diff options
author | Dan Williams <dcbw@redhat.com> | 2013-03-25 16:18:28 -0500 |
---|---|---|
committer | Dan Williams <dcbw@redhat.com> | 2013-03-25 16:18:28 -0500 |
commit | fcbaa4355505b9de3f227145c4455ca5c387c1e8 (patch) | |
tree | bd29bb3b5cd795f0a5115f64972183486612d140 | |
parent | 95b46c16f1ddb5102876ad87ade47b974cd45e34 (diff) |
broadband-modem: minimally verify QCDM MDN before using it
Sometimes it's garbage, and we don't like garbage.
-rw-r--r-- | src/mm-broadband-modem.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/src/mm-broadband-modem.c b/src/mm-broadband-modem.c index b3ec35a3..7b34f78c 100644 --- a/src/mm-broadband-modem.c +++ b/src/mm-broadband-modem.c @@ -941,9 +941,30 @@ mdn_qcdm_ready (MMQcdmSerialPort *port, } if (qcdm_result_get_string (result, QCDM_CMD_NV_GET_MDN_ITEM_MDN, &numbers[0]) >= 0) { - g_simple_async_result_set_op_res_gpointer (ctx->result, - g_strdupv ((gchar **) numbers), - NULL); + gboolean valid = TRUE; + const char *p = numbers[0]; + + /* Returned NV item data is read directly out of NV memory on the card, + * so minimally verify it. + */ + if (strlen (numbers[0]) < 6 || strlen (numbers[0]) > 15) + valid = FALSE; + + /* MDN is always decimal digits; allow + for good measure */ + while (p && *p && valid) + valid = g_ascii_isdigit (*p++) || (*p == '+'); + + if (valid) { + g_simple_async_result_set_op_res_gpointer (ctx->result, + g_strdupv ((gchar **) numbers), + NULL); + } else { + g_simple_async_result_set_error (ctx->result, + MM_CORE_ERROR, + MM_CORE_ERROR_FAILED, + "%s", + "MDN from NV memory appears invalid"); + } } else { g_simple_async_result_set_error (ctx->result, MM_CORE_ERROR, |