Disallow Reserved SPI Allocation

Disallow the allocation of SPIs in the range reserved for future use by RFC 4303. Bug: 77205120 Test: runtest frameworks-net Merged-In: I05e26ed34b5871f1a07d5bd7b58b79a64cd74b67 Change-Id: I05e26ed34b5871f1a07d5bd7b58b79a64cd74b67 (cherry picked from commit 7f606ee8e57d9d8b7c5d0cb2a78421aa02efb385)
author: Nathan Harold <nharold@google.com> 2018-03-28 08:52:51 -0700
committer: Benedict Wong <benedictwong@google.com> 2018-03-30 01:54:36 -0700
commit: 0f8c8bb01a9454d788bfc447fdf82b45cbd4fae7 (patch)
tree: c34677ef2363b10d975d8b8f982f89132b45f3fd
parent: bfa67c81bf88b842fdb63b63b0cfd96e021f82af (diff)
2 files changed, 6 insertions, 2 deletions
diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java
index c7234e316536..15255083260b 100644
--- a/core/java/android/net/IpSecManager.java
+++ b/core/java/android/net/IpSecManager.java
@@ -274,7 +274,8 @@ public final class IpSecManager {
      *
      * @param destinationAddress the destination address for traffic bearing the requested SPI.
      *     For inbound traffic, the destination should be an address currently assigned on-device.
-     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI
+     * @param requestedSpi the requested SPI, or '0' to allocate a random SPI. The range 1-255 is
+     *     reserved and may not be used. See RFC 4303 Section 2.1.
      * @return the reserved SecurityParameterIndex
      * @throws {@link #ResourceUnavailableException} indicating that too many SPIs are
      *     currently allocated for this user
diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index 06c10564ab98..bde6bd8db6fd 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -1065,7 +1065,10 @@ public class IpSecService extends IIpSecService.Stub {
     public synchronized IpSecSpiResponse allocateSecurityParameterIndex(
             String destinationAddress, int requestedSpi, IBinder binder) throws RemoteException {
         checkInetAddress(destinationAddress);
-        /* requestedSpi can be anything in the int range, so no check is needed. */
+        // RFC 4303 Section 2.1 - 0=local, 1-255=reserved.
+        if (requestedSpi > 0 && requestedSpi < 256) {
+            throw new IllegalArgumentException("ESP SPI must not be in the range of 0-255.");
+        }
         checkNotNull(binder, "Null Binder passed to allocateSecurityParameterIndex");
 
         UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
author	Nathan Harold <nharold@google.com>	2018-03-28 08:52:51 -0700
committer	Benedict Wong <benedictwong@google.com>	2018-03-30 01:54:36 -0700
commit	0f8c8bb01a9454d788bfc447fdf82b45cbd4fae7 (patch)
tree	c34677ef2363b10d975d8b8f982f89132b45f3fd
parent	bfa67c81bf88b842fdb63b63b0cfd96e021f82af (diff)