am 43682d94: Fix a TOCTOU and symlink attack in netd.
* commit '43682d9474a2c89ddecc9fcc818df40e4f5424ee':
Fix a TOCTOU and symlink attack in netd.
diff --git a/DnsProxyListener.cpp b/DnsProxyListener.cpp
index 6c09e69..7da6b43 100644
--- a/DnsProxyListener.cpp
+++ b/DnsProxyListener.cpp
@@ -24,6 +24,7 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
+#include <pthread.h>
#define LOG_TAG "DnsProxyListener"
#define DBG 0
@@ -47,7 +48,8 @@
}
void DnsProxyListener::GetAddrInfoHandler::start() {
- pthread_create(&mThread, NULL,
+ pthread_t thread;
+ pthread_create(&thread, NULL,
DnsProxyListener::GetAddrInfoHandler::threadStart, this);
}
@@ -215,7 +217,8 @@
}
void DnsProxyListener::GetHostByAddrHandler::start() {
- pthread_create(&mThread, NULL,
+ pthread_t thread;
+ pthread_create(&thread, NULL,
DnsProxyListener::GetHostByAddrHandler::threadStart, this);
}
diff --git a/DnsProxyListener.h b/DnsProxyListener.h
index 1e24ebd..24c3b6a 100644
--- a/DnsProxyListener.h
+++ b/DnsProxyListener.h
@@ -17,7 +17,6 @@
#ifndef _DNSPROXYLISTENER_H__
#define _DNSPROXYLISTENER_H__
-#include <pthread.h>
#include <sysutils/FrameworkListener.h>
#include "NetdCommand.h"
@@ -53,7 +52,6 @@
private:
void run();
- pthread_t mThread;
SocketClient* mClient; // ref counted
char* mHost; // owned
char* mService; // owned
@@ -85,7 +83,6 @@
private:
void run();
- pthread_t mThread;
SocketClient* mClient; // ref counted
void* mAddress; // address to lookup; owned
int mAddressLen; // length of address to look up
diff --git a/ResolverController.cpp b/ResolverController.cpp
index 680be20..23554e8 100644
--- a/ResolverController.cpp
+++ b/ResolverController.cpp
@@ -19,7 +19,7 @@
#include <cutils/log.h>
-#include <linux/if.h>
+#include <net/if.h>
// NOTE: <resolv_iface.h> is a private C library header that provides
// declarations for _resolv_set_default_iface() and others.
diff --git a/SecondaryTableController.h b/SecondaryTableController.h
index 58914df..79e0592 100644
--- a/SecondaryTableController.h
+++ b/SecondaryTableController.h
@@ -19,7 +19,7 @@
#include <sysutils/FrameworkListener.h>
-#include <linux/if.h>
+#include <net/if.h>
#ifndef IFNAMSIZ
#define IFNAMSIZ 16
diff --git a/TetherController.cpp b/TetherController.cpp
index 9ff1bc4..8d14a14 100644
--- a/TetherController.cpp
+++ b/TetherController.cpp
@@ -134,17 +134,19 @@
close(pipefd[0]);
}
- int num_processed_args = 5 + (num_addrs/2) + 1; // 1 null for termination
+ int num_processed_args = 7 + (num_addrs/2) + 1; // 1 null for termination
char **args = (char **)malloc(sizeof(char *) * num_processed_args);
args[num_processed_args - 1] = NULL;
args[0] = (char *)"/system/bin/dnsmasq";
- args[1] = (char *)"--no-daemon";
+ args[1] = (char *)"--keep-in-foreground";
args[2] = (char *)"--no-resolv";
args[3] = (char *)"--no-poll";
// TODO: pipe through metered status from ConnService
args[4] = (char *)"--dhcp-option-force=43,ANDROID_METERED";
+ args[5] = (char *)"--pid-file";
+ args[6] = (char *)"";
- int nextArg = 5;
+ int nextArg = 7;
for (int addrIndex=0; addrIndex < num_addrs;) {
char *start = strdup(inet_ntoa(addrs[addrIndex++]));
char *end = strdup(inet_ntoa(addrs[addrIndex++]));
diff --git a/TetherController.h b/TetherController.h
index eef94fe..398a8e5 100644
--- a/TetherController.h
+++ b/TetherController.h
@@ -17,7 +17,7 @@
#ifndef _TETHER_CONTROLLER_H
#define _TETHER_CONTROLLER_H
-#include <linux/in.h>
+#include <netinet/in.h>
#include "List.h"
