From fdc21c8802f11848d3288ab14a912e154dbc7bed Mon Sep 17 00:00:00 2001 From: Lakshmi Rangan Date: Mon, 16 Mar 2026 08:16:41 +0000 Subject: [PATCH] RDKB-63939 : CLONE - [8.2p2s2] Observed CcspPandMSsp process restart on Device.dmcli walk Reason for change: Fix ccsp-p-and-m restart and cores Test Procedure: Condition checks modified in ccsp-cmn-library Risks: NA Priority: P2 Signed-off-by: Lakshmi Rangan --- .../DslhObjRecord/dslh_objro_access.c | 13 +++++++- .../DslhWmpDatabase/dslh_wmpdo_mpaif.c | 31 +++++++++++++++++-- .../helper/messagebus_interface_helper.c | 5 +++ 3 files changed, 45 insertions(+), 4 deletions(-) diff --git a/source/ccsp/components/common/DataModel/dml/components/DslhObjRecord/dslh_objro_access.c b/source/ccsp/components/common/DataModel/dml/components/DslhObjRecord/dslh_objro_access.c index 1a5441dc0..ec5f7e81d 100644 --- a/source/ccsp/components/common/DataModel/dml/components/DslhObjRecord/dslh_objro_access.c +++ b/source/ccsp/components/common/DataModel/dml/components/DslhObjRecord/dslh_objro_access.c @@ -268,12 +268,14 @@ DslhObjroGetAllParamValues ppNameArray = (char**)AnscAllocateMemory(sizeof(char*) * uChildCount); if( !ppNameArray ) /*RDKB-5791 , CID-33396, NULL check after mem allocation*/ { + *pulArraySize = 0; return ANSC_STATUS_FAILURE; } ppValueArray = (PSLAP_VARIABLE*)AnscAllocateMemory(sizeof(PSLAP_VARIABLE) * uChildCount); if( !ppValueArray ) { AnscFreeMemory(ppNameArray);/*RDKB-5791 , CID-33236, NULL check after mem allocation*/ + *pulArraySize = 0; return ANSC_STATUS_FAILURE; } @@ -303,9 +305,12 @@ DslhObjroGetAllParamValues if( ppValueArray[ulParamCount] == NULL) { - break; + returnStatus = ANSC_STATUS_RESOURCES; + goto EXIT; } + SlapInitVariable(ppValueArray[ulParamCount]); + ppValueArray[ulParamCount]->Name = pChildVarRecord->GetFullName((ANSC_HANDLE)pChildVarRecord); ppValueArray[ulParamCount]->ContentType = pChildVarEntity->ContentType; ppValueArray[ulParamCount]->Syntax = pChildVarEntity->Syntax; @@ -342,6 +347,12 @@ DslhObjroGetAllParamValues } /* Check parameter value and change it to be 2 Ending*/ + if ( (ulTotalParamCount + ulParamCount) > ulMaxParamCount ) + { + returnStatus = ANSC_STATUS_BAD_PARAMETER; + goto EXIT; + } + /* copy value back */ for( i = 0; i < ulParamCount; i ++) { diff --git a/source/ccsp/components/common/DataModel/dml/components/DslhWmpDatabase/dslh_wmpdo_mpaif.c b/source/ccsp/components/common/DataModel/dml/components/DslhWmpDatabase/dslh_wmpdo_mpaif.c index 6d6b3ed36..59b9d9f5e 100644 --- a/source/ccsp/components/common/DataModel/dml/components/DslhWmpDatabase/dslh_wmpdo_mpaif.c +++ b/source/ccsp/components/common/DataModel/dml/components/DslhWmpDatabase/dslh_wmpdo_mpaif.c @@ -859,7 +859,7 @@ DslhWmpdoMpaSetParameterValues { if(pVarRecord->Notification) { - vcSig.parameterName = pParameterValueArray[i].Name; + vcSig.parameterName = AnscCloneString(pParameterValueArray[i].Name); parseOldVal(pParameterValueArray[i].Value, &vcSig); vcSig.newValue = vcSig.oldValue; parseOldVal(pVarRecord->OldParamValue, &vcSig); @@ -1718,6 +1718,13 @@ DslhWmpdoMpaGetParameterValues (AnscSizeOfString(pParamNameArray->Array.arrayString[i]) == 0) || DslhCwmpIsPartialName(pParamNameArray->Array.arrayString[i]) ) { + if ((ulParameterIndex > ulParameterCount) && (ulParameterIndex < pParamNameArray->VarCount)) + { + AnscTraceWarning(("ulParameterIndex:%lu is greater than ulParameterCount:%lu\n", ulParameterIndex, ulParameterCount)); + AnscTraceWarning(("pParamNameArray->VarCount:%lu\n", pParamNameArray->VarCount)); + AnscTraceWarning(("ulParamCopyCount:%lu\n", ulParamCopyCount)); + } + pObjRecord = (PDSLH_OBJ_RECORD_OBJECT)phAnyRecordArray[i]; ulParamCopyCount = ulParameterCount - ulParameterIndex; @@ -1730,6 +1737,16 @@ DslhWmpdoMpaGetParameterValues bFromAcs, writeID ); + if ( returnStatus != ANSC_STATUS_SUCCESS ) + { + goto EXIT3; + } + + if ( ulParamCopyCount > (ulParameterCount - ulParameterIndex) ) + { + returnStatus = ANSC_STATUS_BAD_PARAMETER; + goto EXIT3; + } ulParameterIndex += ulParamCopyCount; } @@ -1784,9 +1801,12 @@ DslhWmpdoMpaGetParameterValues if( ppValueArray[ulSameObj] == NULL) { - break; + returnStatus = ANSC_STATUS_RESOURCES; + goto EXIT2; } + SlapInitVariable(ppValueArray[ulSameObj]); + pVarEntity = (PDSLH_VAR_ENTITY_OBJECT)pVarRecord->hDslhVarEntity; ppValueArray[ulSameObj]->Name = pVarRecord->GetFullName((ANSC_HANDLE)pVarRecord); @@ -1834,8 +1854,13 @@ DslhWmpdoMpaGetParameterValues for( j = 0 ; j < ulSameObj; j ++) { + if ( ulParameterIndex >= ulParameterCount ) + { + returnStatus = ANSC_STATUS_BAD_PARAMETER; + goto EXIT3; + } /* copy the value back */ - pParameterValueArray[ulParameterIndex].Name = ppValueArray[j]->Name; + pParameterValueArray[ulParameterIndex].Name = AnscCloneString(ppValueArray[j]->Name); pParameterValueArray[ulParameterIndex].Value = ppValueArray[j]; ppValueArray[j]->Name = NULL; diff --git a/source/ccsp/components/common/MessageBusHelper/helper/messagebus_interface_helper.c b/source/ccsp/components/common/MessageBusHelper/helper/messagebus_interface_helper.c index 22097a011..e41273ef2 100644 --- a/source/ccsp/components/common/MessageBusHelper/helper/messagebus_interface_helper.c +++ b/source/ccsp/components/common/MessageBusHelper/helper/messagebus_interface_helper.c @@ -372,6 +372,11 @@ CcspCcMbi_GetParameterValues { for ( i = 0; i < ulArraySize; i++ ) { + if (pParamValueArray[i].Name == NULL) + { + AnscTraceWarning(("CcspCcMbi_GetParameterValues cleanup stopped at index %lu (NULL Name)\n", i)); + break; + } DslhCwmpCleanParamValue((&pParamValueArray[i])); }