Merge "liblog: pmsg_read add validity checking for prio"
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
73cc6edf0e
1 changed files with 18 additions and 10 deletions
|
|
@ -144,6 +144,7 @@ static int pmsgRead(struct android_log_logger_list *logger_list,
|
||||||
struct __attribute__((__packed__)) {
|
struct __attribute__((__packed__)) {
|
||||||
android_pmsg_log_header_t p;
|
android_pmsg_log_header_t p;
|
||||||
android_log_header_t l;
|
android_log_header_t l;
|
||||||
|
uint8_t prio;
|
||||||
} buf;
|
} buf;
|
||||||
static uint8_t preread_count;
|
static uint8_t preread_count;
|
||||||
bool is_system;
|
bool is_system;
|
||||||
|
|
@ -180,11 +181,16 @@ static int pmsgRead(struct android_log_logger_list *logger_list,
|
||||||
if (preread_count != sizeof(buf)) {
|
if (preread_count != sizeof(buf)) {
|
||||||
return preread_count ? -EIO : -EAGAIN;
|
return preread_count ? -EIO : -EAGAIN;
|
||||||
}
|
}
|
||||||
if ((buf.p.magic != LOGGER_MAGIC)
|
if ((buf.p.magic != LOGGER_MAGIC) ||
|
||||||
|| (buf.p.len <= sizeof(buf))
|
(buf.p.len <= sizeof(buf)) ||
|
||||||
|| (buf.p.len > (sizeof(buf) + LOGGER_ENTRY_MAX_PAYLOAD))
|
(buf.p.len > (sizeof(buf) + LOGGER_ENTRY_MAX_PAYLOAD)) ||
|
||||||
|| (buf.l.id >= LOG_ID_MAX)
|
(buf.l.id >= LOG_ID_MAX) ||
|
||||||
|| (buf.l.realtime.tv_nsec >= NS_PER_SEC)) {
|
(buf.l.realtime.tv_nsec >= NS_PER_SEC) ||
|
||||||
|
((buf.l.id != LOG_ID_EVENTS) &&
|
||||||
|
(buf.l.id != LOG_ID_SECURITY) &&
|
||||||
|
((buf.prio == ANDROID_LOG_UNKNOWN) ||
|
||||||
|
(buf.prio == ANDROID_LOG_DEFAULT) ||
|
||||||
|
(buf.prio >= ANDROID_LOG_SILENT)))) {
|
||||||
do {
|
do {
|
||||||
memmove(&buf.p.magic, &buf.p.magic + 1, --preread_count);
|
memmove(&buf.p.magic, &buf.p.magic + 1, --preread_count);
|
||||||
} while (preread_count && (buf.p.magic != LOGGER_MAGIC));
|
} while (preread_count && (buf.p.magic != LOGGER_MAGIC));
|
||||||
|
|
@ -202,10 +208,12 @@ static int pmsgRead(struct android_log_logger_list *logger_list,
|
||||||
uid = get_best_effective_uid();
|
uid = get_best_effective_uid();
|
||||||
is_system = uid_has_log_permission(uid);
|
is_system = uid_has_log_permission(uid);
|
||||||
if (is_system || (uid == buf.p.uid)) {
|
if (is_system || (uid == buf.p.uid)) {
|
||||||
|
char *msg = is_system ?
|
||||||
|
log_msg->entry_v4.msg :
|
||||||
|
log_msg->entry_v3.msg;
|
||||||
|
*msg = buf.prio;
|
||||||
ret = TEMP_FAILURE_RETRY(read(transp->context.fd,
|
ret = TEMP_FAILURE_RETRY(read(transp->context.fd,
|
||||||
is_system ?
|
msg + sizeof(buf.prio),
|
||||||
log_msg->entry_v4.msg :
|
|
||||||
log_msg->entry_v3.msg,
|
|
||||||
buf.p.len - sizeof(buf)));
|
buf.p.len - sizeof(buf)));
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
@ -214,7 +222,7 @@ static int pmsgRead(struct android_log_logger_list *logger_list,
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_msg->entry_v4.len = buf.p.len - sizeof(buf);
|
log_msg->entry_v4.len = buf.p.len - sizeof(buf) + sizeof(buf.prio);
|
||||||
log_msg->entry_v4.hdr_size = is_system ?
|
log_msg->entry_v4.hdr_size = is_system ?
|
||||||
sizeof(log_msg->entry_v4) :
|
sizeof(log_msg->entry_v4) :
|
||||||
sizeof(log_msg->entry_v3);
|
sizeof(log_msg->entry_v3);
|
||||||
|
|
@ -227,7 +235,7 @@ static int pmsgRead(struct android_log_logger_list *logger_list,
|
||||||
log_msg->entry_v4.uid = buf.p.uid;
|
log_msg->entry_v4.uid = buf.p.uid;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret + log_msg->entry_v4.hdr_size;
|
return ret + sizeof(buf.prio) + log_msg->entry_v4.hdr_size;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue