framework: Fix for 64-bit unsafe QCSAP_IOCTL_ASSOC_STA_MACADDR handling
Fixes for making SAP SDK 64 bit compliant for QCSAP_IOCTL_ASSOC_STA_MACADDR
ioctl
Change-Id: I161ac3113c01752f627bd876f85342d5a9b20ede
CRs-Fixed: 639046
diff --git a/softap/sdk/qsap_api.c b/softap/sdk/qsap_api.c
index 6c13d60..5888e5b 100644
--- a/softap/sdk/qsap_api.c
+++ b/softap/sdk/qsap_api.c
@@ -1463,6 +1463,7 @@
u32 len = MAX_CONF_LINE_LEN;
s8 *pif;
s8 *pbuf, *pout;
+ u32 buflen;
u32 recvLen;
u32 tlen;
@@ -1482,7 +1483,9 @@
goto error;
}
- pbuf = (s8 *)malloc((MAX_STA_ALLOWED * 6) + 8);
+ /* response has length field + 6 bytes per STA */
+ buflen = sizeof(u32) + (MAX_STA_ALLOWED * 6);
+ pbuf = (s8 *)malloc(buflen);
if(NULL == pbuf) {
ALOGE("%s :No memory \n", __func__);
close(sock);
@@ -1492,7 +1495,7 @@
#define SIZE_OF_MAC_INT (6)
strlcpy(wrq.ifr_name, pif, sizeof(wrq.ifr_name));
- wrq.u.data.length = SIZE_OF_MAC_INT * 8 + 8; /** 8 supported MAC and 7 SPACE separators and a '\0' */
+ wrq.u.data.length = buflen;
wrq.u.data.pointer = (void *)pbuf;
wrq.u.data.flags = 0;
@@ -1504,13 +1507,14 @@
goto error;
}
- recvLen = *(unsigned long int *)(wrq.u.data.pointer);
+ recvLen = *(u32 *)(wrq.u.data.pointer);
+ recvLen -= sizeof(u32);
len = qsap_scnprintf(presp, *plen, "%s %s=", SUCCESS, cmd_list[eCMD_ASSOC_STA_MACS].name);
pout = presp + len;
tlen = *plen - len;
- qsap_mac_to_macstr(pbuf+sizeof(unsigned long int), recvLen, pout, &tlen);
+ qsap_mac_to_macstr(pbuf+sizeof(u32), recvLen, pout, &tlen);
*plen = len + tlen;
@@ -3060,7 +3064,7 @@
{
char cmdbuf[CMD_BUF_LEN];
char respbuf[RECV_BUF_LEN];
- unsigned long int rlen = RECV_BUF_LEN;
+ u32 rlen = RECV_BUF_LEN;
int i;
int hidden = 0;
int sec = SEC_MODE_NONE;