From: Sangwan Kwon Date: Thu, 25 Jul 2019 21:11:00 +0000 (+0900) Subject: Fix undefined behavior on rmi X-Git-Tag: submit/tizen/20190729.011435^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6eb8e839d9ed5143268a67978a7c942e84466893;p=platform%2Fcore%2Fsecurity%2Fklay.git Fix undefined behavior on rmi Change-Id: I4a4471e9c42ecbbd98b7a7a4c1664be8a226e66c Signed-off-by: Sangwan Kwon --- diff --git a/include/klay/rmi/message.h b/include/klay/rmi/message.h index 52d1569..5285a81 100644 --- a/include/klay/rmi/message.h +++ b/include/klay/rmi/message.h @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -209,9 +210,9 @@ void Message::encode(const T& device) const device.write(&header, sizeof(header)); device.write(buffer.begin(), header.length); - int i = 0, fds[fileDescriptors.size()]; + std::vector fds; for (const klay::FileDescriptor& fd : fileDescriptors) { - fds[i++] = fd.fileDescriptor; + fds.push_back(fd.fileDescriptor); } device.sendFileDescriptors(fds, fileDescriptors.size()); @@ -225,12 +226,10 @@ void Message::decode(const T& device) buffer.reserve(header.length); device.read(buffer.begin(), header.length); - int fds[header.ancillary]; - + std::vector fds; device.receiveFileDescriptors(fds, header.ancillary); - for (unsigned int i = 0; i < header.ancillary; i++) { - fileDescriptors.emplace_back(klay::FileDescriptor(fds[i])); - } + for (const auto& fd : fds) + fileDescriptors.emplace_back(klay::FileDescriptor(fd)); disclose(signature); } diff --git a/include/klay/rmi/socket.h b/include/klay/rmi/socket.h index e881206..606a106 100644 --- a/include/klay/rmi/socket.h +++ b/include/klay/rmi/socket.h @@ -20,6 +20,8 @@ #include #include +#include + namespace klay { namespace rmi { @@ -52,8 +54,8 @@ public: void write(const void* buffer, const size_t size) const; void read(void* buffer, const size_t size) const; - void sendFileDescriptors(const int* fds, const size_t nr) const; - void receiveFileDescriptors(int* fds, const size_t nr) const; + void sendFileDescriptors(const std::vector& fds, const size_t nr) const; + void receiveFileDescriptors(std::vector& fds, const size_t nr) const; static Socket create(const std::string& path, bool activation = false); static Socket connect(const std::string& path); diff --git a/src/rmi/socket.cpp b/src/rmi/socket.cpp index 9889acb..7370473 100644 --- a/src/rmi/socket.cpp +++ b/src/rmi/socket.cpp @@ -135,7 +135,7 @@ void Socket::write(const void *buffer, const size_t size) const } } -void Socket::sendFileDescriptors(const int* fds, const size_t nr) const +void Socket::sendFileDescriptors(const std::vector& fds, const size_t nr) const { if (nr == 0) return; @@ -156,13 +156,14 @@ void Socket::sendFileDescriptors(const int* fds, const size_t nr) const msgh.msg_control = buffer; msgh.msg_controllen = sizeof(buffer); - struct cmsghdr *cmhp; - cmhp = CMSG_FIRSTHDR(&msgh); + struct cmsghdr *cmhp = CMSG_FIRSTHDR(&msgh); + if (cmhp == nullptr) + throw SocketException("There isn't enough space for a cmsghdr."); cmhp->cmsg_level = SOL_SOCKET; cmhp->cmsg_type = SCM_RIGHTS; cmhp->cmsg_len = CMSG_LEN(sizeof(int) * nr); - ::memcpy(CMSG_DATA(cmhp), fds, sizeof(int) * nr); + ::memcpy(CMSG_DATA(cmhp), fds.data(), sizeof(int) * nr); int written = 0; while (written < 1) { @@ -175,7 +176,7 @@ void Socket::sendFileDescriptors(const int* fds, const size_t nr) const } } -void Socket::receiveFileDescriptors(int* fds, const size_t nr) const +void Socket::receiveFileDescriptors(std::vector& fds, const size_t nr) const { if (nr == 0) return; @@ -208,14 +209,13 @@ void Socket::receiveFileDescriptors(int* fds, const size_t nr) const } } - int i = 0; for (struct cmsghdr *cmhp = CMSG_FIRSTHDR(&msgh); cmhp != NULL; cmhp = CMSG_NXTHDR(&msgh, cmhp)) { if ((cmhp->cmsg_level == SOL_SOCKET) && (cmhp->cmsg_type == SCM_RIGHTS)) { if (cmhp->cmsg_len != CMSG_LEN(sizeof(int) * nr)) { std::cout << "Invalid File Descriptor Table" << std::endl; } - fds[i++] = *(reinterpret_cast(CMSG_DATA(cmhp))); + fds.push_back(*(reinterpret_cast(CMSG_DATA(cmhp)))); } } }