diff options
| author | Vamsi Krishna <vgattupa@codeaurora.org> | 2021-09-04 03:00:10 +0000 |
|---|---|---|
| committer | Vamsi Krishna <vgattupa@codeaurora.org> | 2021-09-04 03:00:10 +0000 |
| commit | 49c5d0bdfbe136a8af2b028a3b81db8a3615f1da (patch) | |
| tree | 67294ff4698e560d092c5a48629387bbd6646957 | |
| parent | 08a961cdc5028bb7d66800ad45cf05883bdc9535 (diff) | |
| parent | a4d4e7365ba195670eba1db13b759561f9b0ea78 (diff) | |
[automerger] ADSPRPC: Sanitize local fastrpc handle am: a4d4e7365b
Change-Id: I1a61675c98d6b2e52f3090f2059bd67d8f780b3c
| -rw-r--r-- | src/fastrpc_apps_user.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/fastrpc_apps_user.c b/src/fastrpc_apps_user.c index 7d159cf..1dbc58e 100644 --- a/src/fastrpc_apps_user.c +++ b/src/fastrpc_apps_user.c @@ -560,11 +560,31 @@ static int fdlist_fd_from_buf(void* buf, int bufLen, int* nova, void** base, int return 0; } +static inline int is_valid_local_handle(struct handle_info* hinfo) { + int domain = 0; + QNode* pn = NULL; + struct handle_info* hi = NULL; + + for (domain = 0; domain < NUM_DOMAINS_EXTEND; domain++) { + pthread_mutex_lock(&hlist[domain].mut); + QLIST_FOR_ALL(&hlist[domain].ql, pn) { + hi = STD_RECOVER_REC(struct handle_info, qn, pn); + if (hi == hinfo) { + pthread_mutex_unlock(&hlist[domain].mut); + return 1; + } + } + pthread_mutex_unlock(&hlist[domain].mut); + } + return 0; +} + static int verify_local_handle(remote_handle64 local) { struct handle_info* hinfo = (struct handle_info*)(uintptr_t)local; int nErr = AEE_SUCCESS; VERIFYC(hinfo, AEE_EMEMPTR); + VERIFYC(is_valid_local_handle(hinfo), AEE_EBADHANDLE); VERIFYC((hinfo->hlist >= &hlist[0]) && (hinfo->hlist < &hlist[NUM_DOMAINS_EXTEND]), AEE_EMEMPTR); VERIFYC(QNode_IsQueuedZ(&hinfo->qn), AEE_ENOSUCHHANDLE); bail: |