Snap for 5533229 from 3297c7d7bca85db2b178e8838138b71e9d2a86ad to qt-release

Change-Id: I6deb01ed8523b806029a11c2eb7985bb57b6aa9a
author: android-build-team Robot <android-build-team-robot@google.com> 2019-05-04 23:05:00 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2019-05-04 23:05:00 +0000
commit: c02fd4dc76fdf91b3f1eabeff93d23f00efc9cae (patch)
tree: 0a8afeddec201ee6f1b47629cd6bdaefad13b8ca
parent: 92f48977376cc408d5bca46eb4475adfebe82fa1 (diff)
parent: 3297c7d7bca85db2b178e8838138b71e9d2a86ad (diff)
download: android-clat-c02fd4dc76fdf91b3f1eabeff93d23f00efc9cae.tar.gz
8 files changed, 30 insertions, 11 deletions
diff --git a/Android.bp b/Android.bp
index e0eeb2e..98b4010 100644
--- a/Android.bp
+++ b/Android.bp
@@ -54,6 +54,20 @@ cc_binary {
         "liblog",
         "libnetutils",
     ],
+
+    // Only enable clang-tidy for the daemon, not the tests, because enabling it for the
+    // tests substantially increases build/compile cycle times and doesn't really provide a
+    // security benefit.
+    tidy: true,
+    tidy_checks: [
+        "-*",
+        "cert-*",
+        "clang-analyzer-security*",
+        "android-*",
+    ],
+    tidy_flags: [
+        "-warnings-as-errors=clang-analyzer-security*,cert-*,android-*",
+    ],
 }
 
 // The configuration file.
diff --git a/clatd.c b/clatd.c
index 94a0f06..d68dc05 100644
--- a/clatd.c
+++ b/clatd.c
@@ -231,7 +231,7 @@ void drop_root_but_keep_caps() {
  *   mark - the socket mark to use for the sending raw socket
  */
 void open_sockets(struct tun_data *tunnel, uint32_t mark) {
-  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK, IPPROTO_RAW);
+  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW);
   if (rawsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno));
     exit(1);
@@ -381,7 +381,7 @@ void configure_interface(const char *uplink_interface, const char *plat_prefix,
     logmsg(ANDROID_LOG_WARN, "ipv4mtu now set to = %d", Global_Clatd_Config.ipv4mtu);
   }
 
-  error = tun_alloc(tunnel->device4, tunnel->fd4);
+  error = tun_alloc(tunnel->device4, tunnel->fd4, sizeof(tunnel->device4));
   if (error < 0) {
     logmsg(ANDROID_LOG_FATAL, "tun_alloc/4 failed: %s", strerror(errno));
     exit(1);
diff --git a/clatd_microbenchmark.c b/clatd_microbenchmark.c
index 91b0996..15a0376 100644
--- a/clatd_microbenchmark.c
+++ b/clatd_microbenchmark.c
@@ -67,7 +67,7 @@ int setup_tun() {
   if (fd == -1) die("tun_open");
 
   char dev[IFNAMSIZ] = DEVICENAME;
-  int ret            = tun_alloc(dev, fd);
+  int ret            = tun_alloc(dev, fd, sizeof(dev));
   if (ret == -1) die("tun_alloc");
   struct ifreq ifr = {
     .ifr_name = DEVICENAME,
diff --git a/config.c b/config.c
index 5a9d599..f84a61f 100644
--- a/config.c
+++ b/config.c
@@ -227,7 +227,7 @@ void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet,
 
 // Factored out to a separate function for testability.
 int connect_is_ipv4_address_free(in_addr_t addr) {
-  int s = socket(AF_INET, SOCK_DGRAM, 0);
+  int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
   if (s == -1) {
     return 0;
   }
diff --git a/mtu.c b/mtu.c
index 567d177..472bd4e 100644
--- a/mtu.c
+++ b/mtu.c
@@ -22,6 +22,7 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/types.h>
+#include <unistd.h>
 
 #include "mtu.h"
 
@@ -33,14 +34,16 @@ int getifmtu(const char *ifname) {
   int fd;
   struct ifreq if_mtu;
 
-  fd = socket(AF_INET, SOCK_STREAM, 0);
+  fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
   if (fd < 0) {
     return -1;
   }
   strncpy(if_mtu.ifr_name, ifname, IFNAMSIZ);
   if_mtu.ifr_name[IFNAMSIZ - 1] = '\0';
   if (ioctl(fd, SIOCGIFMTU, &if_mtu) < 0) {
+    close(fd);
     return -1;
   }
+  close(fd);
   return if_mtu.ifr_mtu;
 }
diff --git a/ring.c b/ring.c
index 61d40d2..e836a55 100644
--- a/ring.c
+++ b/ring.c
@@ -30,7 +30,7 @@
 #include "tun.h"
 
 int ring_create(struct tun_data *tunnel) {
-  int packetsock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IPV6));
+  int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
   if (packetsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno));
     return -1;
diff --git a/tun.c b/tun.c
index 406fc2f..7ecbf2c 100644
--- a/tun.c
+++ b/tun.c
@@ -32,9 +32,9 @@
 int tun_open() {
   int fd;
 
-  fd = open("/dev/tun", O_RDWR);
+  fd = open("/dev/tun", O_RDWR | O_CLOEXEC);
   if (fd < 0) {
-    fd = open("/dev/net/tun", O_RDWR);
+    fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
   }
 
   return fd;
@@ -43,8 +43,10 @@ int tun_open() {
 /* function: tun_alloc
  * creates a tun interface and names it
  * dev - the name for the new tun device
+ * fd - an open fd to the tun device node
+ * len - the length of the buffer pointed to by dev
  */
-int tun_alloc(char *dev, int fd) {
+int tun_alloc(char *dev, int fd, size_t len) {
   struct ifreq ifr;
   int err;
 
@@ -60,7 +62,7 @@ int tun_alloc(char *dev, int fd) {
     close(fd);
     return err;
   }
-  strcpy(dev, ifr.ifr_name);
+  strlcpy(dev, ifr.ifr_name, len);
   return 0;
 }
 
diff --git a/tun.h b/tun.h
index f0449b9..95650fa 100644
--- a/tun.h
+++ b/tun.h
@@ -30,7 +30,7 @@ struct tun_data {
 };
 
 int tun_open();
-int tun_alloc(char *dev, int fd);
+int tun_alloc(char *dev, int fd, size_t len);
 int send_tun(int fd, clat_packet out, int iov_len);
 int set_nonblocking(int fd);
author	android-build-team Robot <android-build-team-robot@google.com>	2019-05-04 23:05:00 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2019-05-04 23:05:00 +0000
commit	c02fd4dc76fdf91b3f1eabeff93d23f00efc9cae (patch)
tree	0a8afeddec201ee6f1b47629cd6bdaefad13b8ca
parent	92f48977376cc408d5bca46eb4475adfebe82fa1 (diff)
parent	3297c7d7bca85db2b178e8838138b71e9d2a86ad (diff)
download	android-clat-c02fd4dc76fdf91b3f1eabeff93d23f00efc9cae.tar.gz