libbinder: RPC error on unexpected session ID size (c5032047) · Commits · e / os / platform_frameworks_native

libs/binder/RpcServer.cpp

+17 −9

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		#define LOG_TAG "RpcServer"

		#include <inttypes.h>
		#include <poll.h>
		#include <sys/socket.h>
		#include <sys/un.h>
		@@ -38,6 +39,8 @@

		namespace android {

		constexpr size_t kSessionIdBytes = 32;

		using base::ScopeGuard;
		using base::unique_fd;

		@@ -289,6 +292,7 @@ void RpcServer::establishConnection(sp<RpcServer>&& server, base::unique_fd clie
		std::vector<uint8_t> sessionId;
		if (status == OK) {
		if (header.sessionIdSize > 0) {
		if (header.sessionIdSize == kSessionIdBytes) {
		sessionId.resize(header.sessionIdSize);
		status = client->interruptableReadFully(server->mShutdownTrigger.get(),
		sessionId.data(), sessionId.size(), {});
		@@ -297,6 +301,11 @@ void RpcServer::establishConnection(sp<RpcServer>&& server, base::unique_fd clie
		statusToString(status).c_str());
		// still need to cleanup before we can return
		}
		} else {
		ALOGE("Malformed session ID. Expecting session ID of size %zu but got %" PRIu16,
		kSessionIdBytes, header.sessionIdSize);
		status = BAD_VALUE;
		}
		}
		}

		@@ -353,8 +362,7 @@ void RpcServer::establishConnection(sp<RpcServer>&& server, base::unique_fd clie
		// Uniquely identify session at the application layer. Even if a
		// client/server use the same certificates, if they create multiple
		// sessions, we still want to distinguish between them.
		constexpr size_t kSessionIdSize = 32;
		sessionId.resize(kSessionIdSize);
		sessionId.resize(kSessionIdBytes);
		size_t tries = 0;
		do {
		// don't block if there is some entropy issue