Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_vendor_qcom_opensource_data-ipa-cfg-mgr / 9e396bb47c1a60a20820816eee0813f9afe9e12f^1..9e396bb47c1a60a20820816eee0813f9afe9e12f / .
commit9e396bb47c1a60a20820816eee0813f9afe9e12f[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Wed May 03 22:15:36 2017 -0700
committerLinux Build Service Account <lnxbuild@localhost>Wed May 03 22:15:36 2017 -0700
treeadf1c5eb6d14facd5b450770db2b3d17898e890b
parentc044cf4cc0fa2c819150642264d0c5e8ac231438 [diff]
parent506ef6dba85d740fa5f0da12f94e6b28975e0dfe [diff]
Promotion of data.lnx.3.0-00044.

CRs      Change ID                                   Subject
--------------------------------------------------------------------------------------------------------------
2012248   Ia586d9916fc6391ffce436fba9b1ceae1220bc48   IPACM: fix the security issue in ConntrackClient
2012234   I84d0dc85ae662b8744ae6f380122a096d8670ad0   IPACM: fix security issue in querying if index
2039700   I334a7db0c787a987d10fb07842c73081fdd4aa1f   IPACM: remove usage of obsolote definitions

Change-Id: If652d36be5b1ce87e318aebd43ec6056ed5cbf4d
CRs-Fixed: 2012248, 2012234, 2039700

diff --git a/ipacm/inc/IPACM_Config.h b/ipacm/inc/IPACM_Config.h
index 5bcb4eb..1750310 100644
--- a/ipacm/inc/IPACM_Config.h
+++ b/ipacm/inc/IPACM_Config.h

@@ -135,8 +135,8 @@
 	uint8_t bridge_mac[IPA_MAC_ADDR_SIZE];
 
 	/* Store the flt rule count for each producer client*/
-	int flt_rule_count_v4[IPA_CLIENT_CONS - IPA_CLIENT_PROD];
-	int flt_rule_count_v6[IPA_CLIENT_CONS - IPA_CLIENT_PROD];
+	int flt_rule_count_v4[IPA_CLIENT_MAX];
+	int flt_rule_count_v6[IPA_CLIENT_MAX];
 
 	/* IPACM routing table name for v4/v6 */
 	struct ipa_ioc_get_rt_tbl rt_tbl_lan_v4, rt_tbl_wan_v4, rt_tbl_default_v4, rt_tbl_v6, rt_tbl_wan_v6;
@@ -152,7 +152,7 @@
 
 	inline void increaseFltRuleCount(int index, ipa_ip_type iptype, int increment)
 	{
-		if((index >= IPA_CLIENT_CONS - IPA_CLIENT_PROD) || (index < 0))
+		if((index >= IPA_CLIENT_MAX) || (index < 0))
 		{
 			IPACMERR("Index is out of range: %d.\n", index);
 			return;
@@ -172,7 +172,7 @@
 
 	inline void decreaseFltRuleCount(int index, ipa_ip_type iptype, int decrement)
 	{
-		if((index >= IPA_CLIENT_CONS - IPA_CLIENT_PROD) || (index < 0))
+		if((index >= IPA_CLIENT_MAX) || (index < 0))
 		{
 			IPACMERR("Index is out of range: %d.\n", index);
 			return;
@@ -192,7 +192,7 @@
 
 	inline int getFltRuleCount(int index, ipa_ip_type iptype)
 	{
-		if((index >= IPA_CLIENT_CONS - IPA_CLIENT_PROD) || (index < 0))
+		if((index >= IPA_CLIENT_MAX) || (index < 0))
 		{
 			IPACMERR("Index is out of range: %d.\n", index);
 			return -1;

diff --git a/ipacm/src/IPACM_Config.cpp b/ipacm/src/IPACM_Config.cpp
index 4b02b57..a355883 100644
--- a/ipacm/src/IPACM_Config.cpp
+++ b/ipacm/src/IPACM_Config.cpp

@@ -144,8 +144,8 @@
 
 	qmap_id = ~0;
 
-	memset(flt_rule_count_v4, 0, (IPA_CLIENT_CONS - IPA_CLIENT_PROD)*sizeof(int));
-	memset(flt_rule_count_v6, 0, (IPA_CLIENT_CONS - IPA_CLIENT_PROD)*sizeof(int));
+	memset(flt_rule_count_v4, 0, IPA_CLIENT_MAX*sizeof(int));
+	memset(flt_rule_count_v6, 0, IPA_CLIENT_MAX*sizeof(int));
 	memset(bridge_mac, 0, IPA_MAC_ADDR_SIZE*sizeof(uint8_t));
 
 	IPACMDBG_H(" create IPACM_Config constructor\n");

diff --git a/ipacm/src/IPACM_ConntrackClient.cpp b/ipacm/src/IPACM_ConntrackClient.cpp
index 146cedb..23724fd 100644
--- a/ipacm/src/IPACM_ConntrackClient.cpp
+++ b/ipacm/src/IPACM_ConntrackClient.cpp

@@ -169,10 +169,18 @@
 	uint32_t ipv4_addr;
 	struct ifreq ifr;
 
+	if(strlen(IPACM_Iface::ipacmcfg->ipa_virtual_iface_name) >= sizeof(ifr.ifr_name))
+	{
+		IPACMERR("interface name overflows: len %d\n",
+			strlen(IPACM_Iface::ipacmcfg->ipa_virtual_iface_name));
+		close(fd);
+		return -1;
+	}
+
 	/* retrieve bridge interface ipv4 address */
 	memset(&ifr, 0, sizeof(struct ifreq));
 	ifr.ifr_addr.sa_family = AF_INET;
-	(void)strncpy(ifr.ifr_name, IPACM_Iface::ipacmcfg->ipa_virtual_iface_name, sizeof(ifr.ifr_name));
+	(void)strlcpy(ifr.ifr_name, IPACM_Iface::ipacmcfg->ipa_virtual_iface_name, sizeof(ifr.ifr_name));
 	IPACMDBG("bridge interface name (%s)\n", ifr.ifr_name);
 
 	ret = ioctl(fd, SIOCGIFADDR, &ifr);

diff --git a/ipacm/src/IPACM_Iface.cpp b/ipacm/src/IPACM_Iface.cpp
index 84132c9..8c37d80 100644
--- a/ipacm/src/IPACM_Iface.cpp
+++ b/ipacm/src/IPACM_Iface.cpp

@@ -924,30 +924,37 @@
   int * if_index
 )
 {
-  int fd;
-  struct ifreq ifr;
+	int fd;
+	struct ifreq ifr;
 
-  if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
-  {
-    IPACMERR("get interface index socket create failed \n");
-    return IPACM_FAILURE;
-  }
+	if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	{
+		IPACMERR("get interface index socket create failed \n");
+		return IPACM_FAILURE;
+	}
 
-  memset(&ifr, 0, sizeof(struct ifreq));
-  (void)strncpy(ifr.ifr_name, if_name, sizeof(ifr.ifr_name));
-  IPACMDBG_H("interface name (%s)\n", if_name);
+	if(strlen(if_name) >= sizeof(ifr.ifr_name))
+	{
+		IPACMERR("interface name overflows: len %d\n", strlen(if_name));
+		close(fd);
+		return IPACM_FAILURE;
+	}
 
-  if (ioctl(fd,SIOCGIFINDEX , &ifr) < 0)
-  {
-    IPACMERR("call_ioctl_on_dev: ioctl failed, interface name (%s):\n", ifr.ifr_name);
-    close(fd);
-    return IPACM_FAILURE;
-  }
+	memset(&ifr, 0, sizeof(struct ifreq));
+	(void)strlcpy(ifr.ifr_name, if_name, sizeof(ifr.ifr_name));
+	IPACMDBG_H("interface name (%s)\n", if_name);
 
-  *if_index = ifr.ifr_ifindex;
-  IPACMDBG_H("Interface index %d\n", *if_index);
-  close(fd);
-  return IPACM_SUCCESS;
+	if(ioctl(fd,SIOCGIFINDEX , &ifr) < 0)
+	{
+		IPACMERR("call_ioctl_on_dev: ioctl failed, interface name (%s):\n", ifr.ifr_name);
+		close(fd);
+		return IPACM_FAILURE;
+	}
+
+	*if_index = ifr.ifr_ifindex;
+	IPACMDBG_H("Interface index %d\n", *if_index);
+	close(fd);
+	return IPACM_SUCCESS;
 }
 
 void IPACM_Iface::config_ip_type(ipa_ip_type iptype)