lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2016 16:03:11 +0200 From: Martijn Coenen <maco@...roid.com> To: gregkh@...uxfoundation.org Cc: Arve Hjønnevåg <arve@...roid.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 02/10] ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct On Mon, Oct 24, 2016 at 3:20 PM, Martijn Coenen <maco@...roid.com> wrote: > From: Arve Hjønnevåg <arve@...roid.com> > > Prevents leaking pointers between processes > > Signed-off-by: Arve Hjønnevåg <arve@...roid.com> Signed-off-by: Martijn Coenen <maco@...roid.com> > --- > drivers/android/binder.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/android/binder.c b/drivers/android/binder.c > index 3681759..3c71b98 100644 > --- a/drivers/android/binder.c > +++ b/drivers/android/binder.c > @@ -1584,7 +1584,9 @@ static void binder_transaction(struct binder_proc *proc, > fp->type = BINDER_TYPE_HANDLE; > else > fp->type = BINDER_TYPE_WEAK_HANDLE; > + fp->binder = 0; > fp->handle = ref->desc; > + fp->cookie = 0; > binder_inc_ref(ref, fp->type == BINDER_TYPE_HANDLE, > &thread->todo); > > @@ -1634,7 +1636,9 @@ static void binder_transaction(struct binder_proc *proc, > return_error = BR_FAILED_REPLY; > goto err_binder_get_ref_for_node_failed; > } > + fp->binder = 0; > fp->handle = new_ref->desc; > + fp->cookie = 0; > binder_inc_ref(new_ref, fp->type == BINDER_TYPE_HANDLE, NULL); > trace_binder_transaction_ref_to_ref(t, ref, > new_ref); > @@ -1688,6 +1692,7 @@ static void binder_transaction(struct binder_proc *proc, > binder_debug(BINDER_DEBUG_TRANSACTION, > " fd %d -> %d\n", fp->handle, target_fd); > /* TODO: fput? */ > + fp->binder = 0; > fp->handle = target_fd; > } break; > > -- > 2.8.0.rc3.226.g39d4020 >
Powered by blists - more mailing lists