Mirrors/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-06-12 13:17:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Guard su request IPC

Browse Source 
Previously `read_string()` calls `std::string.resize()` with a int read from remote process. When I/O error occurs, -1 will be used for resizing the string, `std::bad_alloc` is thrown and since magisk is compiled with `-fno-exceptions`, it will crash the whole daemon process.

May fix topjohnwu#5681
This commit is contained in:
canyie
2022-04-03 13:09:23 +08:00
committed by John Wu
parent 3f840f53a0
commit 448384af06
4 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
native/jni/su/su_daemon.cpp
View File

@ -220,9 +220,13 @@ void su_daemon_handler(int client, const sock_cred *cred) {
};
// Read su_request
xxread(client, &ctx.req, sizeof(su_req_base));
read_string(client, ctx.req.shell);
read_string(client, ctx.req.command);
if (xxread(client, &ctx.req, sizeof(su_req_base)) < 0 || !read_string(client, ctx.req.shell) || !read_string(client, ctx.req.command)) {
LOGW("su: remote process probably died, abort\n");
ctx.info.reset();
write_int(client, DENY);
close(client);
return;
}
// If still not determined, ask manager
if (ctx.info->access.policy == QUERY) {