From 97709f52ec368cf6baa4dfcd8df4c33a6087ca16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Teppo=20J=C3=A4rvelin?= Date: Mon, 3 Dec 2018 08:47:01 +0200 Subject: [PATCH] Cellular: fix possible crash in state machine _sim_pin was changed to pointer from array and length was checked with strlen. If _sim_pin was null it caused crash. Fix by checking _sim_pin against NULL. Power class could have been called without checking if power is NULL. Fix by checking that power class is not null. Fix state machine to return correct states when queried. --- features/cellular/framework/device/CellularStateMachine.cpp | 6 +++--- features/cellular/framework/device/CellularStateMachine.h | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/features/cellular/framework/device/CellularStateMachine.cpp b/features/cellular/framework/device/CellularStateMachine.cpp index 25988de447..d56c7912da 100644 --- a/features/cellular/framework/device/CellularStateMachine.cpp +++ b/features/cellular/framework/device/CellularStateMachine.cpp @@ -153,7 +153,7 @@ bool CellularStateMachine::open_sim() } if (state == CellularDevice::SimStatePinNeeded) { - if (strlen(_sim_pin)) { + if (_sim_pin) { tr_info("Entering PIN to open SIM"); _cb_data.error = _cellularDevice.set_pin(_sim_pin); if (_cb_data.error) { @@ -428,13 +428,13 @@ void CellularStateMachine::state_sim_pin() } if (_network->is_active_context()) { // check if context was already activated - tr_debug("ACTIVE CONTEXT FOUND, skip registering."); + tr_debug("Active context found."); _network_status |= ACTIVE_PDP_CONTEXT; } CellularNetwork::AttachStatus status; // check if modem is already attached to a network if (_network->get_attach(status) == NSAPI_ERROR_OK && status == CellularNetwork::Attached) { _network_status |= ATTACHED_TO_NETWORK; - tr_debug("DEVICE IS ALREADY ATTACHED TO NETWORK, skip registering and attach."); + tr_debug("Cellular already attached."); } if (_plmn) { enter_to_state(STATE_MANUAL_REGISTERING_NETWORK); diff --git a/features/cellular/framework/device/CellularStateMachine.h b/features/cellular/framework/device/CellularStateMachine.h index c9d10e9f25..7b4e7656af 100644 --- a/features/cellular/framework/device/CellularStateMachine.h +++ b/features/cellular/framework/device/CellularStateMachine.h @@ -42,6 +42,7 @@ private: // friend of CellularDevice so that it's the only way to close/delete this class. friend class CellularDevice; friend class AT_CellularDevice; + friend class UT_CellularStateMachine; // for unit tests /** Constructor * * @param device reference to CellularDevice @@ -98,7 +99,7 @@ private: * @param timeout timeout array using seconds * @param array_len length of the array */ - void set_retry_timeout_array(uint16_t timeout[], int array_len); + void set_retry_timeout_array(uint16_t *timeout, int array_len); /** Sets the operator plmn which is used when registering to a network specified by plmn. If plmn is not set then automatic * registering is used when registering to a cellular network. Does not start any operations.