From e4f800932f55a36e792ec3cbb6420556919c061e Mon Sep 17 00:00:00 2001
From: Tushar Janefalkar <tusharj@codeaurora.org>
Date: Wed, 31 Oct 2012 16:56:19 -0700
Subject: [PATCH] Add NULL checks for callbacks

As a security measure, callbacks
are checked to make sure they are
not NULL pointers.

Change-Id: I391e1cc373e8098449303709d8d1b67d305fb633
CRs-Fixed: 404438
---
 loc_api/libloc_api_50001/loc.cpp          |  7 +++-
 loc_api/libloc_api_50001/loc_eng.cpp      | 44 +++++++++++++++--------
 loc_api/libloc_api_50001/loc_eng_ni.cpp   |  4 ++-
 loc_api/libloc_api_50001/loc_eng_xtra.cpp | 15 +++++---
 4 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/loc_api/libloc_api_50001/loc.cpp b/loc_api/libloc_api_50001/loc.cpp
index 8ac78625..8100a718 100755
--- a/loc_api/libloc_api_50001/loc.cpp
+++ b/loc_api/libloc_api_50001/loc.cpp
@@ -317,7 +317,13 @@ SIDE EFFECTS
 ===========================================================================*/
 static int loc_init(GpsCallbacks* callbacks)
 {
+    int retVal = -1;
     ENTRY_LOG();
+    if(callbacks == NULL) {
+        LOC_LOGE("loc_init failed. cb = NULL\n");
+        EXIT_LOG(%d, retVal);
+        return retVal;
+    }
     LOC_API_ADAPTER_EVENT_MASK_T event =
         LOC_API_ADAPTER_BIT_PARSED_POSITION_REPORT |
         LOC_API_ADAPTER_BIT_SATELLITE_REPORT |
@@ -341,7 +347,6 @@ static int loc_init(GpsCallbacks* callbacks)
     gps_loc_cb = callbacks->location_cb;
     gps_sv_cb = callbacks->sv_status_cb;
 
-    int retVal = -1;
     if (loc_eng_ulp_inf == NULL)
         retVal = loc_eng_init(loc_afw_data, &clientCallbacks, event,
                               NULL);
diff --git a/loc_api/libloc_api_50001/loc_eng.cpp b/loc_api/libloc_api_50001/loc_eng.cpp
index 300fb21f..1b55f288 100755
--- a/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/loc_api/libloc_api_50001/loc_eng.cpp
@@ -272,11 +272,13 @@ int loc_eng_init(loc_eng_data_s_type &loc_eng_data, LocCallbacks* callbacks,
                   void (*loc_external_msg_sender) (void*, void*))
 
 {
+    int ret_val =-1;
+
     ENTRY_LOG_CALLFLOW();
     if (NULL == callbacks || 0 == event) {
         LOC_LOGE("loc_eng_init: bad parameters cb %p eMask %d", callbacks, event);
-        EXIT_LOG(%d, 0);
-        return NULL;
+        EXIT_LOG(%d, ret_val);
+        return ret_val;
     }
 
     STATE_CHECK((NULL == loc_eng_data.context),
@@ -321,7 +323,6 @@ int loc_eng_init(loc_eng_data_s_type &loc_eng_data, LocCallbacks* callbacks,
                         callbacks->location_ext_parser, callbacks->sv_ext_parser);
     loc_eng_data.client_handle = LocApiAdapter::getLocApiAdapter(locEngHandle);
 
-    int ret_val =-1;
     if (NULL == loc_eng_data.client_handle) {
         // drop the context and declare failure
         ((LocEngContext*)(loc_eng_data.context))->drop();
@@ -852,6 +853,11 @@ void loc_eng_agps_init(loc_eng_data_s_type &loc_eng_data, AGpsCallbacks* callbac
     STATE_CHECK((NULL == loc_eng_data.agps_status_cb),
                 "agps instance already initialized",
                 return);
+    if(callbacks == NULL) {
+        LOC_LOGE("loc_eng_agps_init: bad parameters cb %p", callbacks);
+        EXIT_LOG(%s, VOID_RET);
+        return;
+    }
     loc_eng_data.agps_status_cb = callbacks->status_cb;
 
     loc_eng_data.agnss_nif = new AgpsStateMachine(loc_eng_data.agps_status_cb,
@@ -1875,15 +1881,15 @@ int loc_eng_ulp_init(loc_eng_data_s_type &loc_eng_data, const ulpInterface * loc
 {
     ENTRY_LOG();
     int ret_val=-1;
-
-    if(loc_eng_ulpInf != NULL)
+    if((loc_eng_ulpInf != NULL) && (((ulpInterface *)loc_eng_ulpInf)->init != NULL))
     {
         // Initialize the ULP interface
         ((ulpInterface *)loc_eng_ulpInf)->init(loc_eng_data);
         loc_eng_data.ulp_initialized = TRUE;
+        ret_val = 0;
     }
-    ret_val = 0;
-exit:
+    else
+        LOC_LOGE("ulp not initialized. NULL parameter");
     EXIT_LOG(%d, ret_val);
     return ret_val;
 }
@@ -2037,9 +2043,14 @@ SIDE EFFECTS
 ===========================================================================*/
 int loc_eng_ulp_phone_context_init(loc_eng_data_s_type &loc_eng_data,UlpPhoneContextCallbacks *callback)
 {
+    int ret_val = -1;
     ENTRY_LOG();
-    loc_eng_data.ulp_phone_context_req_cb = callback->ulp_request_phone_context_cb ;
-    int ret_val =0;
+    if(callback != NULL) {
+        loc_eng_data.ulp_phone_context_req_cb = callback->ulp_request_phone_context_cb ;
+        ret_val = 0;
+    }
+    else
+        LOC_LOGE("loc_eng_ulp_phone_context_init: bad parameters cb %p", callback);
     EXIT_LOG(%d, ret_val);
     return ret_val;
 }
@@ -2063,11 +2074,16 @@ SIDE EFFECTS
 int loc_eng_ulp_network_init(loc_eng_data_s_type &loc_eng_data,
                              UlpNetworkLocationCallbacks *callbacks)
 {
-   ENTRY_LOG_CALLFLOW();
-   loc_eng_data.ulp_network_callback = callbacks->ulp_network_location_request_cb;
-   int ret_val =0;
-   EXIT_LOG(%d, ret_val);
-   return ret_val;
+    int ret_val = -1;
+    ENTRY_LOG_CALLFLOW();
+    if(callbacks != NULL) {
+        loc_eng_data.ulp_network_callback = callbacks->ulp_network_location_request_cb;
+        ret_val = 0;
+    }
+    else
+        LOC_LOGE("loc_eng_ulp_network_init: bad parameters cb %p", callbacks);
+    EXIT_LOG(%d, ret_val);
+    return ret_val;
 }
 
 
diff --git a/loc_api/libloc_api_50001/loc_eng_ni.cpp b/loc_api/libloc_api_50001/loc_eng_ni.cpp
index c2d78af8..06a52a57 100644
--- a/loc_api/libloc_api_50001/loc_eng_ni.cpp
+++ b/loc_api/libloc_api_50001/loc_eng_ni.cpp
@@ -249,7 +249,9 @@ void loc_eng_ni_init(loc_eng_data_s_type &loc_eng_data, GpsNiCallbacks *callback
 {
     ENTRY_LOG_CALLFLOW();
 
-    if (NULL == callbacks->notify_cb) {
+    if(callbacks == NULL)
+        EXIT_LOG(%s, "loc_eng_ni_init: failed, cb is NULL");
+    else if (NULL == callbacks->notify_cb) {
         EXIT_LOG(%s, "loc_eng_ni_init: failed, no cb.");
     } else if (NULL != loc_eng_data.ni_notify_cb) {
         EXIT_LOG(%s, "loc_eng_ni_init: already inited.");
diff --git a/loc_api/libloc_api_50001/loc_eng_xtra.cpp b/loc_api/libloc_api_50001/loc_eng_xtra.cpp
index ebc7c6fb..01b805e7 100644
--- a/loc_api/libloc_api_50001/loc_eng_xtra.cpp
+++ b/loc_api/libloc_api_50001/loc_eng_xtra.cpp
@@ -54,12 +54,17 @@ SIDE EFFECTS
 int loc_eng_xtra_init (loc_eng_data_s_type &loc_eng_data,
                        GpsXtraCallbacks* callbacks)
 {
-   loc_eng_xtra_data_s_type *xtra_module_data_ptr;
+    int ret_val = -1;
+    loc_eng_xtra_data_s_type *xtra_module_data_ptr;
 
-   xtra_module_data_ptr = &loc_eng_data.xtra_module_data;
-   xtra_module_data_ptr->download_request_cb = callbacks->download_request_cb;
-
-   return 0;
+    if(callbacks == NULL)
+        LOC_LOGE("loc_eng_xtra_init: failed, cb is NULL");
+    else {
+        xtra_module_data_ptr = &loc_eng_data.xtra_module_data;
+        xtra_module_data_ptr->download_request_cb = callbacks->download_request_cb;
+        ret_val = 0;
+    }
+    return ret_val;
 }
 
 /*===========================================================================