Bug 793831: Add socket validity checks to RIL IPC; r=cjones

2024-09-13 09:24:08 -07:00 · 2012-09-30 22:03:43 -07:00 · 2012-09-30 22:03:43 -07:00 · cbff5b007b
commit cbff5b007b
parent 7bb7586264
1 changed files with 24 additions and 11 deletions
--- a/ipc/ril/Ril.cpp
+++ b/ipc/ril/Ril.cpp
@ -93,7 +93,11 @@ class RilReconnectTask : public CancelableTask {
 public:
    static void Enqueue(int aDelayMs = 0) {
        MessageLoopForIO* ioLoop = MessageLoopForIO::current();
-        MOZ_ASSERT(ioLoop && sClient->mIOLoop == ioLoop);
+        if (!ioLoop) {
+            NS_WARNING("No IOLoop to attach to, cancelling self!");
+            CancelIt();
+            return;
+        }
        if (sTask) {
            return;
        }
@ -140,6 +144,10 @@ class RilWriteTask : public Task {
 };

 void RilWriteTask::Run() {
+    if(sClient->mSocket.get() < 0) {
+        NS_WARNING("Trying to write to non-open socket!");
+        return;
+    }
    sClient->OnFileCanWriteWithoutBlocking(sClient->mSocket.rwget());
 }

@ -161,6 +169,8 @@ ConnectToRil(Monitor* aMonitor, bool* aSuccess)
 bool
 RilClient::OpenSocket()
 {
+
+    ScopedClose skt;
 #if defined(MOZ_WIDGET_GONK)
    // Using a network socket to test basic functionality
    // before we see how this works on the phone.
@ -171,7 +181,7 @@ RilClient::OpenSocket()
    memset(&addr, 0, sizeof(addr));
    strcpy(addr.sun_path, RIL_SOCKET_NAME);
    addr.sun_family = AF_LOCAL;
-    mSocket.reset(socket(AF_LOCAL, SOCK_STREAM, 0));
+    skt.reset(socket(AF_LOCAL, SOCK_STREAM, 0));
    alen = strlen(RIL_SOCKET_NAME) + offsetof(struct sockaddr_un, sun_path) + 1;
 #else
    struct hostent *hp;
@ -185,45 +195,46 @@ RilClient::OpenSocket()
    addr.sin_family = hp->h_addrtype;
    addr.sin_port = htons(RIL_TEST_PORT);
    memcpy(&addr.sin_addr, hp->h_addr, hp->h_length);
-    mSocket.reset(socket(hp->h_addrtype, SOCK_STREAM, 0));
+    skt.reset(socket(hp->h_addrtype, SOCK_STREAM, 0));
    alen = sizeof(addr);
 #endif

-    if (mSocket.get() < 0) {
+    if (skt.get() < 0) {
        LOG("Cannot create socket for RIL!\n");
        return false;
    }

-    if (connect(mSocket.get(), (struct sockaddr *) &addr, alen) < 0) {
+    if (connect(skt.get(), (struct sockaddr *) &addr, alen) < 0) {
 #if defined(MOZ_WIDGET_GONK)
        LOG("Cannot open socket for RIL!\n");
 #endif
-        mSocket.dispose();
+        skt.dispose();
        return false;
    }

    // Set close-on-exec bit.
-    int flags = fcntl(mSocket.get(), F_GETFD);
+    int flags = fcntl(skt.get(), F_GETFD);
    if (-1 == flags) {
        return false;
    }

    flags |= FD_CLOEXEC;
-    if (-1 == fcntl(mSocket.get(), F_SETFD, flags)) {
+    if (-1 == fcntl(skt.get(), F_SETFD, flags)) {
        return false;
    }

    // Select non-blocking IO.
-    if (-1 == fcntl(mSocket.get(), F_SETFL, O_NONBLOCK)) {
+    if (-1 == fcntl(skt.get(), F_SETFL, O_NONBLOCK)) {
        return false;
    }
-    if (!mIOLoop->WatchFileDescriptor(mSocket.get(),
+    if (!mIOLoop->WatchFileDescriptor(skt.get(),
                                      true,
                                      MessageLoopForIO::WATCH_READ,
                                      &mReadWatcher,
                                      this)) {
        return false;
    }
+    mSocket = skt.forget();
    LOG("Socket open for RIL\n");
    return true;
 }
@ -261,7 +272,9 @@ RilClient::OnFileCanReadWithoutBlocking(int fd)
                mIncoming.forget();
                mReadWatcher.StopWatchingFileDescriptor();
                mWriteWatcher.StopWatchingFileDescriptor();
-                close(mSocket.get());
+                // ScopedClose will close our old socket on a reset.
+                // Setting to -1 means writes will fail with message.
+                mSocket.reset(-1);
                RilReconnectTask::Enqueue();
                return;
            }