property_service: better validate property names

Don't allow unexpected characters in property names.
Don't allow double dots in property names.

Bug: 10733330
Change-Id: I8d69740d697efb791f2f201f90989576e13bac81
This commit is contained in:
Nick Kralevich 2013-09-13 17:21:28 -07:00
parent 53dc297dd6
commit 6946361421
1 changed files with 37 additions and 4 deletions

View File

@ -276,6 +276,34 @@ static void write_persistent_property(const char *name, const char *value)
}
}
static bool is_legal_property_name(const char* name, size_t namelen)
{
size_t i;
bool previous_was_dot = false;
if (namelen >= PROP_NAME_MAX) return false;
if (namelen < 1) return false;
if (name[0] == '.') return false;
if (name[namelen - 1] == '.') return false;
/* Only allow alphanumeric, plus '.', '-', or '_' */
/* Don't allow ".." to appear in a property name */
for (i = 0; i < namelen; i++) {
if (name[i] == '.') {
if (previous_was_dot == true) return false;
previous_was_dot = true;
continue;
}
previous_was_dot = false;
if (name[i] == '_' || name[i] == '-') continue;
if (name[i] >= 'a' && name[i] <= 'z') continue;
if (name[i] >= 'A' && name[i] <= 'Z') continue;
if (name[i] >= '0' && name[i] <= '9') continue;
return false;
}
return true;
}
int property_set(const char *name, const char *value)
{
prop_info *pi;
@ -284,9 +312,8 @@ int property_set(const char *name, const char *value)
size_t namelen = strlen(name);
size_t valuelen = strlen(value);
if(namelen >= PROP_NAME_MAX) return -1;
if(valuelen >= PROP_VALUE_MAX) return -1;
if(namelen < 1) return -1;
if (!is_legal_property_name(name, namelen)) return -1;
if (valuelen >= PROP_VALUE_MAX) return -1;
pi = (prop_info*) __system_property_find(name);
@ -298,7 +325,7 @@ int property_set(const char *name, const char *value)
} else {
ret = __system_property_add(name, namelen, value, valuelen);
if (ret < 0) {
ERROR("Failed to set '%s'='%s'", name, value);
ERROR("Failed to set '%s'='%s'\n", name, value);
return ret;
}
}
@ -364,6 +391,12 @@ void handle_property_set_fd()
msg.name[PROP_NAME_MAX-1] = 0;
msg.value[PROP_VALUE_MAX-1] = 0;
if (!is_legal_property_name(msg.name, strlen(msg.name))) {
ERROR("sys_prop: illegal property name. Got: \"%s\"\n", msg.name);
close(s);
return;
}
getpeercon(s, &source_ctx);
if(memcmp(msg.name,"ctl.",4) == 0) {