summaryrefslogtreecommitdiffstats
path: root/service/jni
Commit message (Collapse)AuthorAgeFilesLines
* wifinative jni: check array length for trackSignificantWifiChangeHEADreplicant-6.0-0003replicant-6.0-0002cm-13.0Ningyuan Wang2017-08-131-2/+8
| | | | | | | | | | | | | | | | params.ap is an array with length MAX_SIGNIFICANT_CHANGE_APS == 64 We should check that params.num_ap does not exceed this value, otherwise this could be a stack overflow security vulnerability. CTS test is not available because CTS test doesn't have the privilege to access system API. Bug: 37207928 Test: compile Test: SafetyNet log not triggered under non-exploit conditions Change-Id: I541bacd5448124864f28ef1671edf065cc0e35ed (cherry picked from commit dc96644e72bbac7b579c3ac4b8c5beed1fe7f0b6)
* Revert "wifinative jni: check array length to prevent stack overflow"Unpublished2017-02-051-7/+0
| | | | | | This partially reverts commit bebdc4a3ae5000ac26c16071f26557eb7d8278d8. Change-Id: I1ad9ab51c4cfbe634fbccdc07f4910ea696ff7a1
* resolve merge conflicts of 849c5c7 to mnc-devNingyuan Wang2017-02-031-3/+3
| | | | | | | | | | | merge into mmr3 This resovles the merge conflict for ag/1514448/ After Android M, this function uses num_bssid instead of num_ap. Both are prone to stack overflow attacks. Bug: 31856351 Test: compile, unit tests, manual test Change-Id: Ied24e6a7ee3047a5319bcca77a0f0f94889b6ca1
* wifinative jni: check array length to prevent stack overflowNingyuan Wang2017-02-031-2/+9
| | | | | | | | | | | | | | | | Fix merge conflict into mnc-mr2-release params.ap is an array with length MAX_HOTLIST_APS == 128 We should check that params.num_bssid does not exceed this value, otherwise this could be a stack overflow security vulnerability. CTS will be added in another CL. Bug: 31856351 Test: compile, unit tests, manual test Test: SafetyNet log not triggered under non-exploit conditions Test: POC executable does not crash wifi anymore. Change-Id: I99665d529985c89d581939126743c34ae885828c
* resolve merge conflicts of 849c5c7 to mnc-devNingyuan Wang2016-12-121-1/+1
| | | | | | | | | | | | | This resovles the merge conflict for ag/1514448/ After Android M, this function uses num_bssid instead of num_ap. Both are prone to stack overflow attacks. CYNGNOS-3312 Bug: 31856351 Test: compile, unit tests, manual test Change-Id: I194850a4c79ddf478d98e750f65b24e82d99ebc0 (cherry picked from commit c579cce67bbb8d0a64b58b3b89d53ae1bce330e9)
* wifinative jni: check array length to prevent stack overflowNingyuan Wang2016-12-121-0/+7
| | | | | | | | | | | | | | | | params.ap is an array with length MAX_HOTLIST_APS == 128 We should check that params.num_bssid does not exceed this value, otherwise this could be a stack overflow security vulnerability. CTS will be added in another CL. CYNGNOS-3312 Bug: 31856351 Change-Id: I807f349ceef5c2f5a46eec87515d3550f8288739 Test: compile, unit tests, manual test Test: SafetyNet log not triggered under non-exploit conditions Test: POC executable does not crash wifi anymore. (cherry picked from commit d8748b8faf9c002b59e059d52d49fcc5b7ca5887)
* Fix potential memory leakShun Iio2016-08-171-0/+2
| | | | | | Variable "buffer" falls out of scope leaking memory. Change-Id: Ia9ca5b1652507e64a6a53c3c7d668684c1ed327e
* wifi: Stop spamming logsEthan Chen2016-08-151-1/+2
| | | | | | | * This check is going to be true if not GBK, so stop spamming the log with this. Change-Id: Ifed4885a9e502beeab8ef3f82de789c99ea106e1
* Merge tag 'android-6.0.1_r61' into HEADJessica Wagantall2016-08-021-5/+13
|\ | | | | | | | | | | Android 6.0.1 Release 61 (MOB30Z) Change-Id: Ica841d345cecfd7ea1aedfa360b5c1a28f915860
| * Deal correctly with short stringsPaul Stewart2016-06-231-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The parseMacAddress function anticipates only properly formed MAC addresses (6 hexadecimal octets separated by ":"). This change properly deals with situations where the string is shorter than expected, making sure that the passed in char* reference in parseHexByte never exceeds the end of the string. BUG: 28164077 TEST: Added a main function: int main(int argc, char **argv) { unsigned char addr[6]; if (argc > 1) { memset(addr, 0, sizeof(addr)); parseMacAddress(argv[1], addr); printf("Result: %02x:%02x:%02x:%02x:%02x:%02x\n", addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]); } } Tested with "", "a" "ab" "ab:c" "abxc". Change-Id: I0db8d0037e48b62333d475296a45b22ab0efe386
* | wifi: Use isGbkString() to check if SSID is GBK encodedHu Wang2016-06-241-25/+49
| | | | | | | | | | | | | | | | | | | | | | | | Wifi gbk2utf module used weak logic to check if SSID is GBK encoded, it has chance that SSID wrongly converted and truncated, which in turn caused framework crash due to unhandled Exception. This change is to add isGkbString() to check if SSID is GBK encoded, which makes sure only SSID with GBK encoded will be converted. Change-Id: I6cb608bfb6f0930d89a58d66114eabbf856acc9d CRs-Fixed: 978452
* | Null check before accessing AP objectsEthan Chen2016-04-221-0/+4
| | | | | | | | | | | | | | | | | | * The AP item list is destroyed and re-created on driver load/unload. * Check before accessing them, as the driver may be unloaded, which may cause a null pointer dereference. REF: CYNGNOS-2559 Change-Id: If4f7600f6156d650211a7ac85b48f95f16c761e7
* | Merge tag 'android-6.0.0_r26' into HEADRicardo Cerqueira2015-11-051-2/+97
|\| | | | | | | | | | | | | | | | | Android 6.0.0 release 26 Conflicts: service/java/com/android/server/wifi/WifiStateMachine.java Change-Id: I05f1edf746073a8bf7511c1978df132ba918c73d
| * Fix mismatched buffer size in supplicant and WifiNativeVinit Deshpande2015-10-021-2/+7
| | | | | | | | | | | | | | | | | | | | The WifiNative response buffer is one byte smaller than the amount of data that supplicant can throw at it. This can lead to a problem where WifiNative gets mismatched answers for its commands. Bug: 24380015 Change-Id: Iadc0afa9390ca5c002022fc951951cb109eac22a
| * Fix RSSI monitoring code to the no-leaking standardsVinit Deshpande2015-08-051-10/+16
| | | | | | | | Change-Id: I4a0cb1eefb74a9775c10397a8abad15e594385f3
| * am 9152c500: Merge "Fix refcounting of objects and data in WifiNative" into ↵Vinit Deshpande2015-08-063-781/+979
| |\ | | | | | | | | | | | | | | | | | | mnc-dev * commit '9152c50087c0293bdfd2526fd88a967ea7a1763c': Fix refcounting of objects and data in WifiNative
| * \ resolved conflicts for merge of ee0a0132 to mnc-dr-devxinhe2015-08-051-2/+8
| |\ \ | | | | | | | | | | | | Change-Id: I61046edb56b9b54a759e4964762fa7b01d4eaba1
| * \ \ am 69a99c03: Merge "Boot loop when SSID has non UTF-8 character in the name" ↵xin He2015-08-053-11/+51
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into mnc-dev * commit '69a99c03a9c78a507266c18443dc044a7b3e7869': Boot loop when SSID has non UTF-8 character in the name
| * \ \ \ am fbd35be2: Merge "Restart loop on MRA16G: Abort message:" into mnc-devxin He2015-07-231-1/+5
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | * commit 'fbd35be2ee76cb2f8090f563c8f2666ce0dee607': Restart loop on MRA16G: Abort message:
| * | | | | Fix typo in method namePrerepa Viswanadham2015-07-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 22634960 Change-Id: I3ebc3fb998f387a4eb4521cfc60409b64b2a2f64
| * | | | | RSSI hal api hookupPrerepa Viswanadham2015-07-181-1/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 21405941 Change-Id: I6740267046e997d27945346e036b40a198bbb105
| * | | | | WiFi keep alive offloading service implementationPrerepa Viswanadham2015-07-181-1/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 21405946 Change-Id: If7fe4b25bf294f808b99b1e1f25e8a7a62817ef7
* | | | | | wifi: Set the mode at native layerRicardo Cerqueira2015-10-261-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Set normal/AP mode so that the HAL can specify correct module arguments when loading the driver. Change-Id: I6eee2cc53b5f1e70306e252e52c909833f220515
* | | | | | wifi: Support for AP with Chinese GBK Charset SSIDSravanthi Palakonda2015-10-065-5/+777
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It doesn't support Chinese GBK Charset in original Android. But there are some APs with Chinese GBK Charset SSID, it will result in that wifi can't display these APs nomally and connect to these APs. Here make a conversion in wifi JNI layer. When "SCAN" or "GET_NETWORK" command has the reply with Chinese GBK Charset SSID, convert GBK to UTF-8. Change-Id: Iaf01a0e44e8ad610408f1533723fc668c5a764b0
* | | | | Merge "Fix refcounting of objects and data in WifiNative" into mnc-devVinit Deshpande2015-08-063-781/+979
|\ \ \ \ \ | |_|_|_|/ |/| | | |
| * | | | Fix refcounting of objects and data in WifiNativeVinit Deshpande2015-08-053-781/+979
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Bug: 22857896 Change-Id: I552495f1b8561eb7917f6a94284f1716870491da
* / | | WiFi tethering AP says I can't use 5g in this country while in the USxinhe2015-08-051-2/+8
|/ / / | | | | | | | | | | | | | | | b/22871989 Change-Id: I63c458c7353ecf84aa716118924364bb8f0f2844
* | / Boot loop when SSID has non UTF-8 character in the namexinhe2015-08-043-11/+51
| |/ |/| | | | | | | | | b/22773761 Change-Id: I24e1579ff1aafde703d2090f93399fd5f299a75a
* | Restart loop on MRA16G: Abort message:xinhe2015-07-221-1/+5
|/ | | | | | | | | 'art/runtime/thread.cc:1320] No pending exception expected: java.lang.ArrayIndexOutOfBoundsException b/22591534 Change-Id: Ib8380b38fae8c3b0cb1e8980d397c9bfc98c9b81
* Clean up bad command implementationJerry Lee2015-07-152-2/+20
| | | | | | | b/22349265 Change-Id: I3d5e0e3c6d06a86f9c59b00754bfc9e5677fe9e7 Signed-off-by: Jerry Lee <jerrylee@broadcom.com>
* AUPT: NCs in system_server caused runtime restartxinhe2015-07-072-15/+3
| | | | | | b/22322272 Change-Id: If4eb9dd3fcefeef2ab26f991e8ee5dd8947a2837
* Use wifi_reset_log_handler to stop loggingxinhe2015-06-301-25/+34
| | | | | | b/22098062 Change-Id: I6bc701ba81a9dad323403a39e3cb385153d2ed88
* Merge "Add wifi offload feature: mkeep_alive" into mnc-devVinit Deshpande2015-06-262-0/+6
|\
| * Add wifi offload feature: mkeep_aliveEcco Park2015-06-252-0/+6
| | | | | | | | | | | | | | b/21405946 Change-Id: I0bbe294d52e97d9609d35d788410fd0bb4c6d5f7 Signed-off-by: JerryLee <jerrylee@broadcom.com>
* | Re-enable Driver/Firmware based logsVinit Deshpande2015-06-251-13/+8
|/ | | | Change-Id: If2c929a1156d936ac1a17681d1f171ae1f9dd1bf
* Add a debuggability interface: stop loggingJerryLee2015-06-242-0/+2
| | | | | | | bug: 21730601 Change-Id: I4dd4c6bae10b9e8ad7c8cabc887b8d51c07eff01 Signed-off-by: JerryLee <jerrylee@broadcom.com>
* call setWifiLinkLayerStatsPierre Vandwalle2015-06-161-0/+13
| | | | | | Bug:21617639 Change-Id: Idf7d066a20b96ed1e39cdd164b7159d5843c2f99
* Fix a typo in RTT logsWei Wang2015-06-091-1/+1
| | | | Change-Id: I41db895dbc470229ef7746e16c404010beec3d9d
* am 70b75cd..09f267b from mirror-m-wireless-internal-releaseVinit Deshpande2015-06-051-35/+14
|\ | | | | | | | | | | | | | | | | 09f267b prevent false wifi roaming signal Bug:21617059 0bf150b Enable ring buffer logging and auto-logging of failures 550ae08 Merge "fix overflow bug in WifiManager reportActivityInfo Bug:20232188" into m-wireless-dev 7ab5189 Merge "Make autojoin parameters configurable" into m-wireless-dev 7ff782a Make autojoin parameters configurable f49a59b Issue start/stop HAL along with load/unload driver
| * Enable ring buffer logging and auto-logging of failuresVinit Deshpande2015-06-031-35/+14
| | | | | | | | | | | | | | | | This change extracts ring buffer data from firmware; and automatically logs driver/firmware logs when any failure is detected. Change-Id: I20c8cc00e8ac1d1b4f35da6d309e972cd8ea5d19
* | Remove trivial GScan logsVinit Deshpande2015-06-031-3/+3
| | | | | | | | | | | | | | | | | | | | These helped once; but now this is just noise. Also given that GMSCore starts/stops scans many times it is taking too much of log real estate. Bug: 20416721 Change-Id: I965ed919afbac56e123e8d019be84d7d33abf3f9
* | am a40265e..7ab5189 from mirror-m-wireless-internal-releaseVinit Deshpande2015-06-031-2/+6
|\| | | | | | | | | | | | | | | 7ab5189 Merge "Make autojoin parameters configurable" into m-wireless-dev 7ff782a Make autojoin parameters configurable f49a59b Issue start/stop HAL along with load/unload driver cbda71c Merge "make WiFi No Network Periodic Scans Interval to 5 minutes Bug:21274132" into m-wireless-dev c538878 make WiFi No Network Periodic Scans Interval to 5 minutes Bug:21274132
| * Issue start/stop HAL along with load/unload driverVinit Deshpande2015-06-021-2/+6
| | | | | | | | | | | | | | This ensures that HAL is enabled when driver is loaded; and HAL is torn down when driver is unloaded. Change-Id: Ia7a3e0a485a37b137750040aaecde7cb92eb59e4
* | am 22fd854..6dd83f1 from mirror-m-wireless-internal-releaseVinit Deshpande2015-06-021-0/+1
|\| | | | | | | | | | | | | | | | | | | | | 6dd83f1 Merge "fix handling of command for bssid hot list" into m-wireless-dev a63da80 fix handling of command for bssid hot list b090f62 make sure unblacklist thresholds are initialized Bug:21161557 4c94fc6 Wifi: Disable PNO (if enabled) only when the scan is allowed to trigger be2981a fix enabling autojoin offload based on tx/rx counters a3e4c84 Move Halutil to vendor/google_testing/comms Change-Id: I9663436ad92094b1cde0e00d217b1fd9ca728351
| * fix enabling autojoin offload based on tx/rx countersPierre Vandwalle2015-05-201-0/+1
| | | | | | | | Change-Id: I2fa7970d249638b17f06763246af15f5308d4d55
* | am 9ccffbb..5a091fb from mirror-m-wireless-internal-releaseVinit Deshpande2015-06-021-2/+96
|\| | | | | | | | | | | | | | | 5a091fb Wifi log spam is still a thing The root cause is that inner class WifiScanningStateMachine of WifiScanningServiceImpl use the log from WifiStateMachine rather than from WifiScanningServiceImpl. Reanme log to logLocal b66b29a turn off WifiNative DBG 98dca33 FW memory dump should be compressed e5c48b5 wifi: Do not kill the supplicant on a request to stop it 5caa43b add ssid white list for roam offload
| * add ssid white list for roam offloadPierre Vandwalle2015-05-181-2/+48
| | | | | | | | Change-Id: I9fad659cc6527a271251c7403852dc87ef460207
| * add BSSID blacklist to autojoin/roam offloadPierre Vandwalle2015-05-151-2/+50
| | | | | | | | Change-Id: I7eced80f7406de44e96bebc9a3ac3dc648a23eef
* | Merge remote-tracking branch 'goog/mirror-m-wireless-internal-release' into ↵xinhe2015-05-181-4/+7
|\| | | | | | | | | | | merging Change-Id: Iec12d73f244bc58e7fcf1154ea8047a03925c241
| * hal based Pno and lazy roam implementationPierre Vandwalle2015-05-141-9/+12
| | | | | | | | Change-Id: Ib814ff6d29c8d7f1b579f7c088cd4eb104e5b637
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 22:40:11 +0000