summaryrefslogtreecommitdiffstats
path: root/libs/binder
diff options
context:
space:
mode:
authorChristopher Tate <ctate@google.com>2015-06-03 18:44:15 -0700
committerChristopher Tate <ctate@google.com>2015-06-08 13:13:19 -0700
commit98e67d352b8805a868ca0e7c2be3ea830fb7c338 (patch)
tree55f0942778666611027851e7d4e302fa86acc211 /libs/binder
parentc6f30bdee1f634eb90d68cb76efe935b6535a1e8 (diff)
downloadframeworks_native-98e67d352b8805a868ca0e7c2be3ea830fb7c338.zip
frameworks_native-98e67d352b8805a868ca0e7c2be3ea830fb7c338.tar.gz
frameworks_native-98e67d352b8805a868ca0e7c2be3ea830fb7c338.tar.bz2
Don't corrupt parcel when writeFileDescriptor() fails
We now check for fd-legality before committing binder objects to the flattened data buffer rather than after. Previously we would wind up corrupting the parcel and incurring driver-level errors, as well as potentially leaking FDs. Bug 21428802 Change-Id: Ice0d641b3dcc41fb1b8c68ce2e2ebd744c2863a1
Diffstat (limited to 'libs/binder')
-rw-r--r--libs/binder/Parcel.cpp15
1 files changed, 8 insertions, 7 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index bae4eb5..2ebf617 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1013,21 +1013,22 @@ status_t Parcel::writeObject(const flat_binder_object& val, bool nullMetaData)
restart_write:
*reinterpret_cast<flat_binder_object*>(mData+mDataPos) = val;
- // Need to write meta-data?
- if (nullMetaData || val.binder != 0) {
- mObjects[mObjectsSize] = mDataPos;
- acquire_object(ProcessState::self(), val, this);
- mObjectsSize++;
- }
-
// remember if it's a file descriptor
if (val.type == BINDER_TYPE_FD) {
if (!mAllowFds) {
+ // fail before modifying our object index
return FDS_NOT_ALLOWED;
}
mHasFds = mFdsKnown = true;
}
+ // Need to write meta-data?
+ if (nullMetaData || val.binder != 0) {
+ mObjects[mObjectsSize] = mDataPos;
+ acquire_object(ProcessState::self(), val, this);
+ mObjectsSize++;
+ }
+
return finishWrite(sizeof(flat_binder_object));
}