RDKB-61953 RDKB-62249 : Fixing coverity issues for hotspot repo

[bunnam988]

RDKB-61953 RDKB-62249 : Fixing coverity issues for hotspot repo

Reason for change: Resolving coverity issues on hotspot repo
Test Procedure: Ensure no regression on functionality
Risks: medium
Priority: P1

[Copilot]

Pull Request Overview

This PR focuses on improving code security and robustness through string safety enhancements, memory management fixes, and bounds checking improvements across multiple hotspot-related components.

Key Changes:

• Enhanced string copy operations with explicit null-termination to prevent buffer overflows
• Added proper error handling for string concatenation operations
• Improved DHCP option parsing with better bounds checking
• Fixed memory leaks and added malloc failure handling
• Replaced weak random number generation with cryptographically secure alternative

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
source/hotspotfd/ssp_messagebus_interface.c	Simplified return logic by removing unused variable
source/hotspotfd/hotspotfd.c	Added error checking for strcat_s and improved strncpy null-termination
source/hotspotfd/dhcpsnooper.c	Fixed variable scope issue by moving declaration to function start
source/XfinityTestAgent/tunnelcheck.c	Enhanced string safety, improved DHCP parsing, replaced random() with secure alternative, added memory checks
source/HotspotApi/HotspotApi.c	Fixed memory leak and simplified control flow

Comments suppressed due to low confidence (2)

source/XfinityTestAgent/tunnelcheck.c:889

• Accessing offer_packet->options[itr1] without verifying that itr1 is within bounds after the two increments at lines 883-884. Add a bounds check before this access: if (itr1 >= MAX_DHCP_OPTIONS_LENGTH) break;

            return offer_packet->options[itr1];

source/XfinityTestAgent/tunnelcheck.c:933

• The memcpy reads sizeof(struct in_addr) bytes starting at offer_packet->options[itr1] without verifying there are enough bytes remaining in the buffer. Add a bounds check before this operation: if (itr1 + sizeof(struct in_addr) > MAX_DHCP_OPTIONS_LENGTH) break;

            memcpy(&server_ip, &offer_packet->options[itr1], sizeof(struct in_addr));

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (2)

source/XfinityTestAgent/tunnelcheck.c:895

• After the bounds check on line 874, this loop can still cause itr1 to exceed MAX_DHCP_OPTIONS_LENGTH. If option_length is large enough, incrementing itr1 by option_length could overflow the bounds. The loop should include a check to ensure itr1 doesn't exceed the array bounds: for(itr2=0;itr2<(int)option_length && itr1<MAX_DHCP_OPTIONS_LENGTH;itr2++,itr1++);

            for(itr2=0;itr2<(int)option_length;itr2++,itr1++);

source/XfinityTestAgent/tunnelcheck.c:939

• Similar to the issue in dhcp_msg_type, this loop can cause itr1 to exceed MAX_DHCP_OPTIONS_LENGTH if option_length is large. The loop should include a bounds check: for(itr2=0;itr2<(int)option_length && itr1<MAX_DHCP_OPTIONS_LENGTH;itr2++,itr1++);

            for(itr2=0;itr2<(int)option_length;itr2++,itr1++);

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

@bunnam988 I've opened a new pull request, #24, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

@bunnam988 I've opened a new pull request, #25, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

@bunnam988 I've opened a new pull request, #26, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[apattu200]

To proceed with merge, please provide below informations.

1. Is this a Bug or a User Story (US)?
2. If it is a User Story:
   • Please list all dependent PRs from other components, if any.
   • The commit message must include both the User Story ticket and the Subtask ticket.
   • All changes related to the User Story must be squashed and merged in a single commit.
   • Do not raise pull requests for partial User Story changes.
   • Has the code development for the User Story been completed?
     • If yes, please share the Gerrit topic or list all dependent PRs across components, including any meta-layer changes.
3. Is there a validation log available in the Jira ticket for verifying builds with the updated generic-srcrev.inc across all platforms?
   • If yes, please share the links to the validation comments.

[GoutamD2905]

Before merging, I have a few questions:

1. Is this a Bug or a User Story (US)?
2. If it is a User Story:
   • Have all dependent PRs from other components been listed (if any)?
   • Does the commit message include both the User Story ticket and the Subtask ticket?
   • Will be all changes related to the User Story squashed and merged in a single commit?
   • Has the PR been raised only after completing all changes for the User Story (no partial changes)?
   • Has code development for the User Story been completed?
     • If yes, has the Gerrit topic or list of all dependent PRs across components (including meta-layer changes) been shared?
3. Is there a validation log available in the Jira ticket for verifying builds with the updated generic-srcrev.inc across all platforms?
   • If yes, have the links to validation comments been shared?

[bunnam988]

Before merging, I have a few questions:

1. Is this a Bug or a User Story (US)? yes it a user story

2. If it is a User Story:

   • Have all dependent PRs from other components been listed (if any)? No

   • Does the commit message include both the User Story ticket and the Subtask ticket? yes

   • Will be all changes related to the User Story squashed and merged in a single commit? yes

   • Has the PR been raised only after completing all changes for the User Story (no partial changes)? yes

   • Has code development for the User Story been completed? yes

     • If yes, has the Gerrit topic or list of all dependent PRs across components (including meta-layer changes) been shared? No dependent changes

3. Is there a validation log available in the Jira ticket for verifying builds with the updated generic-srcrev.inc across all platforms? yes attached in ticket

   • If yes, have the links to validation comments been shared? yes