server: check interface names in RPC arguments for validity

This patch introduces a method isIfaceName that checks interface names from various RPCs for validity before e.g. using them as part of iptables arguments or in filenames. All of these RPC calls can only be called from applications with at least the CONNECTIVITY_INTERNAL permission in recent Android versions, so the impact of the missing checks luckily isn't very high. Orig-Author: Jann Horn <jann@thejh.net> Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98 Signed-off-by: JP Abgrall <jpa@google.com>
author: JP Abgrall <jpa@google.com> 2014-06-19 18:35:24 -0700
committer: JP Abgrall <jpa@google.com> 2014-06-19 19:14:32 -0700
commit: 69261cb65186e27dfbdc1e3eec796437f9968ff9 (patch)
tree: bf1b5f8cd7ccec519c8c9c6d33f5b61e4fcbb0e9 /server/TetherController.cpp
parent: a561e121c724e9163b2e256e15eef660e3a326da (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/server/TetherController.cpp b/server/TetherController.cpp
index 93110e0d..fbee5a2f 100644
--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
@@ -31,6 +31,7 @@
 #include <cutils/log.h>
 #include <cutils/properties.h>
 
+#include "NetdConstants.h"
 #include "TetherController.h"
 
 TetherController::TetherController() {
@@ -273,6 +274,10 @@ int TetherController::applyDnsInterfaces() {
 
 int TetherController::tetherInterface(const char *interface) {
     ALOGD("tetherInterface(%s)", interface);
+    if (!isIfaceName(interface)) {
+        errno = ENOENT;
+        return -1;
+    }
     mInterfaces->push_back(strdup(interface));
 
     if (applyDnsInterfaces()) {
author	JP Abgrall <jpa@google.com>	2014-06-19 18:35:24 -0700
committer	JP Abgrall <jpa@google.com>	2014-06-19 19:14:32 -0700
commit	69261cb65186e27dfbdc1e3eec796437f9968ff9 (patch)
tree	bf1b5f8cd7ccec519c8c9c6d33f5b61e4fcbb0e9 /server/TetherController.cpp
parent	a561e121c724e9163b2e256e15eef660e3a326da (diff)