From 771b187d9b31c6a7a3d4efa1187d5e028310ca0a Mon Sep 17 00:00:00 2001
From: "Torne (Richard Coles)" <torne@google.com>
Date: Thu, 16 Mar 2017 15:52:46 +0000
Subject: Check for null socket name in socket_connect_local.

socket_bind_local checks if the name is null before using it, but
socket_connect_local doesn't, resulting in a segfault if you pass null
as the socket name. Check for this and convert it to
NullPointerException to make the crash more reasonable.

Test: am instrument -w -e class android.net.LocalSocketTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I67dedbe9ca1be6425e047496d0ead92eb7f64691
---
 core/jni/android_net_LocalSocketImpl.cpp                  |  5 +++++
 core/tests/coretests/src/android/net/LocalSocketTest.java | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/core/jni/android_net_LocalSocketImpl.cpp b/core/jni/android_net_LocalSocketImpl.cpp
index 6df23f72bdd3..a1f2377041e8 100644
--- a/core/jni/android_net_LocalSocketImpl.cpp
+++ b/core/jni/android_net_LocalSocketImpl.cpp
@@ -58,6 +58,11 @@ socket_connect_local(JNIEnv *env, jobject object,
     int ret;
     int fd;
 
+    if (name == NULL) {
+        jniThrowNullPointerException(env, NULL);
+        return;
+    }
+
     fd = jniGetFDFromFileDescriptor(env, fileDescriptor);
 
     if (env->ExceptionCheck()) {
diff --git a/core/tests/coretests/src/android/net/LocalSocketTest.java b/core/tests/coretests/src/android/net/LocalSocketTest.java
index 1349844c80cf..1286b137cc1f 100644
--- a/core/tests/coretests/src/android/net/LocalSocketTest.java
+++ b/core/tests/coretests/src/android/net/LocalSocketTest.java
@@ -22,6 +22,7 @@ import android.net.LocalSocket;
 import android.net.LocalSocketAddress;
 import android.test.MoreAsserts;
 import android.test.suitebuilder.annotation.SmallTest;
+
 import junit.framework.TestCase;
 
 import java.io.FileDescriptor;
@@ -39,6 +40,20 @@ public class LocalSocketTest extends TestCase {
 
         ls = new LocalSocket();
 
+        try {
+            ls.connect(new LocalSocketAddress(null));
+            fail("Expected NullPointerException");
+        } catch (NullPointerException e) {
+            // pass
+        }
+
+        try {
+            ls.bind(new LocalSocketAddress(null));
+            fail("Expected NullPointerException");
+        } catch (NullPointerException e) {
+            // pass
+        }
+
         ls.connect(new LocalSocketAddress("android.net.LocalSocketTest"));
 
         ls1 = ss.accept();
-- 
cgit v1.2.3-59-g8ed1b