permission_broker: Fix OOB read. [chromiumos/platform2 : master]
2 views
Skip to first unread message
Commit Bot (Gerrit)
Apr 8, 2020, 9:42:52 AM4/8/20
to Jorge Lucangeli Obes, Manoj Gupta, Hugo Benichi
Commit Bot submitted this change.
Approvals:
Manoj Gupta: Looks good to me, but someone else must approve
Hugo Benichi: Looks good to me, approved
Jorge Lucangeli Obes: Commit; Verified
permission_broker: Fix OOB read.
The code was deleting elements from a container while iterating it.
Fix by making a copy of the container pre-iteration.
BUG=chromium:1052528
TEST=USE=asan cros_workon_make --board=betty permission_broker --test
Change-Id: I7c7d7a32ef5c7e342f665ab1bbeba9657b259556
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2140071
Tested-by: Jorge Lucangeli Obes <jor...@chromium.org>
Reviewed-by: Hugo Benichi <hugob...@google.com>
Reviewed-by: Manoj Gupta <manoj...@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jor...@chromium.org>
---
M permission_broker/mock_firewall.cc
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/permission_broker/mock_firewall.cc b/permission_broker/mock_firewall.cc
index 469c06e..f7dd6d9 100644
--- a/permission_broker/mock_firewall.cc
+++ b/permission_broker/mock_firewall.cc
@@ -21,7 +21,10 @@
}
bool MockFirewall::MatchAndUpdate(const std::vector<std::string>& argv) {
- for (auto& criterion : match_criteria_) {
+ // Make a copy of the container so that we can delete elements while
+ // iterating.
+ auto criteria = match_criteria_;
+ for (auto& criterion : criteria) {
bool match = true;
// Empty criterion is a catch all -- fail on any RunInMinijail.
for (const std::string& keyword : criterion.keywords) {
To view, visit change 2140071. To unsubscribe, or for help writing mail filters, visit settings.
Reply all
Reply to author
Forward
0 new messages