Validate asec names.
Make sure asec names only contain alphanumeric, underscores,
dots, or dashes. Don't allow double dots.
Bug: 12504045
(cherry picked from commit 669626096513cf741646cf18a9e8ba246d359596)
Change-Id: Ia9d04f373aa95878b2e81584c4167dc2d4aa0c78
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 0388010..ac1e1b9 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -204,6 +204,12 @@
int VolumeManager::getAsecMountPath(const char *id, char *buffer, int maxlen) {
char asecFileName[255];
+ if (!isLegalAsecId(id)) {
+ SLOGE("getAsecMountPath: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
@@ -222,6 +228,12 @@
int VolumeManager::getAsecFilesystemPath(const char *id, char *buffer, int maxlen) {
char asecFileName[255];
+ if (!isLegalAsecId(id)) {
+ SLOGE("getAsecFilesystemPath: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
@@ -242,6 +254,12 @@
struct asec_superblock sb;
memset(&sb, 0, sizeof(sb));
+ if (!isLegalAsecId(id)) {
+ SLOGE("createAsec: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
const bool wantFilesystem = strcmp(fstype, "none");
bool usingExt4 = false;
if (wantFilesystem) {
@@ -451,6 +469,12 @@
char loopDevice[255];
char mountPoint[255];
+ if (!isLegalAsecId(id)) {
+ SLOGE("finalizeAsec: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
@@ -504,6 +528,12 @@
return -1;
}
+ if (!isLegalAsecId(id)) {
+ SLOGE("fixupAsecPermissions: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
@@ -613,6 +643,18 @@
const char *dir;
+ if (!isLegalAsecId(id1)) {
+ SLOGE("renameAsec: Invalid asec id1 \"%s\"", id1);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (!isLegalAsecId(id2)) {
+ SLOGE("renameAsec: Invalid asec id2 \"%s\"", id2);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id1, asecFilename1, sizeof(asecFilename1), &dir)) {
SLOGE("Couldn't find ASEC %s", id1);
return -1;
@@ -659,6 +701,12 @@
char asecFileName[255];
char mountPoint[255];
+ if (!isLegalAsecId(id)) {
+ SLOGE("unmountAsec: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
@@ -775,6 +823,12 @@
char asecFileName[255];
char mountPoint[255];
+ if (!isLegalAsecId(id)) {
+ SLOGE("destroyAsec: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
@@ -803,6 +857,38 @@
return 0;
}
+/*
+ * Legal ASEC ids consist of alphanumeric characters, '-',
+ * '_', or '.'. ".." is not allowed. The first or last character
+ * of the ASEC id cannot be '.' (dot).
+ */
+bool VolumeManager::isLegalAsecId(const char *id) const {
+ size_t i;
+ size_t len = strlen(id);
+
+ if (len == 0) {
+ return false;
+ }
+ if ((id[0] == '.') || (id[len - 1] == '.')) {
+ return false;
+ }
+
+ for (i = 0; i < len; i++) {
+ if (id[i] == '.') {
+ // i=0 is guaranteed never to have a dot. See above.
+ if (id[i-1] == '.') return false;
+ continue;
+ }
+ if (id[i] == '_' || id[i] == '-') continue;
+ if (id[i] >= 'a' && id[i] <= 'z') continue;
+ if (id[i] >= 'A' && id[i] <= 'Z') continue;
+ if (id[i] >= '0' && id[i] <= '9') continue;
+ return false;
+ }
+
+ return true;
+}
+
bool VolumeManager::isAsecInDirectory(const char *dir, const char *asecName) const {
int dirfd = open(dir, O_DIRECTORY);
if (dirfd < 0) {
@@ -827,6 +913,12 @@
const int idLen = strlen(id);
char *asecName;
+ if (!isLegalAsecId(id)) {
+ SLOGE("findAsec: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (asprintf(&asecName, "%s.asec", id) < 0) {
SLOGE("Couldn't allocate string to write ASEC name");
return -1;
@@ -862,6 +954,12 @@
char asecFileName[255];
char mountPoint[255];
+ if (!isLegalAsecId(id)) {
+ SLOGE("mountAsec: Invalid asec id \"%s\"", id);
+ errno = EINVAL;
+ return -1;
+ }
+
if (findAsec(id, asecFileName, sizeof(asecFileName))) {
SLOGE("Couldn't find ASEC %s", id);
return -1;
diff --git a/VolumeManager.h b/VolumeManager.h
index 198b5a9..77fff87 100644
--- a/VolumeManager.h
+++ b/VolumeManager.h
@@ -145,6 +145,7 @@
void readInitialState();
bool isMountpointMounted(const char *mp);
bool isAsecInDirectory(const char *dir, const char *asec) const;
+ bool isLegalAsecId(const char *id) const;
};
extern "C" {