diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2019-05-04 23:05:00 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-05-04 23:05:00 +0000 |
commit | c02fd4dc76fdf91b3f1eabeff93d23f00efc9cae (patch) | |
tree | 0a8afeddec201ee6f1b47629cd6bdaefad13b8ca | |
parent | 92f48977376cc408d5bca46eb4475adfebe82fa1 (diff) | |
parent | 3297c7d7bca85db2b178e8838138b71e9d2a86ad (diff) | |
download | android-clat-c02fd4dc76fdf91b3f1eabeff93d23f00efc9cae.tar.gz |
Snap for 5533229 from 3297c7d7bca85db2b178e8838138b71e9d2a86ad to qt-release
Change-Id: I6deb01ed8523b806029a11c2eb7985bb57b6aa9a
-rw-r--r-- | Android.bp | 14 | ||||
-rw-r--r-- | clatd.c | 4 | ||||
-rw-r--r-- | clatd_microbenchmark.c | 2 | ||||
-rw-r--r-- | config.c | 2 | ||||
-rw-r--r-- | mtu.c | 5 | ||||
-rw-r--r-- | ring.c | 2 | ||||
-rw-r--r-- | tun.c | 10 | ||||
-rw-r--r-- | tun.h | 2 |
8 files changed, 30 insertions, 11 deletions
@@ -54,6 +54,20 @@ cc_binary { "liblog", "libnetutils", ], + + // Only enable clang-tidy for the daemon, not the tests, because enabling it for the + // tests substantially increases build/compile cycle times and doesn't really provide a + // security benefit. + tidy: true, + tidy_checks: [ + "-*", + "cert-*", + "clang-analyzer-security*", + "android-*", + ], + tidy_flags: [ + "-warnings-as-errors=clang-analyzer-security*,cert-*,android-*", + ], } // The configuration file. @@ -231,7 +231,7 @@ void drop_root_but_keep_caps() { * mark - the socket mark to use for the sending raw socket */ void open_sockets(struct tun_data *tunnel, uint32_t mark) { - int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK, IPPROTO_RAW); + int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW); if (rawsock < 0) { logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno)); exit(1); @@ -381,7 +381,7 @@ void configure_interface(const char *uplink_interface, const char *plat_prefix, logmsg(ANDROID_LOG_WARN, "ipv4mtu now set to = %d", Global_Clatd_Config.ipv4mtu); } - error = tun_alloc(tunnel->device4, tunnel->fd4); + error = tun_alloc(tunnel->device4, tunnel->fd4, sizeof(tunnel->device4)); if (error < 0) { logmsg(ANDROID_LOG_FATAL, "tun_alloc/4 failed: %s", strerror(errno)); exit(1); diff --git a/clatd_microbenchmark.c b/clatd_microbenchmark.c index 91b0996..15a0376 100644 --- a/clatd_microbenchmark.c +++ b/clatd_microbenchmark.c @@ -67,7 +67,7 @@ int setup_tun() { if (fd == -1) die("tun_open"); char dev[IFNAMSIZ] = DEVICENAME; - int ret = tun_alloc(dev, fd); + int ret = tun_alloc(dev, fd, sizeof(dev)); if (ret == -1) die("tun_alloc"); struct ifreq ifr = { .ifr_name = DEVICENAME, @@ -227,7 +227,7 @@ void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet, // Factored out to a separate function for testability. int connect_is_ipv4_address_free(in_addr_t addr) { - int s = socket(AF_INET, SOCK_DGRAM, 0); + int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (s == -1) { return 0; } @@ -22,6 +22,7 @@ #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/types.h> +#include <unistd.h> #include "mtu.h" @@ -33,14 +34,16 @@ int getifmtu(const char *ifname) { int fd; struct ifreq if_mtu; - fd = socket(AF_INET, SOCK_STREAM, 0); + fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); if (fd < 0) { return -1; } strncpy(if_mtu.ifr_name, ifname, IFNAMSIZ); if_mtu.ifr_name[IFNAMSIZ - 1] = '\0'; if (ioctl(fd, SIOCGIFMTU, &if_mtu) < 0) { + close(fd); return -1; } + close(fd); return if_mtu.ifr_mtu; } @@ -30,7 +30,7 @@ #include "tun.h" int ring_create(struct tun_data *tunnel) { - int packetsock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IPV6)); + int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6)); if (packetsock < 0) { logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno)); return -1; @@ -32,9 +32,9 @@ int tun_open() { int fd; - fd = open("/dev/tun", O_RDWR); + fd = open("/dev/tun", O_RDWR | O_CLOEXEC); if (fd < 0) { - fd = open("/dev/net/tun", O_RDWR); + fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC); } return fd; @@ -43,8 +43,10 @@ int tun_open() { /* function: tun_alloc * creates a tun interface and names it * dev - the name for the new tun device + * fd - an open fd to the tun device node + * len - the length of the buffer pointed to by dev */ -int tun_alloc(char *dev, int fd) { +int tun_alloc(char *dev, int fd, size_t len) { struct ifreq ifr; int err; @@ -60,7 +62,7 @@ int tun_alloc(char *dev, int fd) { close(fd); return err; } - strcpy(dev, ifr.ifr_name); + strlcpy(dev, ifr.ifr_name, len); return 0; } @@ -30,7 +30,7 @@ struct tun_data { }; int tun_open(); -int tun_alloc(char *dev, int fd); +int tun_alloc(char *dev, int fd, size_t len); int send_tun(int fd, clat_packet out, int iov_len); int set_nonblocking(int fd); |