| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
params.ap is an array with length MAX_SIGNIFICANT_CHANGE_APS == 64
We should check that params.num_ap does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS test is not available because CTS test doesn't have the
privilege to access system API.
Bug: 37207928
Test: compile
Test: SafetyNet log not triggered under non-exploit conditions
Change-Id: I541bacd5448124864f28ef1671edf065cc0e35ed
(cherry picked from commit dc96644e72bbac7b579c3ac4b8c5beed1fe7f0b6)
|
|
|
|
|
|
| |
This partially reverts commit bebdc4a3ae5000ac26c16071f26557eb7d8278d8.
Change-Id: I1ad9ab51c4cfbe634fbccdc07f4910ea696ff7a1
|
|
|
|
|
|
|
|
|
|
|
| |
merge into mmr3
This resovles the merge conflict for ag/1514448/
After Android M, this function uses num_bssid instead of num_ap.
Both are prone to stack overflow attacks.
Bug: 31856351
Test: compile, unit tests, manual test
Change-Id: Ied24e6a7ee3047a5319bcca77a0f0f94889b6ca1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix merge conflict into mnc-mr2-release
params.ap is an array with length MAX_HOTLIST_APS == 128
We should check that params.num_bssid does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS will be added in another CL.
Bug: 31856351
Test: compile, unit tests, manual test
Test: SafetyNet log not triggered under non-exploit conditions
Test: POC executable does not crash wifi anymore.
Change-Id: I99665d529985c89d581939126743c34ae885828c
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This resovles the merge conflict for ag/1514448/
After Android M, this function uses num_bssid instead of num_ap.
Both are prone to stack overflow attacks.
CYNGNOS-3312
Bug: 31856351
Test: compile, unit tests, manual test
Change-Id: I194850a4c79ddf478d98e750f65b24e82d99ebc0
(cherry picked from commit c579cce67bbb8d0a64b58b3b89d53ae1bce330e9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
params.ap is an array with length MAX_HOTLIST_APS == 128
We should check that params.num_bssid does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS will be added in another CL.
CYNGNOS-3312
Bug: 31856351
Change-Id: I807f349ceef5c2f5a46eec87515d3550f8288739
Test: compile, unit tests, manual test
Test: SafetyNet log not triggered under non-exploit conditions
Test: POC executable does not crash wifi anymore.
(cherry picked from commit d8748b8faf9c002b59e059d52d49fcc5b7ca5887)
|
|
|
|
|
|
| |
Variable "buffer" falls out of scope leaking memory.
Change-Id: Ia9ca5b1652507e64a6a53c3c7d668684c1ed327e
|
|
|
|
|
|
|
| |
* This check is going to be true if not GBK, so stop spamming the
log with this.
Change-Id: Ifed4885a9e502beeab8ef3f82de789c99ea106e1
|
|\
| |
| |
| |
| |
| | |
Android 6.0.1 Release 61 (MOB30Z)
Change-Id: Ica841d345cecfd7ea1aedfa360b5c1a28f915860
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The parseMacAddress function anticipates only properly formed
MAC addresses (6 hexadecimal octets separated by ":"). This
change properly deals with situations where the string is
shorter than expected, making sure that the passed in char*
reference in parseHexByte never exceeds the end of the string.
BUG: 28164077
TEST: Added a main function:
int main(int argc, char **argv) {
unsigned char addr[6];
if (argc > 1) {
memset(addr, 0, sizeof(addr));
parseMacAddress(argv[1], addr);
printf("Result: %02x:%02x:%02x:%02x:%02x:%02x\n",
addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
}
}
Tested with "", "a" "ab" "ab:c" "abxc".
Change-Id: I0db8d0037e48b62333d475296a45b22ab0efe386
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wifi gbk2utf module used weak logic to check if SSID is GBK encoded,
it has chance that SSID wrongly converted and truncated, which in
turn caused framework crash due to unhandled Exception.
This change is to add isGkbString() to check if SSID is GBK encoded,
which makes sure only SSID with GBK encoded will be converted.
Change-Id: I6cb608bfb6f0930d89a58d66114eabbf856acc9d
CRs-Fixed: 978452
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* The AP item list is destroyed and re-created on driver load/unload.
* Check before accessing them, as the driver may be unloaded, which may
cause a null pointer dereference.
REF: CYNGNOS-2559
Change-Id: If4f7600f6156d650211a7ac85b48f95f16c761e7
|
|\|
| |
| |
| |
| |
| |
| |
| |
| | |
Android 6.0.0 release 26
Conflicts:
service/java/com/android/server/wifi/WifiStateMachine.java
Change-Id: I05f1edf746073a8bf7511c1978df132ba918c73d
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The WifiNative response buffer is one byte smaller than the
amount of data that supplicant can throw at it. This can lead
to a problem where WifiNative gets mismatched answers for
its commands.
Bug: 24380015
Change-Id: Iadc0afa9390ca5c002022fc951951cb109eac22a
|
| |
| |
| |
| | |
Change-Id: I4a0cb1eefb74a9775c10397a8abad15e594385f3
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
mnc-dev
* commit '9152c50087c0293bdfd2526fd88a967ea7a1763c':
Fix refcounting of objects and data in WifiNative
|
| |\ \
| | | |
| | | |
| | | | |
Change-Id: I61046edb56b9b54a759e4964762fa7b01d4eaba1
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
into mnc-dev
* commit '69a99c03a9c78a507266c18443dc044a7b3e7869':
Boot loop when SSID has non UTF-8 character in the name
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit 'fbd35be2ee76cb2f8090f563c8f2666ce0dee607':
Restart loop on MRA16G: Abort message:
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bug: 22634960
Change-Id: I3ebc3fb998f387a4eb4521cfc60409b64b2a2f64
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bug: 21405941
Change-Id: I6740267046e997d27945346e036b40a198bbb105
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bug: 21405946
Change-Id: If7fe4b25bf294f808b99b1e1f25e8a7a62817ef7
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Set normal/AP mode so that the HAL can specify correct module
arguments when loading the driver.
Change-Id: I6eee2cc53b5f1e70306e252e52c909833f220515
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It doesn't support Chinese GBK Charset in original Android.
But there are some APs with Chinese GBK Charset SSID, it will result
in that wifi can't display these APs nomally and connect to these APs.
Here make a conversion in wifi JNI layer. When "SCAN" or "GET_NETWORK"
command has the reply with Chinese GBK Charset SSID, convert GBK to
UTF-8.
Change-Id: Iaf01a0e44e8ad610408f1533723fc668c5a764b0
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Bug: 22857896
Change-Id: I552495f1b8561eb7917f6a94284f1716870491da
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
b/22871989
Change-Id: I63c458c7353ecf84aa716118924364bb8f0f2844
|
| |/
|/|
| |
| |
| |
| | |
b/22773761
Change-Id: I24e1579ff1aafde703d2090f93399fd5f299a75a
|
|/
|
|
|
|
|
|
|
| |
'art/runtime/thread.cc:1320] No pending exception
expected: java.lang.ArrayIndexOutOfBoundsException
b/22591534
Change-Id: Ib8380b38fae8c3b0cb1e8980d397c9bfc98c9b81
|
|
|
|
|
|
|
| |
b/22349265
Change-Id: I3d5e0e3c6d06a86f9c59b00754bfc9e5677fe9e7
Signed-off-by: Jerry Lee <jerrylee@broadcom.com>
|
|
|
|
|
|
| |
b/22322272
Change-Id: If4eb9dd3fcefeef2ab26f991e8ee5dd8947a2837
|
|
|
|
|
|
| |
b/22098062
Change-Id: I6bc701ba81a9dad323403a39e3cb385153d2ed88
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
b/21405946
Change-Id: I0bbe294d52e97d9609d35d788410fd0bb4c6d5f7
Signed-off-by: JerryLee <jerrylee@broadcom.com>
|
|/
|
|
| |
Change-Id: If2c929a1156d936ac1a17681d1f171ae1f9dd1bf
|
|
|
|
|
|
|
| |
bug: 21730601
Change-Id: I4dd4c6bae10b9e8ad7c8cabc887b8d51c07eff01
Signed-off-by: JerryLee <jerrylee@broadcom.com>
|
|
|
|
|
|
| |
Bug:21617639
Change-Id: Idf7d066a20b96ed1e39cdd164b7159d5843c2f99
|
|
|
|
| |
Change-Id: I41db895dbc470229ef7746e16c404010beec3d9d
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
09f267b prevent false wifi roaming signal Bug:21617059
0bf150b Enable ring buffer logging and auto-logging of failures
550ae08 Merge "fix overflow bug in WifiManager reportActivityInfo Bug:20232188" into m-wireless-dev
7ab5189 Merge "Make autojoin parameters configurable" into m-wireless-dev
7ff782a Make autojoin parameters configurable
f49a59b Issue start/stop HAL along with load/unload driver
|
| |
| |
| |
| |
| |
| |
| |
| | |
This change extracts ring buffer data from firmware; and
automatically logs driver/firmware logs when any failure
is detected.
Change-Id: I20c8cc00e8ac1d1b4f35da6d309e972cd8ea5d19
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These helped once; but now this is just noise. Also
given that GMSCore starts/stops scans many times it is
taking too much of log real estate.
Bug: 20416721
Change-Id: I965ed919afbac56e123e8d019be84d7d33abf3f9
|
|\|
| |
| |
| |
| |
| |
| |
| | |
7ab5189 Merge "Make autojoin parameters configurable" into m-wireless-dev
7ff782a Make autojoin parameters configurable
f49a59b Issue start/stop HAL along with load/unload driver
cbda71c Merge "make WiFi No Network Periodic Scans Interval to 5 minutes Bug:21274132" into m-wireless-dev
c538878 make WiFi No Network Periodic Scans Interval to 5 minutes Bug:21274132
|
| |
| |
| |
| |
| |
| |
| | |
This ensures that HAL is enabled when driver is loaded; and
HAL is torn down when driver is unloaded.
Change-Id: Ia7a3e0a485a37b137750040aaecde7cb92eb59e4
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
6dd83f1 Merge "fix handling of command for bssid hot list" into m-wireless-dev
a63da80 fix handling of command for bssid hot list
b090f62 make sure unblacklist thresholds are initialized Bug:21161557
4c94fc6 Wifi: Disable PNO (if enabled) only when the scan is allowed to trigger
be2981a fix enabling autojoin offload based on tx/rx counters
a3e4c84 Move Halutil to vendor/google_testing/comms
Change-Id: I9663436ad92094b1cde0e00d217b1fd9ca728351
|
| |
| |
| |
| | |
Change-Id: I2fa7970d249638b17f06763246af15f5308d4d55
|
|\|
| |
| |
| |
| |
| |
| |
| | |
5a091fb Wifi log spam is still a thing The root cause is that inner class WifiScanningStateMachine of WifiScanningServiceImpl use the log from WifiStateMachine rather than from WifiScanningServiceImpl. Reanme log to logLocal
b66b29a turn off WifiNative DBG
98dca33 FW memory dump should be compressed
e5c48b5 wifi: Do not kill the supplicant on a request to stop it
5caa43b add ssid white list for roam offload
|
| |
| |
| |
| | |
Change-Id: I9fad659cc6527a271251c7403852dc87ef460207
|
| |
| |
| |
| | |
Change-Id: I7eced80f7406de44e96bebc9a3ac3dc648a23eef
|
|\|
| |
| |
| |
| |
| | |
merging
Change-Id: Iec12d73f244bc58e7fcf1154ea8047a03925c241
|
| |
| |
| |
| | |
Change-Id: Ib814ff6d29c8d7f1b579f7c088cd4eb104e5b637
|