Loading init/Android.mk +1 −0 Original line number Original line Diff line number Diff line Loading @@ -123,6 +123,7 @@ include $(CLEAR_VARS) LOCAL_MODULE := init_tests LOCAL_MODULE := init_tests LOCAL_SRC_FILES := \ LOCAL_SRC_FILES := \ init_parser_test.cpp \ init_parser_test.cpp \ property_service_test.cpp \ util_test.cpp \ util_test.cpp \ LOCAL_SHARED_LIBRARIES += \ LOCAL_SHARED_LIBRARIES += \ Loading init/property_service.cpp +11 −4 Original line number Original line Diff line number Diff line Loading @@ -245,6 +245,13 @@ class SocketConnection { return true; return true; } } // http://b/35166374: don't allow init to make arbitrarily large allocations. if (len > 0xffff) { LOG(ERROR) << "sys_prop: RecvString asked to read huge string: " << len; errno = ENOMEM; return false; } std::vector<char> chars(len); std::vector<char> chars(len); if (!RecvChars(&chars[0], len, timeout_ms)) { if (!RecvChars(&chars[0], len, timeout_ms)) { return false; return false; Loading Loading @@ -386,12 +393,11 @@ static void handle_property_set_fd() { return; return; } } /* Check socket options here */ struct ucred cr; struct ucred cr; socklen_t cr_size = sizeof(cr); socklen_t cr_size = sizeof(cr); if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) { if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) { close(s); close(s); PLOG(ERROR) << "Unable to receive socket options"; PLOG(ERROR) << "sys_prop: unable to get SO_PEERCRED"; return; return; } } Loading @@ -399,7 +405,6 @@ static void handle_property_set_fd() { uint32_t timeout_ms = kDefaultSocketTimeout; uint32_t timeout_ms = kDefaultSocketTimeout; uint32_t cmd = 0; uint32_t cmd = 0; if (!socket.RecvUint32(&cmd, &timeout_ms)) { if (!socket.RecvUint32(&cmd, &timeout_ms)) { PLOG(ERROR) << "sys_prop: error while reading command from the socket"; PLOG(ERROR) << "sys_prop: error while reading command from the socket"; socket.SendUint32(PROP_ERROR_READ_CMD); socket.SendUint32(PROP_ERROR_READ_CMD); Loading Loading @@ -437,7 +442,9 @@ static void handle_property_set_fd() { handle_property_set(socket, name, value, false); handle_property_set(socket, name, value, false); break; break; } } default: default: LOG(ERROR) << "sys_prop: invalid command " << cmd; socket.SendUint32(PROP_ERROR_INVALID_CMD); socket.SendUint32(PROP_ERROR_INVALID_CMD); break; break; } } Loading init/property_service_test.cpp 0 → 100644 +48 −0 Original line number Original line Diff line number Diff line /* * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <errno.h> #include <sys/socket.h> #include <sys/un.h> #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ #include <sys/_system_properties.h> #include <gtest/gtest.h> TEST(property_service, very_long_name_35166374) { // Connect to the property service directly... int fd = socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0); ASSERT_NE(fd, -1); static const char* property_service_socket = "/dev/socket/" PROP_SERVICE_NAME; sockaddr_un addr = {}; addr.sun_family = AF_LOCAL; strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path)); socklen_t addr_len = strlen(property_service_socket) + offsetof(sockaddr_un, sun_path) + 1; ASSERT_NE(connect(fd, reinterpret_cast<sockaddr*>(&addr), addr_len), -1); // ...so we can send it a malformed request. uint32_t msg = PROP_MSG_SETPROP2; uint32_t size = 0xffffffff; uint32_t data = 0xdeadbeef; ASSERT_EQ(static_cast<ssize_t>(sizeof(msg)), send(fd, &msg, sizeof(msg), 0)); ASSERT_EQ(static_cast<ssize_t>(sizeof(size)), send(fd, &size, sizeof(size), 0)); ASSERT_EQ(static_cast<ssize_t>(sizeof(data)), send(fd, &data, sizeof(data), 0)); ASSERT_EQ(0, close(fd)); } Loading
init/Android.mk +1 −0 Original line number Original line Diff line number Diff line Loading @@ -123,6 +123,7 @@ include $(CLEAR_VARS) LOCAL_MODULE := init_tests LOCAL_MODULE := init_tests LOCAL_SRC_FILES := \ LOCAL_SRC_FILES := \ init_parser_test.cpp \ init_parser_test.cpp \ property_service_test.cpp \ util_test.cpp \ util_test.cpp \ LOCAL_SHARED_LIBRARIES += \ LOCAL_SHARED_LIBRARIES += \ Loading
init/property_service.cpp +11 −4 Original line number Original line Diff line number Diff line Loading @@ -245,6 +245,13 @@ class SocketConnection { return true; return true; } } // http://b/35166374: don't allow init to make arbitrarily large allocations. if (len > 0xffff) { LOG(ERROR) << "sys_prop: RecvString asked to read huge string: " << len; errno = ENOMEM; return false; } std::vector<char> chars(len); std::vector<char> chars(len); if (!RecvChars(&chars[0], len, timeout_ms)) { if (!RecvChars(&chars[0], len, timeout_ms)) { return false; return false; Loading Loading @@ -386,12 +393,11 @@ static void handle_property_set_fd() { return; return; } } /* Check socket options here */ struct ucred cr; struct ucred cr; socklen_t cr_size = sizeof(cr); socklen_t cr_size = sizeof(cr); if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) { if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) { close(s); close(s); PLOG(ERROR) << "Unable to receive socket options"; PLOG(ERROR) << "sys_prop: unable to get SO_PEERCRED"; return; return; } } Loading @@ -399,7 +405,6 @@ static void handle_property_set_fd() { uint32_t timeout_ms = kDefaultSocketTimeout; uint32_t timeout_ms = kDefaultSocketTimeout; uint32_t cmd = 0; uint32_t cmd = 0; if (!socket.RecvUint32(&cmd, &timeout_ms)) { if (!socket.RecvUint32(&cmd, &timeout_ms)) { PLOG(ERROR) << "sys_prop: error while reading command from the socket"; PLOG(ERROR) << "sys_prop: error while reading command from the socket"; socket.SendUint32(PROP_ERROR_READ_CMD); socket.SendUint32(PROP_ERROR_READ_CMD); Loading Loading @@ -437,7 +442,9 @@ static void handle_property_set_fd() { handle_property_set(socket, name, value, false); handle_property_set(socket, name, value, false); break; break; } } default: default: LOG(ERROR) << "sys_prop: invalid command " << cmd; socket.SendUint32(PROP_ERROR_INVALID_CMD); socket.SendUint32(PROP_ERROR_INVALID_CMD); break; break; } } Loading
init/property_service_test.cpp 0 → 100644 +48 −0 Original line number Original line Diff line number Diff line /* * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <errno.h> #include <sys/socket.h> #include <sys/un.h> #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ #include <sys/_system_properties.h> #include <gtest/gtest.h> TEST(property_service, very_long_name_35166374) { // Connect to the property service directly... int fd = socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0); ASSERT_NE(fd, -1); static const char* property_service_socket = "/dev/socket/" PROP_SERVICE_NAME; sockaddr_un addr = {}; addr.sun_family = AF_LOCAL; strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path)); socklen_t addr_len = strlen(property_service_socket) + offsetof(sockaddr_un, sun_path) + 1; ASSERT_NE(connect(fd, reinterpret_cast<sockaddr*>(&addr), addr_len), -1); // ...so we can send it a malformed request. uint32_t msg = PROP_MSG_SETPROP2; uint32_t size = 0xffffffff; uint32_t data = 0xdeadbeef; ASSERT_EQ(static_cast<ssize_t>(sizeof(msg)), send(fd, &msg, sizeof(msg), 0)); ASSERT_EQ(static_cast<ssize_t>(sizeof(size)), send(fd, &size, sizeof(size), 0)); ASSERT_EQ(static_cast<ssize_t>(sizeof(data)), send(fd, &data, sizeof(data), 0)); ASSERT_EQ(0, close(fd)); }
