| Age | Commit message (Collapse) | Author |
|---|
|
These two parameters must always be given.
|
|
get_device_ids()
get_device_ids() in mm-kernel-device-udev.c accepts a NULL 'vendor' or
'product' argument, but the current implementation could result in a
potential NULL dereferences of the 'vendor' argument. Given that
get_device_ids() is a local helper and its only caller provides a
non-NULL 'vendor' and 'product' argument, this patch removes the NULL
checks (i.e. get_device_ids() expects non-NULL 'vendor' and 'product').
This patch also rearranges the code such that the 'vendor' argument is
updated only when the function returns TRUE, just like how the 'product'
argument is handled.
|
|
The while loop in mm_charset_get_encoded_len() iterates through each
valid UTF-8 encoded character in the given NULL-terminated UTF-8 string.
It uses g_utf8_find_next_char() to find the position of the next
character. In case, g_utf8_find_next_char() returns NULL, it tries to
find the end (i.e. the NULL character) of the string.
This patch fixes the following issues in the while loop:
1. The loop uses both 'next' and 'end' to track the position of the next
character in the string.
When g_utf8_find_next_char() returns a non-NULL value, 'next' is
essentially the same as 'end'.
When g_utf8_find_next_char() returns NULL, 'next' remains NULL while
'end' is adjusted to track the end of the string (but is done
incorrectly as described in #2). After the 'p = next' assignment, the
'while (*p)' check results in a NULL dereference. 'p' should thus be
set to 'end' instead of 'next'.
'next' is thus redundant and can be removed.
2. When g_utf8_find_next_char() returns NULL and 'end' is adjusted to
track the end of string, the 'while (*end++)' loop stops when finding
the NULL character, but 'end' is advanced past the NULL character.
After the 'p = end' assignment, the 'while (*p)' check results in a
dereference of out-of-bounds pointer.
'while (*++end)' should be used instead given that 'p' doesn't point
to a NULL character when 'end = p' happens. 'end' will be updated to
point to the NULL character. After the 'p = end' assignment (fixed in
#1), the 'while (*p)' check will properly stop the loop.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=102182
|
|
When we remove the last object reference, make sure the notification
handler is also removed, or we may end up using an already freed
object.
https://retrace.fedoraproject.org/faf/reports/1815001/
|
|
This patch fixes a bug in apply_post_probing_filters() where it iterates
through `self->priv->forbidden_product_strings' but incorrectly accesses
`self->priv->product_strings[i]' inside the loop.
`self->priv->forbidden_product_strings[i]' should be accessed instead.
|
|
This patch fixes a potential NULL referenece issue in
mm_cdma_manual_activation_properties_get_prl() where it accesses
`self->priv->prl->data' when `self->priv->prl' could be potentially
NULL.
|
|
This patch fixes a potential NULL referenece issue in
mm_sms_properties_get_data() where it accesses `self->priv->data->data'
when `self->priv->data' could be potentially NULL.
|
|
Also:
* define the leading '+' as a escaped value
* allow any number of spaces between '+CCLK' and the string value.
|
|
The Sierra Wireless EM7345 reports OperationNotAllowed when trying to
load stats, just cancel stats reloading if so.
ModemManager[8318]: [/dev/cdc-wdm1] Received message (translated)...
>>>>>> Header:
>>>>>> length = 48
>>>>>> type = command-done (0x80000003)
>>>>>> transaction = 24
>>>>>> Fragment header:
>>>>>> total = 1
>>>>>> current = 0
>>>>>> Contents:
>>>>>> status error = 'OperationNotAllowed' (0x0000001c)
>>>>>> service = 'basic-connect' (a289cc33-bcbb-8b4f-b6b0-133ec2aae6df)
>>>>>> cid = 'packet-statistics' (0x00000014)
|
|
This patch removes an unnecessary error check in the
update_unlock_retries() where the error is never set.
|
|
Try to make it more clear which are the different branches in the
logic, and jump out as soon as the branch is finished.
|
|
The init-sequence configured for the TTY that is being used as data
port must not be launched during the port reopen() sequence; instead
we must run it manually after the port flashing has finished.
|
|
See https://lists.freedesktop.org/archives/modemmanager-devel/2017-August/005506.html
|
|
On the modem with firmware revision ALT3100_04_05_06_10_A8_TF
(LTEUSB_02_04_05_10_53), it's observed that port probing doesn't
complete successfully when send-delay=0 is used.
|
|
|
|
|
|
This patch initializes `match_info' in registration_status_check_ready()
to NULL by default, such that `match_info' is always initialized even if
`self->priv->modem_3gpp_registration_regex' contains no elements.
Though `self->priv->modem_3gpp_registration_regex' always contains some
elements in the current implementation, it's better not to rely on that.
|
|
There are potential memory leaks in MMLocationGpsNmea:
- When the `trace' string provided to location_gps_nmea_take_trace() isn't
added to the hash table, its ownership is still considered transferred.
It should thus be freed. Similarly, the `trace_type' string isn't
added the hash table and should thus be freed.
- mm_location_gps_nmea_add_trace() duplicates a given trace string and
then passes the trace copy to location_gps_nmea_take_trace(). When
location_gps_nmea_take_trace() returns FALSE, the ownership of the
copy isn't transferred. mm_location_gps_nmea_add_trace() should thus
free the copy.
This patch fixes the above memory leaks by having
location_gps_nmea_take_trace() always take the ownership of the `trace'
string and internally free `trace' and `trace_type' when necessary.
|
|
This patch fixes an ineffective `g_assert (equip_id)' in
modem_load_equipment_identifier_finish(). After mm_parse_gsn() succeeds,
`equip_id' is freed but not reset to NULL, so `g_assert (equip_id)' will
never assert even if `imei', `meid', and `esn' are all NULL (though that
shouldn't happen when mm_parse_gsn() succeeds).
|
|
This patch fixes some potential use-after-freed issues in
dms_get_ids_ready(). When an invalid ESN / MEID is retrieved,
`ctx->self->priv->esn' / `ctx->self->priv->meid' is freed but not reset
to NULL. If no IMEI is retrieved, `str' can be set to the already freed
`ctx->self->priv->esn' / `ctx->self->priv->meid' and then propagated to
a GSimpleAsyncResult object.
|
|
This patch removes a redundant `encoded_auth = huawei_parse_auth_type (auth)`
in connect_3gpp_context_step().
|
|
|
|
This patch fixes an issue in disconnect_set_ready(). If
mbim_message_connect_response_parse(), `session_id' and `nw_error' are
not set to a valid value, and thus shouldn't be used.
|
|
During the CONNECT_3GPP_CONTEXT_STEP_LAST step,
connect_3gpp_context_step() conditionally creates and populates a
MMBearerConnectResult object into the GSimpleAsyncResult object when the
ipv4_config field of the Connect3gppContext struct is set. That assumes
the ipv4_config field is always initialized in
connect_dhcp_check_ready() during the
CONNECT_3GPP_CONTEXT_STEP_IP_CONFIG step. Instead of having such an
assumption, this patch modifies connect_3gpp to always initialize
the ipv4_config field, such that connect_3gpp_context_step() always
populates a MMBearerConnectResult object into the GSimpleAsyncResult
object.
|
|
This patch fixes cause_code_to_delivery_state() by adding two missing
break statements for the case ERROR_CLASS_TEMPORARY and
ERROR_CLASS_PERMANENT in the `switch (error_class)` statement. Without
the break statements, the switch always falls through to the default and
returns MM_SMS_DELIVERY_STATE_UNKNOWN for an `error_class' of value
ERROR_CLASS_TEMPORARY or ERROR_CLASS_PERMANENT.
|
|
|
|
The following checks in mm_modem_firmware_select() and
mm_modem_firmware_select_sync() could result in a NULL pointer
dereference if `unique_id' is NULL:
g_return_if_fail (unique_id != NULL || unique_id[0] == '\0')
g_return_val_if_fail (unique_id != NULL || unique_id[0] == '\0', FALSE)
This patch fixes the checks to properly verify that `unique_id' is
neither NULL nor an empty string.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
With some modems, the lock/unlock of the SIM-ME interface with +CSIM=1/0
command is followed by #QSS unsolicited messages. With the current
implementation, this messages are mistaken for SIM swap events and so the
modem is first dropped and then re-probed.
With this patch, the plugin takes into account the SIM-ME lock state when
parsing #QSS unsolicited, so that the QSS handler can correctly
elaborate the messages that are not related to SIM swap events.
|
|
|
|
Currently, when SIM hot swap fails in either mm-iface or plugin, the
ModemManager still opens ports context and prints a message saying that
SIM hot swap is supported and that it's waiting for SIM insertion,
instead of clearly saying that SIM hot swap is not working.
This patch:
1. introduces a new property MM_IFACE_MODEM_SIM_HOT_SWAP_CONFIGURED
which is FALSE by default and set to TRUE only when
setup_sim_hot_swap_finish() succeded.
2. subordinates the completion of SIM hot swap setup (in
mm-broadband-modem) and the related messages to the the value of
MM_IFACE_MODEM_SIM_HOT_SWAP_CONFIGURED
Finally, this patch replaces the MBIM's sim_hot_swap_on private property
with the new property MM_IFACE_MODEM_SIM_HOT_SWAP_CONFIGURED, since they have the
same meaning.
|
|
Commit 6c35878f12ab37604d85cb3a864e3859973bd195 introduced a new option for
setting the refresh rate of location on DBus. This patch describes the option
in the man page.
https://bugs.freedesktop.org/show_bug.cgi?id=89924
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
to use GTask
|
