view src/g23m-gsm/sim/sim_gprs.c @ 516:1ed9de6c90bd

src/g23m-gsm/sms/sms_for.c: bogus malloc removed The new error handling code that was not present in TCS211 blob version contains a malloc call that is bogus for 3 reasons: 1) The memory allocation in question is not needed in the first place; 2) libc malloc is used instead of one of the firmware's proper ways; 3) The memory allocation is made inside a function and then never freed, i.e., a memory leak. This bug was caught in gcc-built FreeCalypso fw projects (Citrine and Selenite) because our gcc environment does not allow any use of libc malloc (any reference to malloc produces a link failure), but this code from TCS3.2 is wrong even for Magnetite: if this code path is executed repeatedly over a long time, the many small allocations made by this malloc call without a subsequent free will eventually exhaust the malloc heap provided by the TMS470 environment, malloc will start returning NULL, and the bogus code will treat it as an error. Because the memory allocation in question is not needed at all, the fix entails simply removing it.
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 22 Jul 2018 06:04:49 +0000
parents 27a4235405c6
children
line wrap: on
line source

/* 
+----------------------------------------------------------------------------- 
|  Project :  GSM-F&D (8411)
|  Modul   :  SIM_GPRS
+----------------------------------------------------------------------------- 
|  Copyright 2002 Texas Instruments Berlin, AG 
|                 All rights reserved. 
| 
|                 This file is confidential and a trade secret of Texas 
|                 Instruments Berlin, AG 
|                 The receipt of or possession of this file does not convey 
|                 any rights to reproduce or disclose its contents or to 
|                 manufacture, use, or sell anything it may describe, in 
|                 whole, or in part, without the specific written consent of 
|                 Texas Instruments Berlin, AG. 
+----------------------------------------------------------------------------- 
|  Purpose :  This modul defines the GPRS Upgrade.
+----------------------------------------------------------------------------- 
*/ 

#ifndef SIM_GPRS_C
#define SIM_GPRS_C

#define ENTITY_SIM

/*==== INCLUDES ===================================================*/

#include <string.h>
#include "typedefs.h"
#include "pcm.h"
#include "pconst.cdg"
#include "message.h"
#include "ccdapi.h"
#include "vsi.h"
#include "custom.h"
#include "gsm.h"
#include "cnf_sim.h"
#include "mon_sim.h"
#include "prim.h"
#include "pei.h"
#include "tok.h"
#include "sim.h"

/*==== EXPORT =====================================================*/

/*==== PRIVAT =====================================================*/

/*==== TYPES ======================================================*/

/*==== CONSTANTS ==================================================*/

/*==== VARIABLES ==================================================*/

/*==== FUNCTIONS ==================================================*/

/*
+--------------------------------------------------------------------+
| PROJECT : GSM-PS (8419)     MODULE  : SIM_GPRS                     |
| STATE   : code              ROUTINE : gprs_check_pcm_data          |
+--------------------------------------------------------------------+

  PURPOSE : Checks the validation of GPRS data stored in PCM.

*/

GLOBAL BOOL gprs_check_pcm_data (T_imsi_field *sim_imsi)
{
  EF_IMSIGPRS imsi;
  UBYTE       version;


  return pcm_ReadFile((UBYTE *)EF_IMSIGPRS_ID, SIZE_EF_IMSIGPRS,
                      (UBYTE *)&imsi, &version) EQ PCM_OK
                       AND
                      (sim_imsi->c_field EQ imsi.len)
                       AND
                       !memcmp(imsi.IMSI, sim_imsi->field, sim_imsi->c_field);
}
/*
+--------------------------------------------------------------------+
| PROJECT : GSM-PS (8419)     MODULE  : SIM_GPRS                     |
| STATE   : code              ROUTINE : gprs_gmm_insert_ind          |
+--------------------------------------------------------------------+

  PURPOSE : Collects the initial data for GMM.

*/

GLOBAL void gprs_gmm_insert_ind (T_SIM_MM_INSERT_IND * sim_mm_insert_ind)
{
  UBYTE  kc_n[MAX_KC_N];
  int    i;
  /*
   * Read Parameters for GPRS mobility management
   */
  PALLOC (sim_gmm_insert_ind, SIM_GMM_INSERT_IND);

  TRACE_FUNCTION ("gprs_sim_gmm_insert_ind()");

  /*
   * administrative data
   */
  sim_gmm_insert_ind->op_mode = sim_mm_insert_ind->ad[0];

  /*
   * IMSI
   */
  memcpy (&sim_gmm_insert_ind->imsi_field, &sim_mm_insert_ind->imsi_field,
          sizeof (T_imsi_field));
  /*
   * Location Information
   */
  memcpy (&sim_gmm_insert_ind->loc_info, &sim_mm_insert_ind->loc_info,
          sizeof (T_loc_info));
  /*
   * access control classes
   */
  memcpy (&sim_gmm_insert_ind->acc_ctrl, &sim_mm_insert_ind->acc_ctrl,
          sizeof (T_acc_ctrl));
   /*
    * phase
    */
  sim_gmm_insert_ind->phase = sim_data.sim_phase;

  if (SIM_IS_FLAG_SET (SERVICE_38_SUPPORT))
  {
    /*
     * SIM card supports GPRS
     *
     * Read GPRS Location Information
     */
    TRACE_EVENT ("SIM supports GPRS");
  
    if (FKT_Select (SIM_LOCGPRS, FALSE, NULL, NULL, 0) EQ SIM_NO_ERROR)
    {
      sim_gmm_insert_ind->gprs_loc_info.c_loc = MAX_LOCIGPRS;
      if (FKT_ReadBinary ((UBYTE *)&sim_gmm_insert_ind->gprs_loc_info.loc,
                          0, MAX_LOCIGPRS) NEQ SIM_NO_ERROR)
      {
        PFREE (sim_gmm_insert_ind);
        return;
      }
    }
    /*
     * Read GPRS KC
     */
    if (FKT_Select (SIM_KCGPRS, FALSE, NULL, NULL, 0) EQ SIM_NO_ERROR)
    {
      if (FKT_ReadBinary ((UBYTE *)kc_n, 0, MAX_KC_N) NEQ
          SIM_NO_ERROR)
      {
        PFREE (sim_gmm_insert_ind);
        return;
      }
      else
      {
        sim_gmm_insert_ind->kc_n.c_kc = MAX_KC_N;
        /*
         * Store KC in opposite order
         */
        for (i = 0; i < MAX_KC; i++)
          sim_gmm_insert_ind->kc_n.kc[(MAX_KC-1)-i] = kc_n[i];
        /*
         * Store cipher key sequence number
         */
        sim_gmm_insert_ind->kc_n.kc[MAX_KC] = kc_n[MAX_KC];
      }
    }
  }
  else
  {
    /*
     * Use PCM instead
     */
    TRACE_EVENT ("SIM does not support GPRS");

    /*
     * Only use ME data, when it is marked with IMSI
     * Note : No storage of the changed IMSI here!
     */
    if (gprs_check_pcm_data (&sim_mm_insert_ind->imsi_field))
    {
      UBYTE version;
      /*
       * then read the fields
       */
      pcm_ReadFile((UBYTE *) EF_LOCGPRS_ID,SIZE_EF_LOCGPRS,
                   (UBYTE *) &sim_gmm_insert_ind->gprs_loc_info.loc, &version);
      sim_gmm_insert_ind->gprs_loc_info.c_loc = MAX_LOCIGPRS;
      pcm_ReadFile((UBYTE *) EF_KCGPRS_ID,SIZE_EF_KCGPRS,
                   (UBYTE *) &sim_gmm_insert_ind->kc_n, &version);
    }
    else
    {
      /*
       * reading of IMSI failed, set values to defaults
       */
      memset (&sim_gmm_insert_ind->gprs_loc_info.loc, 0xFF, MAX_LOCIGPRS);
      sim_gmm_insert_ind->gprs_loc_info.loc[11] = 0xFE;
      sim_gmm_insert_ind->gprs_loc_info.c_loc = 0;
      memset (&sim_gmm_insert_ind->kc_n, 0xFF, 9);
    }
  }

  /*
   * send information to GPRS mobility management
   */
  PSENDX (GMM, sim_gmm_insert_ind);
}

/*
+--------------------------------------------------------------------+
| PROJECT : GSM-PS (6302)       MODULE  : SIM_GPRS                   |
| STATE   : code                ROUTINE : gprs_gmm_update_req        |
+--------------------------------------------------------------------+

  PURPOSE : Process of the primitive SIM_GMM_UPDATE_REQ.

*/

GLOBAL void gprs_sim_gmm_update_req (T_SIM_GMM_UPDATE_REQ * sim_gmm_update_req)
{
  int    i;
  T_kc_n kc_n;

  TRACE_FUNCTION ("gprs_sim_gmm_update_req()");

  /*
   * prepare kc and cksn for storing
   */
  kc_n.c_kc = MAX_KC_N;
  kc_n.kc[MAX_KC] = sim_gmm_update_req->cksn;
  for (i = 0; i < MAX_KC; i++)
    kc_n.kc[(MAX_KC-1)-i] = sim_gmm_update_req->kc[i];

  /*
   * SIM with GPRS service activated?
   */
  if (SIM_IS_FLAG_SET (SERVICE_38_SUPPORT))
  {
  /*
   * check location information
   */
    if (sim_gmm_update_req->gprs_loc_info.c_loc > 0)
    {
      if (FKT_Select (SIM_LOCGPRS, FALSE, NULL, NULL, 0) EQ SIM_NO_ERROR)
        FKT_UpdateBinary (sim_gmm_update_req->gprs_loc_info.loc,
                          MAX_LOCIGPRS, 0);
    }
  /*
   * store kc and cksn
   */
    if (FKT_Select (SIM_KCGPRS, FALSE, NULL, NULL, 0) EQ SIM_NO_ERROR)
    {
      FKT_UpdateBinary (kc_n.kc, kc_n.c_kc, 0);
    }
  }
  else
  {
    /*
     * SIM with no GPRS service: store in ME memory
     */
    T_imsi_field sim_imsi;
  
    if (FKT_Select (SIM_IMSI, FALSE, NULL, NULL, 0) EQ SIM_NO_ERROR AND
        FKT_ReadBinary ((UBYTE *)&sim_imsi, 0, MAX_IMSI)
         EQ SIM_NO_ERROR)
    {
      /*
       * Compare IMSI on SIM with IMSI in ME memory
       */
      if (!gprs_check_pcm_data (&sim_imsi))
      {
        /*
         * Check GPRS attach status of current IMSI (from SIM)
         */
        if (sim_gmm_update_req->att_status)
          /*
           * Update IMSI in ME memory, when attached
           */
          pcm_WriteFile((UBYTE *)EF_IMSIGPRS_ID, SIZE_EF_IMSIGPRS,
                        (UBYTE *)&sim_imsi);
        else
        {
          /*
           * do not update GPRS data
           */
          PFREE (sim_gmm_update_req);
          return;
        }
      }
      /*
       * Update GPRS data in ME memory
       */
      if (sim_gmm_update_req->gprs_loc_info.c_loc > 0)
      {
        pcm_WriteFile((UBYTE *)EF_LOCGPRS_ID,SIZE_EF_LOCGPRS,
                      (UBYTE *)&sim_gmm_update_req->gprs_loc_info.loc);
      }
      pcm_WriteFile((UBYTE *)EF_KCGPRS_ID,SIZE_EF_KCGPRS,
                    (UBYTE *)kc_n.kc);
    }
  }
  PFREE (sim_gmm_update_req);
}

#endif