DO NOT MERGE
Fix security vulnerability in pre-O rild code.
Remove wrong code for setup_data_call.
Add check for max address for RIL_DIAL.
Bug: 37896655
Test: Manual.
Change-Id: I05c027140ae828a2653794fcdd94e1b1a130941b
(cherry picked from commit dda24c6557911aa1f4708abbd6b2f20f0e205b9e)
diff --git a/libril/ril.cpp b/libril/ril.cpp
index d7744c0..0803563 100644
--- a/libril/ril.cpp
+++ b/libril/ril.cpp
@@ -4419,12 +4419,12 @@
int data;
unsigned int qxdm_data[6];
const char *deactData[1] = {"1"};
- char *actData[1];
RIL_Dial dialData;
int hangupData[1] = {1};
int number;
char **args;
RIL_SOCKET_ID socket_id = RIL_SOCKET_1;
+ int MAX_DIAL_ADDRESS = 128;
int sim_id = 0;
RLOGI("debugCallback for socket %s", rilSocketIdToString(socket_id));
@@ -4571,12 +4571,6 @@
// Set network selection automatic.
issueLocalRequest(RIL_REQUEST_SET_NETWORK_SELECTION_AUTOMATIC, NULL, 0, socket_id);
break;
- case 6:
- RLOGI("Debug port: Setup Data Call, Apn :%s\n", args[1]);
- actData[0] = args[1];
- issueLocalRequest(RIL_REQUEST_SETUP_DATA_CALL, &actData,
- sizeof(actData), socket_id);
- break;
case 7:
RLOGI("Debug port: Deactivate Data Call");
issueLocalRequest(RIL_REQUEST_DEACTIVATE_DATA_CALL, &deactData,
@@ -4585,6 +4579,12 @@
case 8:
RLOGI("Debug port: Dial Call");
dialData.clir = 0;
+ if (strlen(args[1]) > MAX_DIAL_ADDRESS) {
+ RLOGE("Debug port: Error calling Dial");
+ freeDebugCallbackArgs(number, args);
+ close(acceptFD);
+ return;
+ }
dialData.address = args[1];
issueLocalRequest(RIL_REQUEST_DIAL, &dialData, sizeof(dialData), socket_id);
break;
