From 7dbc755ee913d9095ba8d844c33285323ca301bd Mon Sep 17 00:00:00 2001 From: vanshika Date: Thu, 23 Apr 2026 13:34:27 +0000 Subject: [PATCH] Reason for change: Fixing Low priority coverity issues. Test Procedure: Build should be successful and the regression test should also succeed. Risks: Low Priority: P1 Signed-off-by: vanshika_lnu@comcast.com --- source/apps/motion/wifi_motion.c | 29 +++++++++++++------ source/core/services/vap_svc_mesh_ext.c | 10 ++++++- source/stats/wifi_monitor.c | 38 ++++++++++++++++++++----- 3 files changed, 60 insertions(+), 17 deletions(-) diff --git a/source/apps/motion/wifi_motion.c b/source/apps/motion/wifi_motion.c index 04c1ba043..7618e4c04 100644 --- a/source/apps/motion/wifi_motion.c +++ b/source/apps/motion/wifi_motion.c @@ -1039,7 +1039,6 @@ int webconfig_hal_csi_apply(webconfig_subdoc_decoded_data_t *data) unsigned int itr, i, current_config_count, new_config_count, itrj, num_unique_mac=0; csi_data_t *current_csi_data = NULL, *new_csi_data; bool found = false, data_change = false; - mac_addr_str_t mac_str; mac_address_t unique_mac_list[MAX_NUM_CSI_CLIENTS]; current_config = get_csi_data_queue(); @@ -1138,15 +1137,27 @@ int webconfig_hal_csi_apply(webconfig_subdoc_decoded_data_t *data) } } - //Change client macarray to comma seperarted string. + size_t offset = 0; + int result = 0; + //Change client macarray to comma separated string. for (i=0; icsi_client_count; i++) { - to_mac_str(new_csi_data->csi_client_list[i], mac_str); - strcat(tmp_cli_list, mac_str); - strcat(tmp_cli_list, ","); - } - int len = strlen(tmp_cli_list); - if (len > 0) { - tmp_cli_list[len-1] = '\0'; + if (i > 0) { + result = snprintf(tmp_cli_list + offset, tmp_cli_list_size - offset, ","); + if (result < 0 || (size_t)result >= (tmp_cli_list_size - offset)) { + free(tmp_cli_list); + return RETURN_ERR; + } + offset += result; + } + unsigned char *mac = new_csi_data->csi_client_list[i]; + result = snprintf(tmp_cli_list + offset, tmp_cli_list_size - offset, + "%02x:%02x:%02x:%02x:%02x:%02x", + mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); + if (result < 0 || (size_t)result >= (tmp_cli_list_size - offset)) { + free(tmp_cli_list); + return RETURN_ERR; + } + offset += result; } if (!found) { diff --git a/source/core/services/vap_svc_mesh_ext.c b/source/core/services/vap_svc_mesh_ext.c index 3a16de79c..e12d71813 100644 --- a/source/core/services/vap_svc_mesh_ext.c +++ b/source/core/services/vap_svc_mesh_ext.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "const.h" #include #include "vap_svc.h" @@ -96,11 +97,18 @@ static int partition(bss_candidate_t *bss, int start, int end, int rssi_2_4_norm #define DEFAULT_DWELL_TIME_MS 50 static int get_dwell_time() { + int fd = -1; FILE *fp = NULL; int dwell_time = DEFAULT_DWELL_TIME_MS; - fp = fopen(DWELL_TIME_PATH, "r"); + fd = open(DWELL_TIME_PATH, O_RDONLY | O_NOFOLLOW); + if (fd < 0) { + return dwell_time; + } + + fp = fdopen(fd, "r"); if (fp == NULL) { + close(fd); return dwell_time; } if (fscanf(fp, "%d", &dwell_time) != 1) { diff --git a/source/stats/wifi_monitor.c b/source/stats/wifi_monitor.c index 33b1e4ea2..e4432ee21 100644 --- a/source/stats/wifi_monitor.c +++ b/source/stats/wifi_monitor.c @@ -2417,6 +2417,7 @@ static void rtattr_parse(struct rtattr *table[], int max, struct rtattr *rta, in } } +#define IP_ADDR_NLBUF_SIZE 16384 int getlocalIPAddress(char *ifname, char *ip, bool af_family) { struct { @@ -2425,7 +2426,7 @@ int getlocalIPAddress(char *ifname, char *ip, bool af_family) } req; int status; - char buf[16384]; + char *buf = NULL; struct nlmsghdr *nlm; struct ifaddrmsg *rtmp; unsigned char family; @@ -2438,10 +2439,16 @@ int getlocalIPAddress(char *ifname, char *ip, bool af_family) wifi_util_error_print(WIFI_MON, "%s: Null arguments %p %p\n",__func__, ifname, ip); return -1; } + buf = malloc(IP_ADDR_NLBUF_SIZE); + if (buf == NULL) { + wifi_util_error_print(WIFI_MON, "Memory allocation failed for netlink buffer\n"); + return -1; + } fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); if (fd < 0 ) { wifi_util_error_print(WIFI_MON, "Socket error\n"); + free(buf); return -1; } @@ -2459,13 +2466,15 @@ int getlocalIPAddress(char *ifname, char *ip, bool af_family) if(status<0) { wifi_util_error_print(WIFI_MON, "Send error\n"); close(fd); + free(buf); return -1; } - status = recv(fd, buf, sizeof(buf), 0); + status = recv(fd, buf, IP_ADDR_NLBUF_SIZE, 0); if(status<0) { wifi_util_error_print(WIFI_MON, "receive error\n"); close(fd); + free(buf); return -1; } @@ -2476,6 +2485,7 @@ int getlocalIPAddress(char *ifname, char *ip, bool af_family) if (req_len<0 || len>status || !NLMSG_OK(nlm, status)) { wifi_util_error_print(WIFI_MON, "length error\n"); close(fd); + free(buf); return -1; } rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlm); @@ -2485,6 +2495,7 @@ int getlocalIPAddress(char *ifname, char *ip, bool af_family) if(!strcasecmp(ifname, if_name) && table[IFA_ADDRESS]) { inet_ntop(family, RTA_DATA(table[IFA_ADDRESS]), ip, 64); close(fd); + free(buf); return 0; } } @@ -2492,6 +2503,7 @@ int getlocalIPAddress(char *ifname, char *ip, bool af_family) nlm = (struct nlmsghdr*)((char*)nlm + NLMSG_ALIGN(len)); } close(fd); + free(buf); return -1; } @@ -2530,23 +2542,30 @@ int csi_getClientIpAddress(char *mac, char *ip, char *interface, int check) } req; int status; - char buf[16384]; + char *buf = NULL; struct nlmsghdr *nlm; struct ndmsg *rtmp; struct rtattr * table[NDA_MAX+1]; - int fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); + int fd; char if_name[IFNAMSIZ] = {'\0'}; unsigned char tmp_mac[17]; unsigned char af_family; if(mac == NULL || ip == NULL || interface == NULL) { wifi_util_error_print(WIFI_MON, "%s: Null arguments %p %p %p\n",__func__, mac, ip, interface); - if (fd >= 0) - close(fd); return -1; } + + buf = malloc(IP_ADDR_NLBUF_SIZE); + if (!buf) { + wifi_util_error_print(WIFI_MON, "Memory allocation failed for netlink buffer\n"); + return -1; + } + + fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); if (fd < 0 ) { wifi_util_error_print(WIFI_MON, "Socket error\n"); + free(buf); return -1; } req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)); @@ -2564,13 +2583,15 @@ int csi_getClientIpAddress(char *mac, char *ip, char *interface, int check) if (status < 0) { wifi_util_error_print(WIFI_MON, "Socket send error\n"); close(fd); + free(buf); return -1; } - status = recv(fd, buf, sizeof(buf), 0); + status = recv(fd, buf, IP_ADDR_NLBUF_SIZE, 0); if (status < 0) { wifi_util_error_print(WIFI_MON, "Socket receive error\n"); close(fd); + free(buf); return -1; } @@ -2581,6 +2602,7 @@ int csi_getClientIpAddress(char *mac, char *ip, char *interface, int check) if (req_len<0 || len>status || !NLMSG_OK(nlm, status)) { wifi_util_error_print(WIFI_MON, "packet length error\n"); close(fd); + free(buf); return -1; } @@ -2597,6 +2619,7 @@ int csi_getClientIpAddress(char *mac, char *ip, char *interface, int check) if_indextoname(rtmp->ndm_ifindex, if_name); strncpy(interface, if_name, IFNAMSIZ); close(fd); + free(buf); return 0; } } @@ -2606,6 +2629,7 @@ int csi_getClientIpAddress(char *mac, char *ip, char *interface, int check) nlm = (struct nlmsghdr*)((char*)nlm + NLMSG_ALIGN(len)); } close(fd); + free(buf); return -1; }