openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix vold vulnerability in FrameworkListener am: 470484d2a2 

am: e9e046df6c

Change-Id: I8f2452782817ddf03051af08e70ba9d4c4fa578a
This commit is contained in:
Connor O'Brien 2016-08-19 22:08:22 +00:00 committed by android-build-merger
parent 7ed0995930 e9e046df6c
commit 109024f74a
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/sysutils/FrameworkListener.h
View File

@ -32,6 +32,7 @@ private:
int mCommandCount;
bool mWithSeq;
FrameworkCommandCollection *mCommands;
bool mSkipToNextNullByte;
public:
FrameworkListener(const char *socketName);

17
libsysutils/src/FrameworkListener.cpp
View File

@ -44,6 +44,7 @@ void FrameworkListener::init(const char *socketName UNUSED, bool withSeq) {
errorRate = 0;
mCommandCount = 0;
mWithSeq = withSeq;
mSkipToNextNullByte = false;
}
bool FrameworkListener::onDataAvailable(SocketClient *c) {
@ -54,10 +55,15 @@ bool FrameworkListener::onDataAvailable(SocketClient *c) {
if (len < 0) {
SLOGE("read() failed (%s)", strerror(errno));
return false;
} else if (!len)
} else if (!len) {
return false;
if(buffer[len-1] != '\0')
} else if (buffer[len-1] != '\0') {
SLOGW("String is not zero-terminated");
android_errorWriteLog(0x534e4554, "29831647");
c->sendMsg(500, "Command too large for buffer", false);
mSkipToNextNullByte = true;
return false;
}
int offset = 0;
int i;
@ -65,11 +71,16 @@ bool FrameworkListener::onDataAvailable(SocketClient *c) {
for (i = 0; i < len; i++) {
if (buffer[i] == '\0') {
/* IMPORTANT: dispatchCommand() expects a zero-terminated string */
dispatchCommand(c, buffer + offset);
if (mSkipToNextNullByte) {
mSkipToNextNullByte = false;
} else {
dispatchCommand(c, buffer + offset);
}
offset = i + 1;
}
}
mSkipToNextNullByte = false;
return true;
}