diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bc45ea5..6258ac71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,30 @@ All notable changes to this project will be documented in this file. Dates are d Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). +#### [1.4.0](https://github.com/rdkcentral/utopia/compare/1.3.1...1.4.0) + +- RDKB-61489: {Ignite} Router advertisement packet has been dropped via firewall at runtime. [`#139`](https://github.com/rdkcentral/utopia/pull/139) +- RDKB-62206 - Rename NTP Telemetry Marker [`#133`](https://github.com/rdkcentral/utopia/pull/133) +- IPV6 hotspot support for ETHWAN mode and Other Platform [`#124`](https://github.com/rdkcentral/utopia/pull/124) +- RDKB-61914: XB,XLE and Client online in NOC and connected to each oth… [`#123`](https://github.com/rdkcentral/utopia/pull/123) +- RDKCOM-5465: RDKBDEV-3294 Fix open port 21515 by default on unexpected interfaces. [`#98`](https://github.com/rdkcentral/utopia/pull/98) +- RDKB-61944 : [Coverity] Various issues in utopia component [`#132`](https://github.com/rdkcentral/utopia/pull/132) +- RDKB-6079800: IPv6 Support for WiFi Hotspot [`8ea42bb`](https://github.com/rdkcentral/utopia/commit/8ea42bb4ab7b4f5a5abbcdedf50102411689db09) +- RDKB-6079800: IPv6 Support for WiFi Hotspot [`53f7e13`](https://github.com/rdkcentral/utopia/commit/53f7e13cf295b1d6af7c711fc8a13f0297e4d30c) +- RDKB-61914: XB,XLE and Client online in NOC and connected to each other without internet [`5c19b83`](https://github.com/rdkcentral/utopia/commit/5c19b839ff2fbad226e51792e68edc984e0e88d3) + #### [1.3.1](https://github.com/rdkcentral/utopia/compare/1.3.0...1.3.1) +> 20 November 2025 + - CBR2-2216:Observing SYS_SH_Zebra_restart marker during stability testing [`#129`](https://github.com/rdkcentral/utopia/pull/129) - RDKCOM-5457: RDKBDEV-3301 Bringup of Utopia on QCOM Platform [`#94`](https://github.com/rdkcentral/utopia/pull/94) - XB9-668 : Upstream xb9 specific changes to github repo [`#118`](https://github.com/rdkcentral/utopia/pull/118) - TCXB8-3707: Parental Controls blocks false positives [`#107`](https://github.com/rdkcentral/utopia/pull/107) - TCXB8-3706 : SYS_SH_Syseventd_restart marker [`#116`](https://github.com/rdkcentral/utopia/pull/116) -- RDKB-777777: Debugging the lan-status is not set to started issue [`11c8f66`](https://github.com/rdkcentral/utopia/commit/11c8f66d7acc6364737efddb85fc62394c40e2fb) -- Merge tag '1.3.0' into develop [`c866914`](https://github.com/rdkcentral/utopia/commit/c86691486474e6156fd8243cd55299fa778021e9) - Adding rule for handling https keyword filtering [`8627882`](https://github.com/rdkcentral/utopia/commit/86278821c1fc53f7276a726294e1cfa72a548686) +- Description : Bringup of IPQ Platforms [`99e8eaf`](https://github.com/rdkcentral/utopia/commit/99e8eafe797929860af24ee64a2f8570943a3bad) +- RDKB-777777: Debugging the lan-status is not set to started issue [`11c8f66`](https://github.com/rdkcentral/utopia/commit/11c8f66d7acc6364737efddb85fc62394c40e2fb) #### [1.3.0](https://github.com/rdkcentral/utopia/compare/1.2.2...1.3.0) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index d66db8f2..3cfb7f9e 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -8958,6 +8958,7 @@ static int do_parcon_mgmt_device(FILE *fp, int iptype, FILE *cron_fp) return(0); } +#define MAX_DEV_8K 8192 devMacSt * getPcmdList(int *devCount) { int count = 0; @@ -8984,9 +8985,10 @@ memset(buf, 0, sizeof(buf)); FIREWALL_DEBUG("invalid data\n"); break; } - if (numDev < INT_MIN || numDev > INT_MAX) + + if(numDev < 0 || numDev > MAX_DEV_8K) { - FIREWALL_DEBUG("invalid integer\n"); + FIREWALL_DEBUG("value out of range\n"); break; } @@ -9192,6 +9194,7 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c ruleIndex += do_parcon_mgmt_lan2wan_pc_site_appendrule(fp); #endif + bool keywd_chains_exists = false; for (idx = 1; idx <= count; idx++) { char namespace[MAX_QUERY]; @@ -9397,6 +9400,7 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c int range_max = 1024; //max payload bytes to filter int range_multiplier = 2; + FIREWALL_DEBUG("adding rules for KEYWD\n"); // Extract keyword if user input is a full URL if (strstr(query, "://") != NULL) { keyword = strstr(query, "://") + 3; @@ -9413,25 +9417,33 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c int from,to; for (from = 0, to = 64; from < range_max; from = to, to = (to * range_multiplier > range_max) ? range_max : to * range_multiplier) { - char chainName[64] = {'\0'}; + char chain_name[64] = {'\0'}; - // Create new chain + // Create new chain only for first keyword // linux iptables chainname length is max 29 chars - snprintf(chainName, sizeof(chainName), "LOG_SiteBlk_KW_%d_%d", from, to); - fprintf(fp, ":%s - [0:0]\n", chainName); + snprintf(chain_name, sizeof(chain_name), "LOG_SiteBlk_KW_%d_%d", from, to); + + // Private chain per range is created only once + if (keywd_chains_exists == false) { + // create new chain + fprintf(fp, ":%s - [0:0]\n", chain_name); + } // Add rule to jump to private chain if "Host:" is found in this offset range fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 80 -m string --string \"Host:\" --algo kmp --from %d --to %d --icase -j %s\n", - from, to, chainName); + from, to, chain_name); // Add rule to match keyword in private chain within same offset range fprintf(fp, "-A %s -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n", - chainName, keyword, from, to, drop_log); + chain_name, keyword, from, to, drop_log); // Default rule to return if not matched - fprintf(fp, "-A %s -j RETURN\n", chainName); + fprintf(fp, "-A %s -j RETURN\n", chain_name); } + // set keywd chains created + keywd_chains_exists = true; + // Add rule for https filter fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 443 -m string --string \"%s\" --algo kmp --icase -j %s\n", keyword, drop_log); @@ -13241,7 +13253,8 @@ int do_block_ports(FILE *filter_fp) fprintf(filter_fp, "-A INPUT ! -i brlan0 -p tcp -m tcp --dport 49152:49153 -j DROP\n"); /* For EasyMesh Controller Communication */ #if defined(_PLATFORM_BANANAPI_R4_) - fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 49153 -j ACCEPT\n",get_current_wan_ifname()); + fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 49153 -j ACCEPT\n", get_current_wan_ifname()); + fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 8888 -j ACCEPT\n", get_current_wan_ifname()); #endif fprintf(filter_fp, "-A INPUT ! -i brlan0 -p udp -m udp --dport 1900 -j DROP\n"); fprintf(filter_fp, "-I INPUT ! -i brlan0 -p tcp -m tcp --dport 21515 -j DROP\n"); diff --git a/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c b/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c index 1430afbc..0a589550 100644 --- a/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c +++ b/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c @@ -133,11 +133,14 @@ static inline void create_file_644(const char *path) int fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if (fd == -1) + if (fd >= 0) + { + close(fd); + } + else { perror("open failed"); } - close(fd); } static char *trim (char *in) diff --git a/source/utapi/lib/utapi.c b/source/utapi/lib/utapi.c index 8581419a..599f5286 100644 --- a/source/utapi/lib/utapi.c +++ b/source/utapi/lib/utapi.c @@ -1878,11 +1878,19 @@ int Utopia_GetStaticRouteTable (int *count, routeStatic_t **out_sroute) return UT_SUCCESS; } + size_t ucount = (size_t)*count; + if (ucount > SIZE_MAX / sizeof(routeStatic_t)) + { + fclose(fp); + return -EOVERFLOW; + } + sroute = (routeStatic_t *) calloc((size_t)(*count), sizeof(routeStatic_t)); if (NULL == sroute) { fclose(fp);/*RDKB-7128, CID-33470, free unused resources before exit*/ return ERR_INSUFFICIENT_MEM; } + memset(sroute, 0, (size_t)(*count) * sizeof(routeStatic_t)); // Seek to beginning of file fseek(fp, 0, SEEK_SET);