commit 69261cb65186e27dfbdc1e3eec796437f9968ff9
author JP Abgrall <jpa@google.com> Thu Jun 19 18:35:24 2014 -0700
committer JP Abgrall <jpa@google.com> Thu Jun 19 19:14:32 2014 -0700
tree bf1b5f8cd7ccec519c8c9c6d33f5b61e4fcbb0e9
parent a561e121c724e9163b2e256e15eef660e3a326da

server: check interface names in RPC arguments for validity

This patch introduces a method isIfaceName that checks interface
names from various RPCs for validity before e.g. using them as
part of iptables arguments or in filenames.

All of these RPC calls can only be called from applications
with at least the CONNECTIVITY_INTERNAL permission in recent
Android versions, so the impact of the missing checks luckily
isn't very high.

Orig-Author: Jann Horn <jann@thejh.net>

Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98
Signed-off-by: JP Abgrall <jpa@google.com>

server/SecondaryTableController.cpp

diff --git a/server/SecondaryTableController.cpp b/server/SecondaryTableController.cpp
index 2ffb54d..398edd1 100644
--- a/server/SecondaryTableController.cpp
+++ b/server/SecondaryTableController.cpp
@@ -229,6 +229,11 @@
 }
 
 int SecondaryTableController::setFwmarkRule(const char *iface, bool add) {
+    if (!isIfaceName(iface)) {
+        errno = ENOENT;
+        return -1;
+    }
+
     unsigned netId = mNetCtrl->getNetworkId(iface);
 
     // Fail fast if any rules already exist for this interface
@@ -386,6 +391,11 @@
 
 int SecondaryTableController::setFwmarkRoute(const char* iface, const char *dest, int prefix,
                                              bool add) {
+    if (!isIfaceName(iface)) {
+        errno = ENOENT;
+        return -1;
+    }
+
     unsigned netId = mNetCtrl->getNetworkId(iface);
     char mark_str[11] = {0};
     char dest_str[44]; // enough to store an IPv6 address + 3 character bitmask