git a/event.c b/event.c index ab90cbe..96ff6bd 100644 --- a/event.c +++ b/event.c @@ -61,7 +61,6 @@ void cwmp_save_event_container(struct event_container *event_container) //to be struct event_container *cwmp_add_event_container(struct cwmp *cwmp, int event_code, char *command_key) { - static int id; struct event_container *event_container; struct session *session; struct list_head *ilist; @@ -91,11 +90,11 @@ struct event_container *cwmp_add_event_container(struct cwmp *cwmp, int event_co list_add(&(event_container->list), ilist->prev); event_container->code = event_code; event_container->command_key = command_key ? strdup(command_key) : strdup(""); - if ((id < 0) || (id >= MAX_INT_ID)) { - id = 0; + if ((cwmp->event_id < 0) || (cwmp->event_id >= MAX_INT_ID)) { + cwmp->event_id = 0; } - id++; - event_container->id = id; + cwmp->event_id++; + event_container->id = cwmp->event_id; return event_container; } @@ -330,10 +329,10 @@ void *thread_event_periodic(void *v) { struct cwmp *cwmp = (struct cwmp *)v; struct event_container *event_container; - static int periodic_interval; - static bool periodic_enable; - static time_t periodic_time; - static struct timespec periodic_timeout = { 0, 0 }; + int periodic_interval; + bool periodic_enable; + time_t periodic_time; + struct timespec periodic_timeout = { 0, 0 }; time_t current_time; long int delta_time; @@ -397,22 +396,19 @@ bool event_exist_in_list(struct cwmp *cwmp, int event) int cwmp_root_cause_event_periodic(struct cwmp *cwmp) { - static int period = 0; - static bool periodic_enable = false; - static time_t periodic_time = 0; char local_time[27] = { 0 }; struct tm *t_tm; - if (period == cwmp->conf.period && periodic_enable == cwmp->conf.periodic_enable && periodic_time == cwmp->conf.time) + if (cwmp->cwmp_period == cwmp->conf.period && cwmp->cwmp_periodic_enable == cwmp->conf.periodic_enable && cwmp->cwmp_periodic_time == cwmp->conf.time) return CWMP_OK; pthread_mutex_lock(&(cwmp->mutex_periodic)); - period = cwmp->conf.period; - periodic_enable = cwmp->conf.periodic_enable; - periodic_time = cwmp->conf.time; - CWMP_LOG(INFO, periodic_enable ? "Periodic event is enabled. Interval period = %ds" : "Periodic event is disabled", period); + cwmp->cwmp_period = cwmp->conf.period; + cwmp->cwmp_periodic_enable = cwmp->conf.periodic_enable; + cwmp->cwmp_periodic_time = cwmp->conf.time; + CWMP_LOG(INFO, cwmp->cwmp_periodic_enable ? "Periodic event is enabled. Interval period = %ds" : "Periodic event is disabled", cwmp->cwmp_period); - t_tm = localtime(&periodic_time); + t_tm = localtime(&cwmp->cwmp_periodic_time); if (t_tm == NULL) return CWMP_GEN_ERR; @@ -424,7 +420,7 @@ int cwmp_root_cause_event_periodic(struct cwmp *cwmp) local_time[22] = ':'; local_time[26] = '\0'; - CWMP_LOG(INFO, periodic_time ? "Periodic time is %s" : "Periodic time is Unknown", local_time); + CWMP_LOG(INFO, cwmp->cwmp_periodic_time ? "Periodic time is %s" : "Periodic time is Unknown", local_time); pthread_mutex_unlock(&(cwmp->mutex_periodic)); pthread_cond_signal(&(cwmp->threshold_periodic)); return CWMP_OK; diff --git a/http.c b/http.c index 595f074..685252c 100644 --- a/http.c +++ b/http.c @@ -417,8 +417,8 @@ void http_server_init(void) void http_server_listen(void) { int client_sock, c; - static int cr_request = 0; - static time_t restrict_start_time = 0; + int cr_request = 0; + time_t restrict_start_time = 0; struct sockaddr_in6 client; //Listen diff --git a/inc/common.h b/inc/common.h index 7570100..18e2702 100644 --- a/inc/common.h +++ b/inc/common.h @@ -144,7 +144,11 @@ typedef struct cwmp { time_t start_time; struct session_status session_status; unsigned int cwmp_id; + int event_id; int cr_socket_desc; + int cwmp_period; + time_t cwmp_periodic_time; + bool cwmp_periodic_enable; bool is_boot; bool custom_notify_active; } cwmp; @@ -485,7 +489,6 @@ bool icwmp_validate_int_in_range(char *arg, int min, int max); void load_forced_inform_json_file(struct cwmp *cwmp); void clean_custom_inform_parameters(); char *string_to_hex(const unsigned char *str, size_t size); -char *generate_random_string(size_t size); int copy_file(char *source_file, char *target_file); #ifndef FREE #define FREE(x) \ diff --git a/notifications.c b/notifications.c index 9562438..bae3920 100644 --- a/notifications.c +++ b/notifications.c @@ -10,7 +10,6 @@ */ #include #include -#include #include #include #include @@ -558,9 +557,9 @@ void sotfware_version_value_change(struct cwmp *cwmp, struct transfer_complete * void *thread_periodic_check_notify(void *v) { struct cwmp *cwmp = (struct cwmp *)v; - static int periodic_interval; - static bool periodic_enable; - static struct timespec periodic_timeout = { 0, 0 }; + int periodic_interval; + bool periodic_enable; + struct timespec periodic_timeout = { 0, 0 }; time_t current_time; int is_notify = 0; diff --git a/reboot.c b/reboot.c index 498c0ab..e893a01 100644 --- a/reboot.c +++ b/reboot.c @@ -104,8 +104,8 @@ static void create_schedule_reboot_thread(struct cwmp *cwmp, bool thread_exist) void launch_reboot_methods(struct cwmp *cwmp) { - static int curr_delay_reboot = -1; - static time_t curr_schedule_redoot = 0; + int curr_delay_reboot = -1; + time_t curr_schedule_redoot = 0; if (cwmp->conf.delay_reboot != curr_delay_reboot && cwmp->conf.delay_reboot > 0) { diff --git a/ubus.c b/ubus.c index ff8455d..a4b04f4 100755 --- a/ubus.c +++ b/ubus.c @@ -49,14 +49,15 @@ static const struct blobmsg_policy command_policy[] = { static int cwmp_handle_command(struct ubus_context *ctx, struct ubus_object *obj __attribute__((unused)), struct ubus_request_data *req, const char *method __attribute__((unused)), struct blob_attr *msg) { struct blob_attr *tb[__COMMAND_MAX]; - static struct blob_buf b; + struct blob_buf blob_command; blobmsg_parse(command_policy, ARRAYSIZEOF(command_policy), tb, blob_data(msg), blob_len(msg)); if (!tb[COMMAND_NAME]) return UBUS_STATUS_INVALID_ARGUMENT; - blob_buf_init(&b, 0); + memset(&blob_command, 0, sizeof(struct blob_buf)); + blob_buf_init(&blob_command, 0); char *cmd = blobmsg_data(tb[COMMAND_NAME]); char info[128] = {0}; @@ -64,34 +65,34 @@ static int cwmp_handle_command(struct ubus_context *ctx, struct ubus_object *obj if (!strcmp("reload_end_session", cmd)) { CWMP_LOG(INFO, "triggered ubus reload_end_session"); cwmp_set_end_session(END_SESSION_RELOAD); - blobmsg_add_u32(&b, "status", 0); + blobmsg_add_u32(&blob_command, "status", 0); if (snprintf(info, sizeof(info), "icwmpd config will reload at the end of the session") == -1) return -1; } else if (!strcmp("reload", cmd)) { CWMP_LOG(INFO, "triggered ubus reload"); if (cwmp_main.session_status.last_status == SESSION_RUNNING) { cwmp_set_end_session(END_SESSION_RELOAD); - blobmsg_add_u32(&b, "status", 0); + blobmsg_add_u32(&blob_command, "status", 0); if (snprintf(info, sizeof(info), "Session running, reload at the end of the session") == -1) return -1; } else { pthread_mutex_lock(&(cwmp_main.mutex_session_queue)); cwmp_apply_acs_changes(); pthread_mutex_unlock(&(cwmp_main.mutex_session_queue)); - blobmsg_add_u32(&b, "status", 0); + blobmsg_add_u32(&blob_command, "status", 0); if (snprintf(info, sizeof(info), "icwmpd config reloaded") == -1) return -1; } } else if (!strcmp("reboot_end_session", cmd)) { CWMP_LOG(INFO, "triggered ubus reboot_end_session"); cwmp_set_end_session(END_SESSION_REBOOT); - blobmsg_add_u32(&b, "status", 0); + blobmsg_add_u32(&blob_command, "status", 0); if (snprintf(info, sizeof(info), "icwmpd will reboot at the end of the session") == -1) return -1; } else if (!strcmp("action_end_session", cmd)) { CWMP_LOG(INFO, "triggered ubus action_end_session"); cwmp_set_end_session(END_SESSION_EXTERNAL_ACTION); - blobmsg_add_u32(&b, "status", 0); + blobmsg_add_u32(&blob_command, "status", 0); if (snprintf(info, sizeof(info), "icwmpd will execute the scheduled action commands at the end of the session") == -1) return -1; } else if (!strcmp("exit", cmd)) { @@ -121,14 +122,14 @@ static int cwmp_handle_command(struct ubus_context *ctx, struct ubus_object *obj if (snprintf(info, sizeof(info), "icwmpd daemon stopped") == -1) return -1; } else { - blobmsg_add_u32(&b, "status", -1); + blobmsg_add_u32(&blob_command, "status", -1); if (snprintf(info, sizeof(info), "%s command is not supported", cmd) == -1) return -1; } - blobmsg_add_string(&b, "info", info); - ubus_send_reply(ctx, req, b.head); - blob_buf_free(&b); + blobmsg_add_string(&blob_command, "info", info); + ubus_send_reply(ctx, req, blob_command.head); + blob_buf_free(&blob_command); return 0; } @@ -154,37 +155,38 @@ static int cwmp_handle_status(struct ubus_context *ctx, struct ubus_object *obj { void *c; time_t ntime = 0; - static struct blob_buf b; + struct blob_buf blob_status; - blob_buf_init(&b, 0); + memset(&blob_status, 0, sizeof(struct blob_buf)); + blob_buf_init(&blob_status, 0); - c = blobmsg_open_table(&b, "cwmp"); - blobmsg_add_string(&b, "status", "up"); - blobmsg_add_string(&b, "start_time", mix_get_time_of(cwmp_main.start_time)); - blobmsg_add_string(&b, "acs_url", cwmp_main.conf.acsurl); - blobmsg_close_table(&b, c); + c = blobmsg_open_table(&blob_status, "cwmp"); + blobmsg_add_string(&blob_status, "status", "up"); + blobmsg_add_string(&blob_status, "start_time", mix_get_time_of(cwmp_main.start_time)); + blobmsg_add_string(&blob_status, "acs_url", cwmp_main.conf.acsurl); + blobmsg_close_table(&blob_status, c); - c = blobmsg_open_table(&b, "last_session"); - blobmsg_add_string(&b, "status", cwmp_main.session_status.last_start_time ? arr_session_status[cwmp_main.session_status.last_status] : "N/A"); - blobmsg_add_string(&b, "start_time", cwmp_main.session_status.last_start_time ? mix_get_time_of(cwmp_main.session_status.last_start_time) : "N/A"); - blobmsg_add_string(&b, "end_time", cwmp_main.session_status.last_end_time ? mix_get_time_of(cwmp_main.session_status.last_end_time) : "N/A"); - blobmsg_close_table(&b, c); + c = blobmsg_open_table(&blob_status, "last_session"); + blobmsg_add_string(&blob_status, "status", cwmp_main.session_status.last_start_time ? arr_session_status[cwmp_main.session_status.last_status] : "N/A"); + blobmsg_add_string(&blob_status, "start_time", cwmp_main.session_status.last_start_time ? mix_get_time_of(cwmp_main.session_status.last_start_time) : "N/A"); + blobmsg_add_string(&blob_status, "end_time", cwmp_main.session_status.last_end_time ? mix_get_time_of(cwmp_main.session_status.last_end_time) : "N/A"); + blobmsg_close_table(&blob_status, c); - c = blobmsg_open_table(&b, "next_session"); - blobmsg_add_string(&b, "status", arr_session_status[SESSION_WAITING]); + c = blobmsg_open_table(&blob_status, "next_session"); + blobmsg_add_string(&blob_status, "status", arr_session_status[SESSION_WAITING]); ntime = get_session_status_next_time(); - blobmsg_add_string(&b, "start_time", ntime ? mix_get_time_of(ntime) : "N/A"); - blobmsg_add_string(&b, "end_time", "N/A"); - blobmsg_close_table(&b, c); + blobmsg_add_string(&blob_status, "start_time", ntime ? mix_get_time_of(ntime) : "N/A"); + blobmsg_add_string(&blob_status, "end_time", "N/A"); + blobmsg_close_table(&blob_status, c); - c = blobmsg_open_table(&b, "statistics"); - blobmsg_add_u32(&b, "success_sessions", cwmp_main.session_status.success_session); - blobmsg_add_u32(&b, "failure_sessions", cwmp_main.session_status.failure_session); - blobmsg_add_u32(&b, "total_sessions", cwmp_main.session_status.success_session + cwmp_main.session_status.failure_session); - blobmsg_close_table(&b, c); + c = blobmsg_open_table(&blob_status, "statistics"); + blobmsg_add_u32(&blob_status, "success_sessions", cwmp_main.session_status.success_session); + blobmsg_add_u32(&blob_status, "failure_sessions", cwmp_main.session_status.failure_session); + blobmsg_add_u32(&blob_status, "total_sessions", cwmp_main.session_status.success_session + cwmp_main.session_status.failure_session); + blobmsg_close_table(&blob_status, c); - ubus_send_reply(ctx, req, b.head); - blob_buf_free(&b); + ubus_send_reply(ctx, req, blob_status.head); + blob_buf_free(&blob_status); return 0; } @@ -206,9 +208,10 @@ static int cwmp_handle_inform(struct ubus_context *ctx, struct ubus_object *obj struct blob_attr *tb[__INFORM_MAX]; bool grm = false; char *event = ""; - static struct blob_buf b; + struct blob_buf blob_inform; - blob_buf_init(&b, 0); + memset(&blob_inform, 0, sizeof(struct blob_buf)); + blob_buf_init(&blob_inform, 0); blobmsg_parse(inform_policy, ARRAYSIZEOF(inform_policy), tb, blob_data(msg), blob_len(msg)); @@ -236,8 +239,8 @@ static int cwmp_handle_inform(struct ubus_context *ctx, struct ubus_object *obj } pthread_mutex_unlock(&(cwmp_main.mutex_session_queue)); pthread_cond_signal(&(cwmp_main.threshold_session_send)); - blobmsg_add_u32(&b, "status", 1); - blobmsg_add_string(&b, "info", "Session with GetRPCMethods will start"); + blobmsg_add_u32(&blob_inform, "status", 1); + blobmsg_add_string(&blob_inform, "info", "Session with GetRPCMethods will start"); } else { int event_code = cwmp_get_int_event_code(event); pthread_mutex_lock(&(cwmp_main.mutex_session_queue)); @@ -245,15 +248,15 @@ static int cwmp_handle_inform(struct ubus_context *ctx, struct ubus_object *obj pthread_mutex_unlock(&(cwmp_main.mutex_session_queue)); pthread_cond_signal(&(cwmp_main.threshold_session_send)); if (cwmp_main.session_status.last_status == SESSION_RUNNING) { - blobmsg_add_u32(&b, "status", -1); - blobmsg_add_string(&b, "info", "Session already running, event will be sent at the end of the session"); + blobmsg_add_u32(&blob_inform, "status", -1); + blobmsg_add_string(&blob_inform, "info", "Session already running, event will be sent at the end of the session"); } else { - blobmsg_add_u32(&b, "status", 1); - blobmsg_add_string(&b, "info", "Session started"); + blobmsg_add_u32(&blob_inform, "status", 1); + blobmsg_add_string(&blob_inform, "info", "Session started"); } } - ubus_send_reply(ctx, req, b.head); - blob_buf_free(&b); + ubus_send_reply(ctx, req, blob_inform.head); + blob_buf_free(&blob_inform); return 0; } @@ -321,6 +324,7 @@ int cwmp_ubus_call(const char *obj, const char *method, const struct cwmp_ubus_a if (ubus_ctx == NULL) return -1; + memset(&b, 0, sizeof(struct blob_buf)); blob_buf_init(&b, 0); for (i = 0; i < u_args_size; i++) { if (u_args[i].type == UBUS_String)