From c46b981ef03366f1171aead5cf1c5a6026404420 Mon Sep 17 00:00:00 2001
From: Chiachang Wang <chiachangwang@google.com>
Date: Wed, 27 Nov 2019 21:53:39 +0800
Subject: Avoid incorrect nlmsg_type in returned INetDiagMessage

The target parsing mechanism focuses on SOCK_DIAG_BY_FAMILY.
The returned message with unexpected messages will cause
the parsing mechanism does not work as intended. Thus,
skip parsing on incorrect message.

Bug: 145275899
Bug: 142035706
Test: atest NetworkStackTests NetworkStackNextTests
Change-Id: I73ab979c735268551a54b0a88de18c6d1a2068c4
---
 src/com/android/networkstack/netlink/TcpSocketTracker.java | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/com/android/networkstack/netlink/TcpSocketTracker.java b/src/com/android/networkstack/netlink/TcpSocketTracker.java
index fc762cb..a4d713d 100644
--- a/src/com/android/networkstack/netlink/TcpSocketTracker.java
+++ b/src/com/android/networkstack/netlink/TcpSocketTracker.java
@@ -20,6 +20,7 @@ import static android.net.netlink.NetlinkConstants.INET_DIAG_MEMINFO;
 import static android.net.netlink.NetlinkConstants.NLA_ALIGNTO;
 import static android.net.netlink.NetlinkConstants.NLMSG_DONE;
 import static android.net.netlink.NetlinkConstants.SOCKDIAG_MSG_HEADER_SIZE;
+import static android.net.netlink.NetlinkConstants.SOCK_DIAG_BY_FAMILY;
 import static android.net.netlink.StructNlMsgHdr.NLM_F_DUMP;
 import static android.net.netlink.StructNlMsgHdr.NLM_F_REQUEST;
 import static android.net.util.DataStallUtils.CONFIG_MIN_PACKETS_THRESHOLD;
@@ -180,8 +181,15 @@ public class TcpSocketTracker {
                     }
                     final int nlmsgLen = nlmsghdr.nlmsg_len;
                     log("pollSocketsInfo: nlmsghdr=" + nlmsghdr);
+                    // End of the message. Stop parsing.
                     if (nlmsghdr.nlmsg_type == NLMSG_DONE) break;
 
+                    if (nlmsghdr.nlmsg_type != SOCK_DIAG_BY_FAMILY) {
+                        Log.e(TAG, "Expect to get family " + family
+                                + " SOCK_DIAG_BY_FAMILY message but get " + nlmsghdr.nlmsg_type);
+                        break;
+                    }
+
                     if (isValidInetDiagMsgSize(nlmsgLen)) {
                         // Get the socket cookie value. Composed by two Integers value.
                         // Corresponds to inet_diag_sockid in
-- 
cgit v1.2.3