Skip to content

Commit

Permalink
Validate sender credentials on netlink msg receive
Browse files Browse the repository at this point in the history 
Verify that netlink messages are actually from the kernel,
and not from a userspace program.

Change-Id: I709c0efe9ba0258f6d79ebcde531d7f7bbe780b2
  • Loading branch information
@nickkral
nickkral committed Apr 18, 2011
1 parent 336bc32 commit b620a0b
Showing 1 changed file with 26 additions and 3 deletions.
29 changes: 26 additions & 3 deletions libsysutils/src/NetlinkListener.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

#include <sys/types.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <string.h>

#define LOG_TAG "NetlinkListener"
Expand All @@ -32,10 +33,32 @@ NetlinkListener::NetlinkListener(int socket) :
bool NetlinkListener::onDataAvailable(SocketClient *cli)
{
int socket = cli->getSocket();
int count;
ssize_t count;
char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
struct sockaddr_nl snl;
struct iovec iov = {mBuffer, sizeof(mBuffer)};
struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0};

if ((count = recv(socket, mBuffer, sizeof(mBuffer), 0)) < 0) {
SLOGE("recv failed (%s)", strerror(errno));
if ((count = recvmsg(socket, &hdr, 0)) < 0) {
SLOGE("recvmsg failed (%s)", strerror(errno));
return false;
}

if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) {
SLOGE("ignoring non-kernel netlink multicast message");
return false;
}

struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr);

if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
SLOGE("ignoring message with no sender credentials");
return false;
}

struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg);
if (cred->uid != 0) {
SLOGE("ignoring message from non-root UID %d", cred->uid);
return false;
}

Expand Down

0 comments on commit b620a0b

Please sign in to comment.