diff options
| author | Ken Chen <cken@google.com> | 2023-06-15 17:46:16 +0800 |
|---|---|---|
| committer | Julian Veit <Claymore1298@gmail.com> | 2023-11-20 14:11:09 +0100 |
| commit | 7c6ba1bfa8acb0c9e959f387d1e1a350b1762b2f (patch) | |
| tree | 65ec71acc5155c5999d47bb3e2b0dde2783e4e95 /ResolverController.h | |
| parent | 0320343a314fbc5709815b49c2d414b765228f7f (diff) | |
Fix use-after-free in DNS64 discovery threads12.1
DNS64 discovery thread is detached from binder requesting thread. But
the discovery thread references resources not belongs to itself, which
can be destroyed in dnsresolver destruction.
Holds a strong pointer of Dns64Configuration in DNS64 discovery thread
so that the instance of Dns64Configuration will keep until the DNS64
thread is force terminated.
Ignore-AOSP-First: Fix security vulnerability
Bug: 278303745
Test: m, fuzzing
Fuzzing: mma resolv_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/resolv_service_fuzzer/resolv_service_fuzzer
(cherry picked from commit 254115584ff558fb87ee6ec5f5bb043f76219910)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:292b59e1b0ff91cd4b1f1835de7bfb7fb744c9c0)
Merged-In: Id74ea4e6f54a00805d3cc8a9d7e15e58a473b7d3
Change-Id: Id74ea4e6f54a00805d3cc8a9d7e15e58a473b7d3
Diffstat (limited to 'ResolverController.h')
| -rw-r--r-- | ResolverController.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ResolverController.h b/ResolverController.h index e81e1edb..3802e36c 100644 --- a/ResolverController.h +++ b/ResolverController.h @@ -55,10 +55,10 @@ class ResolverController { // Set or clear a NAT64 prefix discovered by other sources (e.g., RA). int setPrefix64(unsigned netId, const netdutils::IPPrefix& prefix) { - return mDns64Configuration.setPrefix64(netId, prefix); + return mDns64Configuration->setPrefix64(netId, prefix); } - int clearPrefix64(unsigned netId) { return mDns64Configuration.clearPrefix64(netId); } + int clearPrefix64(unsigned netId) { return mDns64Configuration->clearPrefix64(netId); } // Return the current NAT64 prefix network, regardless of how it was discovered. int getPrefix64(unsigned netId, netdutils::IPPrefix* prefix); @@ -66,7 +66,7 @@ class ResolverController { void dump(netdutils::DumpWriter& dw, unsigned netId); private: - Dns64Configuration mDns64Configuration; + android::sp<Dns64Configuration> mDns64Configuration; }; } // namespace net } // namespace android |