Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / core / 3311eea1d3881e6f3d6806988b7db3de0a5f68d5
commit3311eea1d3881e6f3d6806988b7db3de0a5f68d5[log] [tgz]
authorDavid 'Digit' Turner <digit@google.com>Mon Jan 17 01:59:22 2011 +0100
committerDavid 'Digit' Turner <digit@google.com>Wed Jan 19 02:18:32 2011 +0100
tree428b6084959008ff84bec67115ca033a0f1a72e2
parenta42f152b4ae365e2f8d232237a8aa0168061feb4 [diff]
libsysutils: Fix NetLinkEvent security issues.

The issues were the following:
- The code in decode() didn't handle the degenerate case where the input buffer is full of '@'
- The code in decode() assumed the input buffer is properly zero-terminated.
- The code in decode() would not check that it doesn't overwrite the mParams[] array.
- The code in findParam() would check mParams[i] before checking the value of 'i'

Also remove un-necessary calls to strlen() at runtime.

Change-Id: I8acead959bd10d97c5380b08958fcb796248a010
1 file changed
tree: 428b6084959008ff84bec67115ca033a0f1a72e2
  1. adb/
  2. cpio/
  3. debuggerd/
  4. fastboot/
  5. include/
  6. init/
  7. libctest/
  8. libcutils/
  9. libdiskconfig/
  10. liblinenoise/
  11. liblog/
  12. libmincrypt/
  13. libnetutils/
  14. libpixelflinger/
  15. libsysutils/
  16. libusbhost/
  17. libzipfile/
  18. logcat/
  19. logwrapper/
  20. mkbootimg/
  21. mksh/
  22. netcfg/
  23. nexus/
  24. rootdir/
  25. run-as/
  26. sdcard/
  27. sh/
  28. toolbox/
  29. .gitignore
  30. Android.mk
  31. CleanSpec.mk
  32. patch.txt
  33. README
  34. ThirdPartyProject.prop