LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add message length check in parseNetlinkErrorMessage

Browse Source 
Address review comment on aosp/2501578

Bug: 280553055
Test: TH, atest CtsNetTestCases
Change-Id: I945afc3dcc33dc85de6b00742fcf54e9c1901585
This commit is contained in:
Motomu Utsumi
2023-05-10 17:47:28 +09:00
parent 2f240ff0b7
commit 2976065935
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
staticlibs/device/com/android/net/module/util/netlink/NetlinkUtils.java
View File

@@ -93,6 +93,15 @@ public class NetlinkUtils {
if (nlmsghdr == null || nlmsghdr.nlmsg_type != NetlinkConstants.NLMSG_ERROR) {
return null;
}
final int messageLength = NetlinkConstants.alignedLengthOf(nlmsghdr.nlmsg_len);
final int payloadLength = messageLength - StructNlMsgHdr.STRUCT_SIZE;
if (payloadLength < 0 || payloadLength > bytes.remaining()) {
// Malformed message or runt buffer. Pretend the buffer was consumed.
bytes.position(bytes.limit());
return null;
}
return NetlinkErrorMessage.parse(nlmsghdr, bytes);
}