qtaguid: test: fix issue with buffer overflow

Fixed the bug that test program cannot read socket addr directly from ctrl file, changed the implementation of read ctrl file to prevent possible fails when the ctrl file size is greater then the read buffer size. Test: manually tested on angler device. build and sync this module into device and run adb shell ./data/nativetest64/socketTag/socketTag Change-Id: I68a8513814a97d9417e13ad320a079510591d3a2
author: Chenbo Feng <fengc@google.com> 2016-09-28 10:01:42 -0700
committer: Chenbo Feng <fengc@google.com> 2016-09-29 12:38:53 -0700
commit: 2e363e48f8b0f6c11ad3184d9c010052605b480d (patch)
tree: c497f7d8fe7a9b8f9fbdbd3e996c6476a74911b0 /tests
parent: 1a35848b34d6572a6b65fe50133414b2dcbea92b (diff)
download: extras-2e363e48f8b0f6c11ad3184d9c010052605b480d.tar.gz
1 files changed, 33 insertions, 30 deletions
diff --git a/tests/iptables/qtaguid/socketTag.cpp b/tests/iptables/qtaguid/socketTag.cpp
index 24a87e04..01e35022 100644
--- a/tests/iptables/qtaguid/socketTag.cpp
+++ b/tests/iptables/qtaguid/socketTag.cpp
@@ -20,19 +20,24 @@
  * netfilter/xt_qtaguid kernel module somewhat behaves as expected
  * with respect to tagging sockets.
  */
+
+#define LOG_TAG "socketTagTest"
+
 #include <assert.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <gtest/gtest.h>
+#include <string>
 #include <sys/socket.h>
 #include <sys/types.h>
-#include <string>
 
-#define LOG_TAG "socketTagTest"
+#include <fstream>
+
+#include <gtest/gtest.h>
 #include <utils/Log.h>
+
 #include <testUtil.h>
 
 namespace android {
@@ -131,12 +136,7 @@ int SockInfo::setup(uint64_t tag) {
  * Returns: true if tag found.
  */
 bool SockInfo::checkTag(uint64_t acct_tag, uid_t uid) {
-    int ctrl_fd;
-    ctrl_fd = openCtrl();
-    char ctrl_data[1024];
-    ssize_t read_size;
-    char *buff;
-    char *pos;
+    char * buff;
     int res;
     char *match_template;
     uint64_t k_tag;
@@ -145,13 +145,10 @@ bool SockInfo::checkTag(uint64_t acct_tag, uid_t uid) {
     long dummy_count;
     pid_t dummy_pid;
 
-    read_size = read(ctrl_fd, ctrl_data, sizeof(ctrl_data));
-    if (read_size < 0) {
-       testPrintE("Unable to read active tags from ctrl %d/%s",
-                  errno, strerror(errno));
+    std::ifstream fctrl("/proc/net/xt_qtaguid/ctrl", std::fstream::in);
+    if(!fctrl.is_open()) {
+        testPrintI("qtaguid ctrl open failed!");
     }
-    ctrl_data[read_size] = '\0';
-    testPrintI("<ctrl_raw_data>\n%s</ctrl_raw_data>", ctrl_data);
 
     if (addr) {
         assert(sizeof(void*) == sizeof(long int));  // Why does %p use 0x? grrr. %lx.
@@ -166,25 +163,31 @@ bool SockInfo::checkTag(uint64_t acct_tag, uid_t uid) {
 
     asprintf(&buff, match_template, full_tag | uid, uid);
     testPrintI("looking for '%s'", buff);
-    pos = strstr(ctrl_data, buff);
-
-    if (pos && !addr) {
-        assert(sizeof(void*) == sizeof(long int));  // Why does %p use 0x? grrr. %lx.
-        res = sscanf(pos - strlen("sock=1234abcd"),
-                     "sock=%" SCNxPTR " tag=0x%" SCNx64 " (uid=%" SCNu32 ") pid=%u f_count=%lu",
-                     (uintptr_t *)&addr, &k_tag, &k_uid, &dummy_pid, &dummy_count );
-        if (!(res == 5 && k_tag == full_tag && k_uid == uid)) {
-            testPrintE("Unable to read sock addr res=%d", res);
-           addr = 0;
-        }
-        else {
-            testPrintI("Got sock_addr %lx", addr);
+    std::string ctrl_data;
+    std::size_t pos = std::string::npos;
+    while(std::getline(fctrl, ctrl_data)) {
+        testPrintI("<ctrl_raw_data> : %s", ctrl_data.c_str());
+        pos = ctrl_data.find(buff);
+        if (pos != std::string::npos) {
+            if(!addr) {
+                testPrintI("matched data : %s", ctrl_data.c_str());
+                assert(sizeof(void*) == sizeof(long int));  // Why does %p use 0x? grrr. %lx.
+                res = sscanf(ctrl_data.c_str(),
+                            "sock=%" SCNxPTR " tag=0x%" SCNx64 " (uid=%" SCNu32 ") pid=%u f_count=%lu",
+                            (uintptr_t *)&addr, &k_tag, &k_uid, &dummy_pid, &dummy_count );
+                if (!(res == 5 && k_tag == full_tag && k_uid == uid)) {
+                    testPrintE("Unable to read sock addr res=%d", res);
+                    addr = 0;
+                } else {
+                    testPrintI("Got sock_addr %lx", addr);
+                }
+            }
+            break;
         }
     }
     free(buff);
     free(match_template);
-    close(ctrl_fd);
-    return pos != NULL;
+    return pos != std::string::npos;
 }
author	Chenbo Feng <fengc@google.com>	2016-09-28 10:01:42 -0700
committer	Chenbo Feng <fengc@google.com>	2016-09-29 12:38:53 -0700
commit	2e363e48f8b0f6c11ad3184d9c010052605b480d (patch)
tree	c497f7d8fe7a9b8f9fbdbd3e996c6476a74911b0 /tests
parent	1a35848b34d6572a6b65fe50133414b2dcbea92b (diff)
download	extras-2e363e48f8b0f6c11ad3184d9c010052605b480d.tar.gz