Fix file descriptor leakage in adbd (64d9adce) · Commits · e / os / android_system_core

adb/adb_auth.h

+3 −1

Original line number	Original line	Diff line number	Diff line
	@@ -23,7 +23,6 @@ extern "C" {

	extern int auth_enabled;		extern int auth_enabled;

	void adb_auth_init(void);
	int adb_auth_keygen(const char* filename);		int adb_auth_keygen(const char* filename);
	void adb_auth_verified(atransport *t);		void adb_auth_verified(atransport *t);

	@@ -40,6 +39,7 @@ void send_auth_publickey(atransport *t);

	#if ADB_HOST		#if ADB_HOST

			void adb_auth_init(void);
	int adb_auth_sign(void key, const unsigned char token, size_t token_size,		int adb_auth_sign(void key, const unsigned char token, size_t token_size,
	unsigned char* sig);		unsigned char* sig);
	void adb_auth_nextkey(void current);		void adb_auth_nextkey(void current);
	@@ -58,6 +58,8 @@ static inline int adb_auth_sign(void* key, const unsigned char* token,
	static inline void adb_auth_nextkey(void current) { return NULL; }		static inline void adb_auth_nextkey(void current) { return NULL; }
	static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 0; }		static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 0; }

			void adbd_auth_init(void);
			void adbd_cloexec_auth_socket();
	int adb_auth_generate_token(void *token, size_t token_size);		int adb_auth_generate_token(void *token, size_t token_size);
	int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen);		int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen);
	void adb_auth_confirm_key(unsigned char data, size_t len, atransport t);		void adb_auth_confirm_key(unsigned char data, size_t len, atransport t);

adb/adb_auth_client.cpp

+12 −8

Original line number	Original line	Diff line number	Diff line
	@@ -249,19 +249,23 @@ static void adb_auth_listener(int fd, unsigned events, void *data)
	}		}
	}		}

	void adb_auth_init(void)		void adbd_cloexec_auth_socket() {
	{		int fd = android_get_control_socket("adbd");
	int fd, ret;		if (fd == -1) {

	fd = android_get_control_socket("adbd");
	if (fd < 0) {
	D("Failed to get adbd socket\n");		D("Failed to get adbd socket\n");
	return;		return;
	}		}
	fcntl(fd, F_SETFD, FD_CLOEXEC);		fcntl(fd, F_SETFD, FD_CLOEXEC);
			}

	ret = listen(fd, 4);		void adbd_auth_init(void) {
	if (ret < 0) {		int fd = android_get_control_socket("adbd");
			if (fd == -1) {
			D("Failed to get adbd socket\n");
			return;
			}

			if (listen(fd, 4) == -1) {
	D("Failed to listen on '%d'\n", fd);		D("Failed to listen on '%d'\n", fd);
	return;		return;
	}		}

adb/adb_main.cpp

+5 −1

Original line number	Original line	Diff line number	Diff line
	@@ -273,10 +273,14 @@ int adb_main(int is_daemon, int server_port)
	exit(1);		exit(1);
	}		}
	#else		#else
			// We need to call this even if auth isn't enabled because the file
			// descriptor will always be open.
			adbd_cloexec_auth_socket();

	property_get("ro.adb.secure", value, "0");		property_get("ro.adb.secure", value, "0");
	auth_enabled = !strcmp(value, "1");		auth_enabled = !strcmp(value, "1");
	if (auth_enabled)		if (auth_enabled)
	adb_auth_init();		adbd_auth_init();

	// Our external storage path may be different than apps, since		// Our external storage path may be different than apps, since
	// we aren't able to bind mount after dropping root.		// we aren't able to bind mount after dropping root.