From 8832dd73ee084822c5631c3bdc2ebef64557f2f0 Mon Sep 17 00:00:00 2001 From: Changgyu Choi Date: Mon, 20 Jul 2020 10:36:31 +0900 Subject: [PATCH] Add to check pid from __accept_candidate_process() Check whether different cpc and received socket pid, when accept client socket. If they are different, It is invalid accept. Change-Id: I2f2a3e9896fc07fc6ee77d4ca77d47042fa6d958 Signed-off-by: Changgyu Choi --- src/common/src/launchpad_common.c | 2 +- src/launchpad/src/launchpad.c | 37 ++++++++++++++++++++++++++++--------- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/src/common/src/launchpad_common.c b/src/common/src/launchpad_common.c index 1521634..05d8bef 100644 --- a/src/common/src/launchpad_common.c +++ b/src/common/src/launchpad_common.c @@ -679,7 +679,7 @@ int _connect_to_launchpad(int type, int id) send_ret = send(fd, &client_pid, sizeof(client_pid), MSG_NOSIGNAL); _D("send(%d) : %d", client_pid, send_ret); if (send_ret == -1) { - _E("send error"); + _E("send error(%d)", errno); close(fd); return -1; } diff --git a/src/launchpad/src/launchpad.c b/src/launchpad/src/launchpad.c index 9db8b9d..c665796 100644 --- a/src/launchpad/src/launchpad.c +++ b/src/launchpad/src/launchpad.c @@ -591,11 +591,13 @@ error: } static int __accept_candidate_process(int server_fd, int *out_client_fd, - int *out_client_pid) + int *out_client_pid, int cpc_pid) { int client_fd = -1; - int client_pid = 0; - int recv_ret = 0; + int recv_pid = 0; + int ret; + socklen_t len; + struct ucred cred = {}; if (server_fd == -1 || out_client_fd == NULL || out_client_pid == NULL) { @@ -614,15 +616,29 @@ static int __accept_candidate_process(int server_fd, int *out_client_fd, goto error; } - recv_ret = recv(client_fd, &client_pid, sizeof(client_pid), - MSG_WAITALL); - if (recv_ret == -1) { + ret = recv(client_fd, &recv_pid, sizeof(recv_pid), MSG_WAITALL); + if (ret == -1) { _E("recv error!"); goto error; } + len = sizeof(cred); + ret = getsockopt(client_fd, SOL_SOCKET, SO_PEERCRED, &cred, &len); + if (ret < 0) { + _E("getsockopt error"); + goto error; + } + + if (cred.pid != cpc_pid) { + _E("Invalid accept. pid(%d)", cred.pid); + goto error; + } + + if (cred.pid != recv_pid) + _W("Not equal recv and real pid"); + *out_client_fd = client_fd; - *out_client_pid = client_pid; + *out_client_pid = cred.pid; return *out_client_fd; @@ -1432,7 +1448,8 @@ static bool __handle_loader_event(int fd, io_condition_e cond, void *data) return false; if (!cpc->prepared) { - ret = __accept_candidate_process(fd, &client_fd, &client_pid); + ret = __accept_candidate_process(fd, &client_fd, &client_pid, + cpc->pid); if (ret >= 0) { /* for hydra need to set pid to pid of non-hydra candidate, */ /* which is connecting now */ @@ -1470,7 +1487,8 @@ static bool __handle_hydra_event(int fd, io_condition_e cond, void *data) return false; if (!cpc->prepared) { - ret = __accept_candidate_process(fd, &client_fd, &client_pid); + ret = __accept_candidate_process(fd, &client_fd, &client_pid, + cpc->pid); if (ret >= 0) { cpc->hydra_fd = client_fd; @@ -1536,6 +1554,7 @@ static bool __handle_label_monitor(int fd, io_condition_e cond, void *data) return false; } + _D("fd(%d) condition(%d)", fd, cond); _log_print("[LABEL]", "fd(%d), condition(%d)", fd, cond); security_manager_app_labels_monitor_process(label_monitor); -- 2.7.4