commit ce86b1e77cbc96e134baeb6305519a461314d10c
author Dan Albert <danalbert@google.com> Tue Mar 17 23:59:59 2015 +0000
committer Android Git Automerger <android-git-automerger@android.com> Tue Mar 17 23:59:59 2015 +0000
tree 1b1202eaf6914363eac6215d81e7c6f03dcaf975
parent 9d772d9d816b04e30072cf54568ba68614a8bb0f
parent 9e2a0d5a41f9988057a4f97ee8d880b504dfd17b

am 2df0aac6: Merge "Fix file descriptor leakage in adbd"

* commit '2df0aac657e1287930ce1cf699328a0fe7deacb1':
  Fix file descriptor leakage in adbd

adb/adb_auth.h

diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index 1487287..e0425ad 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@@ -23,7 +23,6 @@
 
 extern int auth_enabled;
 
-void adb_auth_init(void);
 int adb_auth_keygen(const char* filename);
 void adb_auth_verified(atransport *t);
 
@@ -40,6 +39,7 @@
 
 #if ADB_HOST
 
+void adb_auth_init(void);
 int adb_auth_sign(void *key, const unsigned char* token, size_t token_size,
                   unsigned char* sig);
 void *adb_auth_nextkey(void *current);
@@ -58,6 +58,8 @@
 static inline void *adb_auth_nextkey(void *current) { return NULL; }
 static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 0; }
 
+void adbd_auth_init(void);
+void adbd_cloexec_auth_socket();
 int adb_auth_generate_token(void *token, size_t token_size);
 int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen);
 void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);

adb/adb_auth_client.cpp

diff --git a/adb/adb_auth_client.cpp b/adb/adb_auth_client.cpp
index deb0a5d..5dadcd9 100644
--- a/adb/adb_auth_client.cpp
+++ b/adb/adb_auth_client.cpp
@@ -249,19 +249,23 @@
     }
 }
 
-void adb_auth_init(void)
-{
-    int fd, ret;
-
-    fd = android_get_control_socket("adbd");
-    if (fd < 0) {
+void adbd_cloexec_auth_socket() {
+    int fd = android_get_control_socket("adbd");
+    if (fd == -1) {
         D("Failed to get adbd socket\n");
         return;
     }
     fcntl(fd, F_SETFD, FD_CLOEXEC);
+}
 
-    ret = listen(fd, 4);
-    if (ret < 0) {
+void adbd_auth_init(void) {
+    int fd = android_get_control_socket("adbd");
+    if (fd == -1) {
+        D("Failed to get adbd socket\n");
+        return;
+    }
+
+    if (listen(fd, 4) == -1) {
         D("Failed to listen on '%d'\n", fd);
         return;
     }

adb/adb_main.cpp

diff --git a/adb/adb_main.cpp b/adb/adb_main.cpp
index b0816ce..1d9cc3b 100644
--- a/adb/adb_main.cpp
+++ b/adb/adb_main.cpp
@@ -273,10 +273,14 @@
         exit(1);
     }
 #else
+    // We need to call this even if auth isn't enabled because the file
+    // descriptor will always be open.
+    adbd_cloexec_auth_socket();
+
     property_get("ro.adb.secure", value, "0");
     auth_enabled = !strcmp(value, "1");
     if (auth_enabled)
-        adb_auth_init();
+        adbd_auth_init();
 
     // Our external storage path may be different than apps, since
     // we aren't able to bind mount after dropping root.