From: greatim Date: Thu, 14 Apr 2016 10:47:12 +0000 (+0900) Subject: validate port number for forwarding X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1063b929aa348033b8c645d218feddcd332ffe24;p=sdk%2Ftools%2Fsdb.git validate port number for forwarding currently port forwarding with zero port number succeed(both local and remote) well-known port(0~1023) cannot be used generally. Change-Id: I48f5a92ed22a11004f1e2a41b69b436477e8edf3 Signed-off-by: greatim --- diff --git a/package/changelog b/package/changelog index 998f013..3bc34c0 100644 --- a/package/changelog +++ b/package/changelog @@ -1,3 +1,6 @@ +* 2.2.82 +- Validate port number for forwarding +== Jaewon Lim 2016-04-25 * 2.2.81 - Modify the location of log output for "sdb shell" routine. - Add a secure warning message for pushing files. diff --git a/package/pkginfo.manifest b/package/pkginfo.manifest index 832b2a9..aff42b1 100644 --- a/package/pkginfo.manifest +++ b/package/pkginfo.manifest @@ -1,4 +1,4 @@ -Version:2.2.81 +Version:2.2.82 Source:sdb Maintainer:Kangho Kim , Yoonki Park, Hyunsik Noh, Gun Kim, Ho Namkoong, Taeyoung Son diff --git a/src/command_function.c b/src/command_function.c index 228fee3..491e16a 100644 --- a/src/command_function.c +++ b/src/command_function.c @@ -44,6 +44,7 @@ #include "sdb.h" #include "sdb_messages.h" #include "sdb_usb.h" +#include "sockets.h" static const char *SDK_TOOL_PATH="/home/developer/sdk_tools"; static const char *APP_PATH_PREFIX="/opt/apps"; @@ -241,7 +242,7 @@ int launch(int argc, char ** argv) { if (verify_gdbserver_exist() < 0) { return -1; } - if (port <= 0 || port > 65535) { + if (port <= 0 || port > MAX_PORT_NUMBER) { print_error(SDB_MESSAGE_ERROR, ERR_GENERAL_LAUNCH_APP_FAIL, F(ERR_GENERAL_INVALID_PORT, port)); return -1; diff --git a/src/common_modules.h b/src/common_modules.h index a741cb2..c22b33a 100644 --- a/src/common_modules.h +++ b/src/common_modules.h @@ -42,7 +42,7 @@ #define A_VERSION 0x0100000 #define SDB_VERSION_MAJOR 2 // increments upon significant architectural changes or the achievement of important milestones #define SDB_VERSION_MINOR 2 // progress is made within a major version -#define SDB_VERSION_PATCH 81 // increments for small sets of changes +#define SDB_VERSION_PATCH 82 // increments for small sets of changes #define SDB_VERSION_MAX_LENGTH 128 diff --git a/src/listener.c b/src/listener.c index 99333e0..c451cff 100755 --- a/src/listener.c +++ b/src/listener.c @@ -50,10 +50,18 @@ void free_listener(void* data) int install_listener(int local_port, int connect_port, TRANSPORT* transport, LISTENER_TYPE ltype) { + int fd = -1; + LISTENER* listener; + D("LN(%d)\n", local_port); - LISTENER* listener = find_listener(local_port); + // check validness of local port number + if (local_port <= 0 || local_port > MAX_PORT_NUMBER) { + LOG_ERROR("can not install listener for port %d\n", local_port); + return -1; + } + listener = find_listener(local_port); if(listener != NULL) { if(listener->type != forwardListener) { LOG_ERROR("can not repurpose if it is not forward listener"); @@ -66,10 +74,9 @@ int install_listener(int local_port, int connect_port, TRANSPORT* transport, LIS return 0; } - //TODO REMOTE_DEVICE_CONNECT block remote connect until security issue is cleard + // TODO REMOTE_DEVICE_CONNECT block remote connect until security issue is cleared // int fd = sdb_port_listen(INADDR_ANY, port, SOCK_STREAM); - int fd = -1; if(ltype == qemuListener || ltype == forwardListener || ltype == serverListener) { fd = sdb_port_listen(INADDR_ANY, local_port, SOCK_STREAM); } @@ -120,10 +127,18 @@ int install_listener(int local_port, int connect_port, TRANSPORT* transport, LIS int install_listener2(int local_port, char* connect_to, TRANSPORT* transport, LISTENER_TYPE ltype) { + int fd = -1; + LISTENER* listener; + D("LN(%d)\n", local_port); - LISTENER* listener = find_listener(local_port); + // check validness of local port number + if (local_port <= 0 || local_port > MAX_PORT_NUMBER) { + LOG_ERROR("can not install listener for port %d\n", local_port); + return -1; + } + listener = find_listener(local_port); if(listener != NULL) { if(listener->type != forwardListener) { LOG_ERROR("can not repurpose if it is not forward listener"); @@ -137,10 +152,9 @@ int install_listener2(int local_port, char* connect_to, TRANSPORT* transport, LI return 0; } - //TODO REMOTE_DEVICE_CONNECT block remote connect until security issue is cleard + // TODO REMOTE_DEVICE_CONNECT block remote connect until security issue is cleared // int fd = sdb_port_listen(INADDR_ANY, port, SOCK_STREAM); - int fd = -1; if(ltype == qemuListener || ltype == forwardListener || ltype == serverListener) { fd = sdb_port_listen(INADDR_ANY, local_port, SOCK_STREAM); } diff --git a/src/sockets.c b/src/sockets.c index 3093707..90265d4 100755 --- a/src/sockets.c +++ b/src/sockets.c @@ -89,6 +89,26 @@ connect_done: // sdb_close(socket->fd); } +// return 0 if portstr is not valid port number +// return 1 if portstr is valid port number +static int is_valid_port(char* portstr) { + long port; + char* reststr; + + errno = 0; + port = strtol(portstr, &reststr, 10); + if (errno != 0 || reststr[0] != '\0') { + // there is some character which is not number, so invalid port number + return 0; + } + + if (port <= 0 || port > MAX_PORT_NUMBER) { + // only 1 ~ 65535 port number is available + return 0; + } + + return 1; +} //TODO REMOTE_DEVICE_CONNECT //const unsigned int unsigned_int_bit = sizeof(unsigned int) * 8; @@ -718,6 +738,10 @@ static int handle_request_with_t(SDB_SOCKET* socket, char* service, TRANSPORT* t forward_err = error_message(SDB_MESSAGE_ERROR, ERR_FORWARD_UNSUPPORT_TRANSMISSION_PROTOCOL, NULL); goto sendfail; } + if(!is_valid_port(remote + 4)) { + forward_err = error_message(SDB_MESSAGE_ERROR, F(ERR_GENERAL_INVALID_PORT, remote + 4), NULL); + goto sendfail; + } if (t == NULL || t->connection_state == CS_OFFLINE) { if(t != NULL) { @@ -730,10 +754,15 @@ static int handle_request_with_t(SDB_SOCKET* socket, char* service, TRANSPORT* t } } - if(strncmp("tcp:", local, 4)){ + if(strncmp("tcp:", local, 4)) { forward_err = error_message(SDB_MESSAGE_ERROR, ERR_FORWARD_UNSUPPORT_TRANSMISSION_PROTOCOL, NULL); goto sendfail; } + if(!is_valid_port(local + 4)) { + forward_err = error_message(SDB_MESSAGE_ERROR, F(ERR_GENERAL_INVALID_PORT, local + 4), NULL); + goto sendfail; + } + //if not tcp connect // if(strncmp("tcp:", remote, 4)){ // if(!install_listener2(atoi(local + 4), remote, t, forwardListener)) { diff --git a/src/sockets.h b/src/sockets.h index b066fc9..25e8437 100644 --- a/src/sockets.h +++ b/src/sockets.h @@ -33,6 +33,8 @@ #define REMOVE_SOCKET_STATUS(asocket, _status) ((asocket)->status &= ~(1 << _status)) #define HAS_SOCKET_STATUS(asocket, _status) ((asocket)->status & (1 << _status)) +#define MAX_PORT_NUMBER 65535 + //TODO REMOTE_DEVICE_CONNECT //extern const unsigned int unsigned_int_bit; //extern const unsigned int remote_con_right_padding; diff --git a/src/utils.h b/src/utils.h index 6f3f677..29c61a0 100755 --- a/src/utils.h +++ b/src/utils.h @@ -149,7 +149,7 @@ int sdb_port_listen(uint32_t inet, int port, int type); #define DEVICENAME_MAX 256 #define VMS_PATH OS_PATH_SEPARATOR_STR "vms" OS_PATH_SEPARATOR_STR #define DEFAULT_DEVICENAME "" -#define SAFE_FREE(x) if ((x) != NULL) { free(x); x=NULL; } +#define SAFE_FREE(x) if ((x) != NULL) { free((void*)(x)); x=NULL; } #define SDB_MIN(a,b) \ ({ __typeof__ (a) _a = (a); \