diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2021-10-01 00:36:57 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-10-01 00:36:57 +0000 |
| commit | 5ea480565b4f74814de417df60b5a6cb1c149570 (patch) | |
| tree | 339799d274c8266db25d3e3ba1651cc448ec67f4 | |
| parent | a212c1dd4c91a4fdcef745b9b534729938551df0 (diff) | |
| parent | 33891720aaa7e97c7ec50d31ebb69cea2eb28565 (diff) | |
| download | native-5ea480565b4f74814de417df60b5a6cb1c149570.tar.gz | |
Merge "libbinder: RPC error on unexpected session ID size" am: 33891720aa
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/1842875
Change-Id: I64dd7e460ae991852d36e0a46b5c0a732657a47b
| -rw-r--r-- | libs/binder/RpcServer.cpp | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/libs/binder/RpcServer.cpp b/libs/binder/RpcServer.cpp index ba2920e3ac..44b588be00 100644 --- a/libs/binder/RpcServer.cpp +++ b/libs/binder/RpcServer.cpp @@ -16,6 +16,7 @@ #define LOG_TAG "RpcServer" +#include <inttypes.h> #include <poll.h> #include <sys/socket.h> #include <sys/un.h> @@ -38,6 +39,8 @@ namespace android { +constexpr size_t kSessionIdBytes = 32; + using base::ScopeGuard; using base::unique_fd; @@ -289,13 +292,19 @@ void RpcServer::establishConnection(sp<RpcServer>&& server, base::unique_fd clie std::vector<uint8_t> sessionId; if (status == OK) { if (header.sessionIdSize > 0) { - sessionId.resize(header.sessionIdSize); - status = client->interruptableReadFully(server->mShutdownTrigger.get(), - sessionId.data(), sessionId.size(), {}); - if (status != OK) { - ALOGE("Failed to read session ID for client connecting to RPC server: %s", - statusToString(status).c_str()); - // still need to cleanup before we can return + if (header.sessionIdSize == kSessionIdBytes) { + sessionId.resize(header.sessionIdSize); + status = client->interruptableReadFully(server->mShutdownTrigger.get(), + sessionId.data(), sessionId.size(), {}); + if (status != OK) { + ALOGE("Failed to read session ID for client connecting to RPC server: %s", + statusToString(status).c_str()); + // still need to cleanup before we can return + } + } else { + ALOGE("Malformed session ID. Expecting session ID of size %zu but got %" PRIu16, + kSessionIdBytes, header.sessionIdSize); + status = BAD_VALUE; } } } @@ -353,8 +362,7 @@ void RpcServer::establishConnection(sp<RpcServer>&& server, base::unique_fd clie // Uniquely identify session at the application layer. Even if a // client/server use the same certificates, if they create multiple // sessions, we still want to distinguish between them. - constexpr size_t kSessionIdSize = 32; - sessionId.resize(kSessionIdSize); + sessionId.resize(kSessionIdBytes); size_t tries = 0; do { // don't block if there is some entropy issue |