Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix potential ApfFilter bugs by careful ByteBuffer use" into nyc-dev

Browse Source
This commit is contained in:
Paul Jensen
2016-04-05 00:23:36 +00:00
committed by Android (Google) Code Review
parent 10594942c6 1c71cb3e72
commit 10d70bff61
1 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
services/net/java/android/net/apf/ApfFilter.java
View File

@@ -226,6 +226,7 @@ public class ApfFilter {
private static final int ICMP6_4_BYTE_LIFETIME_OFFSET = 4; private static final int ICMP6_4_BYTE_LIFETIME_OFFSET = 4;
private static final int ICMP6_4_BYTE_LIFETIME_LEN = 4; private static final int ICMP6_4_BYTE_LIFETIME_LEN = 4;
// Note: mPacket's position() cannot be assumed to be reset.
private final ByteBuffer mPacket; private final ByteBuffer mPacket;
// List of binary ranges that include the whole packet except the lifetimes. // List of binary ranges that include the whole packet except the lifetimes.
// Pairs consist of offset and length. // Pairs consist of offset and length.
@@ -379,17 +380,12 @@ public class ApfFilter {
// Ignoring lifetimes (which may change) does {@code packet} match this RA? // Ignoring lifetimes (which may change) does {@code packet} match this RA?
boolean matches(byte[] packet, int length) { boolean matches(byte[] packet, int length) {
if (length != mPacket.limit()) return false; if (length != mPacket.capacity()) return false;
ByteBuffer a = ByteBuffer.wrap(packet); byte[] referencePacket = mPacket.array();
ByteBuffer b = mPacket;
for (Pair<Integer, Integer> nonLifetime : mNonLifetimes) { for (Pair<Integer, Integer> nonLifetime : mNonLifetimes) {
a.clear(); for (int i = nonLifetime.first; i < (nonLifetime.first + nonLifetime.second); i++) {
b.clear(); if (packet[i] != referencePacket[i]) return false;
a.position(nonLifetime.first); }
b.position(nonLifetime.first);
a.limit(nonLifetime.first + nonLifetime.second);
b.limit(nonLifetime.first + nonLifetime.second);
if (a.compareTo(b) != 0) return false;
} }
return true; return true;
} }
@@ -441,7 +437,7 @@ public class ApfFilter {
String nextFilterLabel = "Ra" + getUniqueNumberLocked(); String nextFilterLabel = "Ra" + getUniqueNumberLocked();
// Skip if packet is not the right size // Skip if packet is not the right size
gen.addLoadFromMemory(Register.R0, gen.PACKET_SIZE_MEMORY_SLOT); gen.addLoadFromMemory(Register.R0, gen.PACKET_SIZE_MEMORY_SLOT);
gen.addJumpIfR0NotEquals(mPacket.limit(), nextFilterLabel); gen.addJumpIfR0NotEquals(mPacket.capacity(), nextFilterLabel);
int filterLifetime = (int)(currentLifetime() / FRACTION_OF_LIFETIME_TO_FILTER); int filterLifetime = (int)(currentLifetime() / FRACTION_OF_LIFETIME_TO_FILTER);
// Skip filter if expired // Skip filter if expired
gen.addLoadFromMemory(Register.R0, gen.FILTER_AGE_MEMORY_SLOT); gen.addLoadFromMemory(Register.R0, gen.FILTER_AGE_MEMORY_SLOT);