Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / clo / qsdk / oss / lklm / nss-clients / a2b7d3d80fb4b417f054750df8f92f56f276de57^1..a2b7d3d80fb4b417f054750df8f92f56f276de57 / .
commita2b7d3d80fb4b417f054750df8f92f56f276de57[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Tue Mar 01 14:11:26 2016 -0800
committerGerrit - the friendly Code Review server <code-review@localhost>Tue Mar 01 14:11:26 2016 -0800
treeba18a1ccdf99115f2636d29bbcc004958abcc5f2
parentdfb51611d1710ff37989c7699f03686e895ce48d [diff]
parent041b2869ee95803acbb3bd748d28db9774e9812b [diff]
Merge "[qca-nss-clients] Fix KW issues in ipsecmgr"
diff --git a/ipsecmgr/nss_ipsecmgr_flow.c b/ipsecmgr/nss_ipsecmgr_flow.c
index 3d8655d..56740b6 100644
--- a/ipsecmgr/nss_ipsecmgr_flow.c
+++ b/ipsecmgr/nss_ipsecmgr_flow.c

@@ -48,15 +48,18 @@
 	uint32_t hash;
 	int idx;
 
-	flow_name = strchr(name, '@') + 1;
-	if (hex2bin((uint8_t *)&hash, flow_name, sizeof(uint32_t))) {
+	flow_name = strchr(name, '@');
+	if (!flow_name || hex2bin((uint8_t *)&hash, ++flow_name, sizeof(uint32_t))) {
 		nss_ipsecmgr_error("i%p: Invalid input\n", priv);
 		return NULL;
 	}
 
 	idx = hash & (NSS_IPSECMGR_MAX_FLOW - 1);
-	head = &db->entries[idx];
+	if (idx >= NSS_IPSECMGR_MAX_FLOW) {
+		return NULL;
+	}
 
+	head = &db->entries[idx];
 	list_for_each_entry(entry, head, node) {
 		if (nss_ipsecmgr_key_get_hash(&entry->key) == hash) {
 			return &entry->ref;

diff --git a/ipsecmgr/nss_ipsecmgr_sa.c b/ipsecmgr/nss_ipsecmgr_sa.c
index 3a2dae0..857bd41 100644
--- a/ipsecmgr/nss_ipsecmgr_sa.c
+++ b/ipsecmgr/nss_ipsecmgr_sa.c

@@ -58,15 +58,18 @@
 	uint32_t hash;
 	int idx;
 
-	sa_name = strchr(name, '@') + 1;
-	if (hex2bin((uint8_t *)&hash, sa_name, sizeof(uint32_t))) {
+	sa_name = strchr(name, '@');
+	if (!sa_name || hex2bin((uint8_t *)&hash, ++sa_name, sizeof(uint32_t))) {
 		nss_ipsecmgr_error("%p: Invalid sa_name(%s)\n", priv, sa_name);
 		return NULL;
 	}
 
 	idx = hash & (NSS_CRYPTO_MAX_IDXS - 1);
-	head = &db->entries[idx];
+	if (idx >= NSS_CRYPTO_MAX_IDXS) {
+		return NULL;
+	}
 
+	head = &db->entries[idx];
 	list_for_each_entry(entry, head, node) {
 		if (nss_ipsecmgr_key_get_hash(&entry->key) == hash) {
 			return &entry->ref;

diff --git a/ipsecmgr/nss_ipsecmgr_subnet.c b/ipsecmgr/nss_ipsecmgr_subnet.c
index db6baea..badcca4 100644
--- a/ipsecmgr/nss_ipsecmgr_subnet.c
+++ b/ipsecmgr/nss_ipsecmgr_subnet.c

@@ -48,23 +48,29 @@
 	uint8_t mask_bits;
 	uint32_t hash;
 	char *tmp;
-	int idx;
+	uint8_t idx;
 
-	tmp = strchr(name, '@') + 1;
-	if (hex2bin((uint8_t *)&mask_bits, tmp, sizeof(uint8_t))) {
+	tmp = strchr(name, '@');
+	if (!tmp || hex2bin((uint8_t *)&mask_bits, ++tmp, sizeof(uint8_t))) {
 		nss_ipsecmgr_error("%p: Invalid input\n", priv);
 		return NULL;
 	}
 
-	tmp = strchr(tmp, '@') + 1;
-	if (hex2bin((uint8_t *)&hash, tmp, sizeof(uint32_t))) {
+	tmp = strchr(tmp, '@');
+	if (!tmp || hex2bin((uint8_t *)&hash, ++tmp, sizeof(uint32_t))) {
 		nss_ipsecmgr_error("%p: Invalid input\n", priv);
 		return NULL;
 	}
 
 	idx = NSS_IPSECMGR_MAX_NETMASK - mask_bits;
+	if (idx  >= NSS_IPSECMGR_MAX_NETMASK) {
+		return NULL;
+	}
+
 	netmask = db->entries[idx];
-	BUG_ON(netmask->count == 0);
+	if (!netmask || !netmask->count) {
+		return NULL;
+	}
 
 	idx = hash & (NSS_IPSECMGR_MAX_SUBNET - 1);
 	head = &netmask->subnets[idx];