summaryrefslogtreecommitdiff
path: root/server/MDnsSdListener.h
diff options
context:
space:
mode:
authorLin Lee <linlee@google.com>2023-08-07 09:34:41 +0000
committerJulian Veit <claymore1298@gmail.com>2023-12-18 16:41:59 +0100
commit40d9c6e09bf2be06b3bf865598c82b5fae4f8bbb (patch)
treeff7eb6039edeb60b710df3b53b7f06b74df593fe /server/MDnsSdListener.h
parentda6ec1870c2ebe56723a4b69df4935048971fdee (diff)
Fix Heap-use-after-free in MDnsSdListener::Monitor::runHEADt13.0
Use thread join to avoid thread exiting after instance recycled. Prior to implementing this patch, fuzzing would lead to a segmentation fault after approximately 500 rounds. With the addition of the patch, the fuzzing process can now be repeated for over 30,000 rounds. Test: m, fuzzing Fuzzing: mma mdns_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/mdns_service_fuzzer/mdns_service_fuzzer Bug: 272382770 Ignore-AOSP-First: Security Issue (cherry picked from commit 9c0c15f80cffb98b36284dd169a2e62e059dbbe3) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:75e5e2e1faec7aa2812fc6fba30d6fe80558bacd) Merged-In: I5bc85451b4e6539bad45ceb672924a37952cc138 Change-Id: I5bc85451b4e6539bad45ceb672924a37952cc138
Diffstat (limited to 'server/MDnsSdListener.h')
-rw-r--r--server/MDnsSdListener.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/server/MDnsSdListener.h b/server/MDnsSdListener.h
index f9c2e87e..8f049126 100644
--- a/server/MDnsSdListener.h
+++ b/server/MDnsSdListener.h
@@ -22,6 +22,7 @@
#include <sysutils/FrameworkListener.h>
#include <mutex>
#include <string>
+#include <thread>
#include "NetdCommand.h"
@@ -83,7 +84,7 @@ class MDnsSdListener {
class Monitor {
public:
Monitor();
- virtual ~Monitor() {}
+ ~Monitor();
DNSServiceRef *allocateServiceRef(int id, Context *c);
void startMonitoring(int id);
DNSServiceRef *lookupServiceRef(int id);
@@ -114,6 +115,7 @@ class MDnsSdListener {
int mPollSize;
int mCtrlSocketPair[2];
std::mutex mMutex;
+ std::thread* mRescanThread;
};
Monitor mMonitor;
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 04:39:22 +0000