From bbd34ed6770d165248469edbe6fd1384f3ec0108 Mon Sep 17 00:00:00 2001
From: Paul Kocialkowski <contact@paulk.fr>
Date: Sat, 30 Mar 2013 22:51:17 +0100
Subject: rfs: Refactor code, check for NULL pointers and prevent memory leaks

Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
---
 rfs.c | 48 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/rfs.c b/rfs.c
index d342b99..5234e73 100644
--- a/rfs.c
+++ b/rfs.c
@@ -26,24 +26,31 @@
 
 void ipc_rfs_nv_read_item(struct ipc_message_info *info)
 {
-	struct ipc_rfs_io *rfs_io = (struct ipc_rfs_io *) info->data;
-	struct ipc_rfs_io_confirm *rfs_io_conf;
+	struct ipc_client_data *ipc_client_data;
 	struct ipc_client *ipc_client;
+
+	struct ipc_rfs_io *rfs_io;
+	struct ipc_rfs_io_confirm *rfs_io_conf;
+
 	void *rfs_data;
 	int rc;
 
-	if (ril_data.ipc_rfs_client == NULL)
+	if (info == NULL || info->data == NULL || info->length < sizeof(struct ipc_rfs_io))
 		return;
 
-	ipc_client = ((struct ipc_client_data *) ril_data.ipc_rfs_client->data)->ipc_client;
+	rfs_io = (struct ipc_rfs_io *) info->data;
 
-	if (rfs_io == NULL) {
-		LOGE("Error: NULL rfs_io");
+	if (ril_data.ipc_rfs_client == NULL || ril_data.ipc_rfs_client->data == NULL)
 		return;
-	}
 
-	rfs_io_conf = malloc(rfs_io->length + sizeof(struct ipc_rfs_io_confirm));
-	memset(rfs_io_conf, 0, rfs_io->length + sizeof(struct ipc_rfs_io_confirm));
+	ipc_client_data = (struct ipc_client_data *) ril_data.ipc_rfs_client->data;
+
+	if (ipc_client_data->ipc_client == NULL)
+		return;
+
+	ipc_client = ipc_client_data->ipc_client;
+
+	rfs_io_conf = calloc(1, rfs_io->length + sizeof(struct ipc_rfs_io_confirm));
 	rfs_data = rfs_io_conf + sizeof(struct ipc_rfs_io_confirm);
 
 	LOGD("Asked to read 0x%x bytes at offset 0x%x", rfs_io->length, rfs_io->offset);
@@ -64,22 +71,31 @@ void ipc_rfs_nv_read_item(struct ipc_message_info *info)
 
 void ipc_rfs_nv_write_item(struct ipc_message_info *info)
 {
-	struct ipc_rfs_io *rfs_io = (struct ipc_rfs_io *) info->data;
-	struct ipc_rfs_io_confirm rfs_io_conf;
+	struct ipc_client_data *ipc_client_data;
 	struct ipc_client *ipc_client;
+
+	struct ipc_rfs_io *rfs_io;
+	struct ipc_rfs_io_confirm rfs_io_conf;
+
 	void *rfs_data;
 	int rc;
 
-	if (ril_data.ipc_rfs_client == NULL)
+	if (info == NULL || info->data == NULL || info->length < sizeof(struct ipc_rfs_io))
 		return;
 
-	ipc_client = ((struct ipc_client_data *) ril_data.ipc_rfs_client->data)->ipc_client;
+	rfs_io = (struct ipc_rfs_io *) info->data;
 
-	if (rfs_io == NULL) {
-		LOGE("Error: NULL rfs_io");
+	if (ril_data.ipc_rfs_client == NULL || ril_data.ipc_rfs_client->data == NULL)
 		return;
-	}
 
+	ipc_client_data = (struct ipc_client_data *) ril_data.ipc_rfs_client->data;
+
+	if (ipc_client_data->ipc_client == NULL)
+		return;
+
+	ipc_client = ipc_client_data->ipc_client;
+
+	memset(&rfs_io_conf, 0, sizeof(rfs_io_conf));
 	rfs_data = info->data + sizeof(struct ipc_rfs_io);
 
 	LOGD("Write rfs_data dump:");
-- 
cgit v1.2.3