diff options
| author | Nick Kralevich <nnk@google.com> | 2011-04-18 15:55:59 -0700 | 
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2011-04-19 12:33:44 -0700 | 
| commit | 6bc08280108d020edfceff039f3955eebdc1e45c (patch) | |
| tree | daefe1fa1cb80f28ed17c2291af071170eb7f5f5 /libsysutils | |
| parent | 71ead1835317af5305f9ef87ce06ebdf9cff92e6 (diff) | |
| download | system_core-6bc08280108d020edfceff039f3955eebdc1e45c.zip system_core-6bc08280108d020edfceff039f3955eebdc1e45c.tar.gz system_core-6bc08280108d020edfceff039f3955eebdc1e45c.tar.bz2 | |
Validate sender credentials on netlink msg receive
Verify that netlink messages are actually from the kernel,
and not from a userspace program.
This is a manual cherry-pick from b620a0b1c7ae486e979826200e8e441605b0a5d6
Change-Id: I237f0a5cb56393bb3aab64a7ae5898f2bdc95cef
Diffstat (limited to 'libsysutils')
| -rw-r--r-- | libsysutils/src/NetlinkListener.cpp | 29 | 
1 files changed, 26 insertions, 3 deletions
| diff --git a/libsysutils/src/NetlinkListener.cpp b/libsysutils/src/NetlinkListener.cpp index a4f62c6..ddf6537 100644 --- a/libsysutils/src/NetlinkListener.cpp +++ b/libsysutils/src/NetlinkListener.cpp @@ -17,6 +17,7 @@  #include <sys/types.h>  #include <sys/socket.h> +#include <linux/netlink.h>  #include <string.h>  #define LOG_TAG "NetlinkListener" @@ -32,11 +33,33 @@ NetlinkListener::NetlinkListener(int socket) :  bool NetlinkListener::onDataAvailable(SocketClient *cli)  {      int socket = cli->getSocket(); -    int count; +    ssize_t count; +    char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; +    struct sockaddr_nl snl; +    struct iovec iov = {mBuffer, sizeof(mBuffer)}; +    struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0}; -    count = TEMP_FAILURE_RETRY(recv(socket, mBuffer, sizeof(mBuffer), 0)); +    count = TEMP_FAILURE_RETRY(recvmsg(socket, &hdr, 0));      if (count < 0) { -        SLOGE("recv failed (%s)", strerror(errno)); +        SLOGE("recvmsg failed (%s)", strerror(errno)); +        return false; +    } + +    if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) { +        SLOGE("ignoring non-kernel netlink multicast message"); +        return false; +    } + +    struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr); + +    if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { +        SLOGE("ignoring message with no sender credentials"); +        return false; +    } + +    struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg); +    if (cred->uid != 0) { +        SLOGE("ignoring message from non-root UID %d", cred->uid);          return false;      } | 
