am d94bbc32: am 6bc08280: Validate sender credentials on netlink msg receive
* commit 'd94bbc326ab0e9ceca6f3f90a2864e40bb584c07':
Validate sender credentials on netlink msg receive
diff --git a/libsysutils/src/NetlinkListener.cpp b/libsysutils/src/NetlinkListener.cpp
index a4f62c6..ddf6537 100644
--- a/libsysutils/src/NetlinkListener.cpp
+++ b/libsysutils/src/NetlinkListener.cpp
@@ -17,6 +17,7 @@
#include <sys/types.h>
#include <sys/socket.h>
+#include <linux/netlink.h>
#include <string.h>
#define LOG_TAG "NetlinkListener"
@@ -32,11 +33,33 @@
bool NetlinkListener::onDataAvailable(SocketClient *cli)
{
int socket = cli->getSocket();
- int count;
+ ssize_t count;
+ char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
+ struct sockaddr_nl snl;
+ struct iovec iov = {mBuffer, sizeof(mBuffer)};
+ struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0};
- count = TEMP_FAILURE_RETRY(recv(socket, mBuffer, sizeof(mBuffer), 0));
+ count = TEMP_FAILURE_RETRY(recvmsg(socket, &hdr, 0));
if (count < 0) {
- SLOGE("recv failed (%s)", strerror(errno));
+ SLOGE("recvmsg failed (%s)", strerror(errno));
+ return false;
+ }
+
+ if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) {
+ SLOGE("ignoring non-kernel netlink multicast message");
+ return false;
+ }
+
+ struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr);
+
+ if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
+ SLOGE("ignoring message with no sender credentials");
+ return false;
+ }
+
+ struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg);
+ if (cred->uid != 0) {
+ SLOGE("ignoring message from non-root UID %d", cred->uid);
return false;
}