mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-18 12:24:21 -05:00
Reconcile picks
Signed-off-by: Thaddeus <tad@spotco.us>
This commit is contained in:
parent
85e3c271ab
commit
ab49a7e2a5
@ -1,114 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lin Lee <linlee@google.com>
|
|
||||||
Date: Mon, 7 Aug 2023 09:34:41 +0000
|
|
||||||
Subject: [PATCH] Fix Heap-use-after-free in MDnsSdListener::Monitor::run
|
|
||||||
|
|
||||||
Use thread join to avoid thread exiting after instance
|
|
||||||
recycled.
|
|
||||||
|
|
||||||
Prior to implementing this patch, fuzzing would lead to a segmentation fault after approximately 500 rounds. With the addition of the patch, the fuzzing process can now be repeated for over 30,000 rounds.
|
|
||||||
|
|
||||||
Test: m, fuzzing
|
|
||||||
Fuzzing: mma mdns_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/mdns_service_fuzzer/mdns_service_fuzzer
|
|
||||||
|
|
||||||
Bug: 272382770
|
|
||||||
Ignore-AOSP-First: Security Issue
|
|
||||||
(cherry picked from commit 9c0c15f80cffb98b36284dd169a2e62e059dbbe3)
|
|
||||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:75e5e2e1faec7aa2812fc6fba30d6fe80558bacd)
|
|
||||||
Merged-In: I5bc85451b4e6539bad45ceb672924a37952cc138
|
|
||||||
Change-Id: I5bc85451b4e6539bad45ceb672924a37952cc138
|
|
||||||
---
|
|
||||||
server/MDnsSdListener.cpp | 36 ++++++++++++++++++++++++------------
|
|
||||||
server/MDnsSdListener.h | 4 +++-
|
|
||||||
2 files changed, 27 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/server/MDnsSdListener.cpp b/server/MDnsSdListener.cpp
|
|
||||||
index b54014cd..e3dd616d 100644
|
|
||||||
--- a/server/MDnsSdListener.cpp
|
|
||||||
+++ b/server/MDnsSdListener.cpp
|
|
||||||
@@ -27,6 +27,7 @@
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <resolv.h>
|
|
||||||
+#include <thread>
|
|
||||||
|
|
||||||
#define LOG_TAG "MDnsDS"
|
|
||||||
#define DBG 1
|
|
||||||
@@ -524,10 +525,17 @@ MDnsSdListener::Monitor::Monitor() {
|
|
||||||
socketpair(AF_LOCAL, SOCK_STREAM, 0, mCtrlSocketPair);
|
|
||||||
pthread_mutex_init(&mHeadMutex, NULL);
|
|
||||||
|
|
||||||
- const int rval = ::android::net::threadLaunch(this);
|
|
||||||
- if (rval != 0) {
|
|
||||||
- ALOGW("Error spawning monitor thread: %s (%d)", strerror(-rval), -rval);
|
|
||||||
- }
|
|
||||||
+ mRescanThread = new std::thread(&Monitor::run, this);
|
|
||||||
+ if (!mRescanThread->joinable()) ALOGE("Unable to launch thread.");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+MDnsSdListener::Monitor::~Monitor() {
|
|
||||||
+ if (VDBG) ALOGD("Monitor recycling");
|
|
||||||
+ close(mCtrlSocketPair[1]); // interrupt poll in MDnsSdListener::Monitor::run() and revent will
|
|
||||||
+ // be 17 = POLLIN | POLLHUP
|
|
||||||
+ mRescanThread->join();
|
|
||||||
+ delete mRescanThread;
|
|
||||||
+ if (VDBG) ALOGD("Monitor recycled");
|
|
||||||
}
|
|
||||||
|
|
||||||
#define NAP_TIME 200 // 200 ms between polls
|
|
||||||
@@ -617,14 +625,18 @@ void MDnsSdListener::Monitor::run() {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (VDBG) ALOGD("controlSocket shows revent= %d", mPollFds[0].revents);
|
|
||||||
- switch (mPollFds[0].revents) {
|
|
||||||
- case POLLIN: {
|
|
||||||
- char readBuf[2];
|
|
||||||
- read(mCtrlSocketPair[0], &readBuf, 1);
|
|
||||||
- if (DBG) ALOGD("MDnsSdListener::Monitor got %c", readBuf[0]);
|
|
||||||
- if (memcmp(RESCAN, readBuf, 1) == 0) {
|
|
||||||
- pollCount = rescan();
|
|
||||||
- }
|
|
||||||
+ if (mPollFds[0].revents & POLLHUP) {
|
|
||||||
+ free(mPollFds);
|
|
||||||
+ free(mPollRefs);
|
|
||||||
+ if (VDBG) ALOGD("Monitor thread leaving.");
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ if (mPollFds[0].revents == POLLIN) {
|
|
||||||
+ char readBuf[2];
|
|
||||||
+ read(mCtrlSocketPair[0], &readBuf, 1);
|
|
||||||
+ if (DBG) ALOGD("MDnsSdListener::Monitor got %c", readBuf[0]);
|
|
||||||
+ if (memcmp(RESCAN, readBuf, 1) == 0) {
|
|
||||||
+ pollCount = rescan();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
mPollFds[0].revents = 0;
|
|
||||||
diff --git a/server/MDnsSdListener.h b/server/MDnsSdListener.h
|
|
||||||
index 8c6096e8..2b3cb5e2 100644
|
|
||||||
--- a/server/MDnsSdListener.h
|
|
||||||
+++ b/server/MDnsSdListener.h
|
|
||||||
@@ -20,6 +20,7 @@
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <sysutils/FrameworkListener.h>
|
|
||||||
#include <dns_sd.h>
|
|
||||||
+#include <thread>
|
|
||||||
|
|
||||||
#include "NetdCommand.h"
|
|
||||||
|
|
||||||
@@ -71,7 +72,7 @@ private:
|
|
||||||
class Monitor {
|
|
||||||
public:
|
|
||||||
Monitor();
|
|
||||||
- virtual ~Monitor() {}
|
|
||||||
+ ~Monitor();
|
|
||||||
DNSServiceRef *allocateServiceRef(int id, Context *c);
|
|
||||||
void startMonitoring(int id);
|
|
||||||
DNSServiceRef *lookupServiceRef(int id);
|
|
||||||
@@ -101,6 +102,7 @@ private:
|
|
||||||
int mPollSize;
|
|
||||||
int mCtrlSocketPair[2];
|
|
||||||
pthread_mutex_t mHeadMutex;
|
|
||||||
+ std::thread* mRescanThread;
|
|
||||||
};
|
|
||||||
|
|
||||||
class Handler : public NetdCommand {
|
|
@ -386,10 +386,6 @@ if enterAndClear "system/extras"; then
|
|||||||
applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "system/netd"; then
|
|
||||||
applyPatch "$DOS_PATCHES/android_system_netd/377024-backport.patch"; #R_asb_2023-12 Fix Heap-use-after-free in MDnsSdListener::Monitor::run #XXX
|
|
||||||
fi;
|
|
||||||
|
|
||||||
if enterAndClear "system/sepolicy"; then
|
if enterAndClear "system/sepolicy"; then
|
||||||
applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
|
||||||
#applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
|
#applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
|
||||||
|
@ -78,6 +78,7 @@ patchWorkspaceReal() {
|
|||||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||||
|
|
||||||
source build/envsetup.sh;
|
source build/envsetup.sh;
|
||||||
|
repipick -i 378458; #repopick: Fix apply order of dependent commits
|
||||||
#repopick -it ten-firewall;
|
#repopick -it ten-firewall;
|
||||||
repopick -it Q_asb_2023-03 -e 352333;
|
repopick -it Q_asb_2023-03 -e 352333;
|
||||||
repopick -it Q_asb_2023-04;
|
repopick -it Q_asb_2023-04;
|
||||||
|
Loading…
Reference in New Issue
Block a user