From d1b06eccbf436a180b208e99646e3be84f8dbba9 Mon Sep 17 00:00:00 2001 From: lsq Date: Fri, 18 Mar 2022 17:09:47 +0800 Subject: [PATCH] Signed-off-by: lsq Change-Id: Ib8d27ff23f9098c5734ef32fa23478077cb65edf Signed-off-by: lsq Change-Id: I4fe7ea490e8088161526b49e0eb7015f37d49403 Signed-off-by: lsq --- .../accesstoken/include/access_token.h | 2 ++ .../src/accesstoken_manager_proxy.cpp | 12 ++++++++ .../src/service/accesstoken_manager_stub.cpp | 30 ++++++++++++++++--- 3 files changed, 40 insertions(+), 4 deletions(-) diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 44130adea..b2d324329 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -24,6 +24,8 @@ typedef unsigned int AccessTokenAttr; static const int DEFAULT_TOKEN_VERSION = 1; static const int DEFAULT_PERMISSION_FLAGS = 0; static const int FIRSTCALLER_TOKENID_DEFAULT = 0; +static const int MAX_PERMISSION_SIZE = 1000; +static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; enum AccessTokenKitRet { RET_FAILED = -1, diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index c6e1a5a00..4f371c6f6 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -158,6 +158,10 @@ int AccessTokenManagerProxy::GetDefPermissions(AccessTokenID tokenID, } int32_t size = reply.ReadInt32(); + if (size > MAX_PERMISSION_SIZE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", size); + return RET_FAILED; + } for (int i = 0; i < size; i++) { sptr permissionDef = reply.ReadParcelable(); if (permissionDef != nullptr) { @@ -198,6 +202,10 @@ int AccessTokenManagerProxy::GetReqPermissions( } int32_t size = reply.ReadInt32(); + if (size > MAX_PERMISSION_SIZE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", size); + return RET_FAILED; + } for (int i = 0; i < size; i++) { sptr permissionReq = reply.ReadParcelable(); if (permissionReq != nullptr) { @@ -697,6 +705,10 @@ int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector MAX_NATIVE_TOKEN_INFO_SIZE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", size); + return RET_FAILED; + } for (int i = 0; i < size; i++) { sptr nativeResult = reply.ReadParcelable(); if (nativeResult != nullptr) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index c92ab7648..0d5c8916a 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -184,7 +184,11 @@ void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParc sptr hapInfoParcel = data.ReadParcelable(); sptr hapPolicyParcel = data.ReadParcelable(); - + if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "read hapPolicyParcel or hapInfoParcel fail"); + reply.WriteInt32(RET_FAILED); + return; + } res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); reply.WriteUint64(res.tokenIDEx); } @@ -245,14 +249,18 @@ void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, Message void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply) { if (!IsAuthorizedCalling()) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; } AccessTokenID tokenID = data.ReadUint32(); std::string appIDDesc = data.ReadString(); sptr policyParcel = data.ReadParcelable(); - + if (policyParcel == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "policyParcel read faild"); + reply.WriteInt32(RET_FAILED); + return; + } int32_t result = this->UpdateHapToken(tokenID, appIDDesc, *policyParcel); reply.WriteInt32(result); } @@ -327,6 +335,11 @@ void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, Mes } std::string deviceID = data.ReadString(); sptr hapTokenParcel = data.ReadParcelable(); + if (hapTokenParcel == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "hapTokenParcel read faild"); + reply.WriteInt32(RET_FAILED); + return; + } int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel); reply.WriteInt32(result); } @@ -342,9 +355,18 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, std::vector nativeTokenInfoParcel; uint32_t size = data.ReadUint32(); - + if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "size %{public}u is invalid", size); + reply.WriteInt32(RET_FAILED); + return; + } for (uint32_t i = 0; i < size; i++) { sptr nativeParcel = data.ReadParcelable(); + if (nativeParcel == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "nativeParcel read faild"); + reply.WriteInt32(RET_FAILED); + return; + } nativeTokenInfoParcel.emplace_back(*nativeParcel); } -- Gitee