diff options
author | Nick Kralevich <nnk@google.com> | 2011-04-18 15:55:59 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2011-04-18 15:55:59 -0700 |
commit | b620a0b1c7ae486e979826200e8e441605b0a5d6 (patch) | |
tree | 6392ad2bcc3b43b37b62dca6ab0a74d077bb0d4f /libsysutils | |
parent | 336bc321a6e978a273098148e13a82c5e7ec3be5 (diff) | |
download | system_core-b620a0b1c7ae486e979826200e8e441605b0a5d6.zip system_core-b620a0b1c7ae486e979826200e8e441605b0a5d6.tar.gz system_core-b620a0b1c7ae486e979826200e8e441605b0a5d6.tar.bz2 |
Validate sender credentials on netlink msg receive
Verify that netlink messages are actually from the kernel,
and not from a userspace program.
Change-Id: I709c0efe9ba0258f6d79ebcde531d7f7bbe780b2
Diffstat (limited to 'libsysutils')
-rw-r--r-- | libsysutils/src/NetlinkListener.cpp | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/libsysutils/src/NetlinkListener.cpp b/libsysutils/src/NetlinkListener.cpp index e2a354e..fb088e1 100644 --- a/libsysutils/src/NetlinkListener.cpp +++ b/libsysutils/src/NetlinkListener.cpp @@ -17,6 +17,7 @@ #include <sys/types.h> #include <sys/socket.h> +#include <linux/netlink.h> #include <string.h> #define LOG_TAG "NetlinkListener" @@ -32,10 +33,32 @@ NetlinkListener::NetlinkListener(int socket) : bool NetlinkListener::onDataAvailable(SocketClient *cli) { int socket = cli->getSocket(); - int count; + ssize_t count; + char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; + struct sockaddr_nl snl; + struct iovec iov = {mBuffer, sizeof(mBuffer)}; + struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0}; - if ((count = recv(socket, mBuffer, sizeof(mBuffer), 0)) < 0) { - SLOGE("recv failed (%s)", strerror(errno)); + if ((count = recvmsg(socket, &hdr, 0)) < 0) { + SLOGE("recvmsg failed (%s)", strerror(errno)); + return false; + } + + if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) { + SLOGE("ignoring non-kernel netlink multicast message"); + return false; + } + + struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr); + + if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { + SLOGE("ignoring message with no sender credentials"); + return false; + } + + struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg); + if (cred->uid != 0) { + SLOGE("ignoring message from non-root UID %d", cred->uid); return false; } |