LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check to ensure UDP-encap is used only for IPv4

Browse Source 
This commit checks if UDP-encapsulation is used
for unsupported address family and throws
IllegalArgumentException when it happens.

Bug: 74213459
Test: Tests added in testCreateTransportModeTransformWithEncap
      and testCreateTunnelModeTransformWithEncap.
      Command: runtest frameworks-net
      Verified on taimen.
Change-Id: I10c01f2bad6aca23430849ea9ef6c1eb157ae131
This commit is contained in:
evitayan
2018-03-22 17:53:08 -07:00
parent 0ce43570f5
commit 43d93a0c78
1 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
services/core/java/com/android/server/IpSecService.java
View File

@@ -19,6 +19,8 @@ package com.android.server;
import static android.Manifest.permission.DUMP; import static android.Manifest.permission.DUMP;
import static android.net.IpSecManager.INVALID_RESOURCE_ID; import static android.net.IpSecManager.INVALID_RESOURCE_ID;
import static android.system.OsConstants.AF_INET; import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static android.system.OsConstants.AF_UNSPEC;
import static android.system.OsConstants.EINVAL; import static android.system.OsConstants.EINVAL;
import static android.system.OsConstants.IPPROTO_UDP; import static android.system.OsConstants.IPPROTO_UDP;
import static android.system.OsConstants.SOCK_DGRAM; import static android.system.OsConstants.SOCK_DGRAM;
@@ -63,6 +65,8 @@ import com.android.internal.util.Preconditions;
import java.io.FileDescriptor; import java.io.FileDescriptor;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
@@ -1426,6 +1430,17 @@ public class IpSecService extends IIpSecService.Stub {
+ "or Encryption algorithms"); + "or Encryption algorithms");
} }
private int getFamily(String inetAddress) {
int family = AF_UNSPEC;
InetAddress checkAddress = NetworkUtils.numericToInetAddress(inetAddress);
if (checkAddress instanceof Inet4Address) {
family = AF_INET;
} else if (checkAddress instanceof Inet6Address) {
family = AF_INET6;
}
return family;
}
/** /**
* Checks an IpSecConfig parcel to ensure that the contents are sane and throws an * Checks an IpSecConfig parcel to ensure that the contents are sane and throws an
* IllegalArgumentException if they are not. * IllegalArgumentException if they are not.
@@ -1479,6 +1494,26 @@ public class IpSecService extends IIpSecService.Stub {
// Require a valid source address for all transforms. // Require a valid source address for all transforms.
checkInetAddress(config.getSourceAddress()); checkInetAddress(config.getSourceAddress());
// Check to ensure source and destination have the same address family.
String sourceAddress = config.getSourceAddress();
String destinationAddress = config.getDestinationAddress();
int sourceFamily = getFamily(sourceAddress);
int destinationFamily = getFamily(destinationAddress);
if (sourceFamily != destinationFamily) {
throw new IllegalArgumentException(
"Source address ("
+ sourceAddress
+ ") and destination address ("
+ destinationAddress
+ ") have different address families.");
}
// Throw an error if UDP Encapsulation is not used in IPv4.
if (config.getEncapType() != IpSecTransform.ENCAP_NONE && sourceFamily != AF_INET) {
throw new IllegalArgumentException(
"UDP Encapsulation is not supported for this address family");
}
switch (config.getMode()) { switch (config.getMode()) {
case IpSecTransform.MODE_TRANSPORT: case IpSecTransform.MODE_TRANSPORT:
break; break;