Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6bc08280 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Validate sender credentials on netlink msg receive 

Verify that netlink messages are actually from the kernel,
and not from a userspace program.

This is a manual cherry-pick from b620a0b1

Change-Id: I237f0a5cb56393bb3aab64a7ae5898f2bdc95cef
parent 71ead183

libsysutils/src/NetlinkListener.cpp

+26 −3
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 


#include <sys/types.h>

#include <sys/socket.h>

#include <linux/netlink.h>

#include <string.h>



#define LOG_TAG "NetlinkListener"
@@ -32,11 +33,33 @@ NetlinkListener::NetlinkListener(int socket) : 
bool NetlinkListener::onDataAvailable(SocketClient *cli)

{

    int socket = cli->getSocket();

    int count;

    ssize_t count;

    char cred_msg[CMSG_SPACE(sizeof(struct ucred))];

    struct sockaddr_nl snl;

    struct iovec iov = {mBuffer, sizeof(mBuffer)};

    struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0};



    count = TEMP_FAILURE_RETRY(recv(socket, mBuffer, sizeof(mBuffer), 0));

    count = TEMP_FAILURE_RETRY(recvmsg(socket, &hdr, 0));

    if (count < 0) {

        SLOGE("recv failed (%s)", strerror(errno));

        SLOGE("recvmsg failed (%s)", strerror(errno));

        return false;

    }



    if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) {

        SLOGE("ignoring non-kernel netlink multicast message");

        return false;

    }



    struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr);



    if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {

        SLOGE("ignoring message with no sender credentials");

        return false;

    }



    struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg);

    if (cred->uid != 0) {

        SLOGE("ignoring message from non-root UID %d", cred->uid);

        return false;

    }