1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <android-base/logging.h>
20 #include <libnl++/bits.h>
21
22 #include <linux/netlink.h>
23
24 #include <optional>
25
26 namespace android::nl {
27
28 /**
29 * Buffer wrapper containing netlink structure (e.g. nlmsghdr, nlattr).
30 *
31 * This is a C++-style, memory safe(r) and generic implementation of linux/netlink.h macros.
32 *
33 * While netlink structures contain information about their total length (with payload), they can
34 * not be trusted - the value may either be larger than the buffer message is allocated in or
35 * smaller than the header itself (so it couldn't even fit itself).
36 *
37 * As a solution, Buffer<> keeps track of two lengths (both attribute for header with payload):
38 * - buffer length - how much memory was allocated to a given structure
39 * - declared length - what nlmsg_len or nla_len says how long the structure is
40 *
41 * In most cases buffer length would be larger than declared length (or equal - modulo alignment -
42 * for continuous data). If that's not the case, there is a potential of ouf-of-bounds read which
43 * this template attempts to protect against.
44 */
45 template <typename T>
46 class Buffer {
47 public:
48 /**
49 * Constructs empty buffer of size 0.
50 */
Buffer()51 Buffer() : mData(nullptr), mBufferEnd(nullptr) {}
52
53 /**
54 * Buffer constructor.
55 *
56 * \param data A pointer to the data the Buffer wraps.
57 * \param bufLen Length of the buffer.
58 */
Buffer(const T * data,size_t bufLen)59 Buffer(const T* data, size_t bufLen) : mData(data), mBufferEnd(pointerAdd(data, bufLen)) {}
60
61 const T* operator->() const {
62 CHECK(firstOk()) << "buffer can't fit the first element's header";
63 return mData;
64 }
65
getFirst()66 std::pair<bool, const T&> getFirst() const {
67 if (!ok()) {
68 static const T empty = {};
69 return {false, empty};
70 }
71 return {true, *mData};
72 }
73
74 /**
75 * Copy the first element of the buffer.
76 *
77 * This is a memory-safe cast operation, useful for reading e.g. uint32_t values
78 * from 1-byte buffer. If the buffer is smaller than the copied type, the rest is
79 * padded with default constructor output (usually zeros).
80 */
copyFirst()81 T copyFirst() const {
82 T val = {};
83 memcpy(&val, mData, std::min(sizeof(val), remainingLength()));
84 return val;
85 }
86
firstOk()87 bool firstOk() const { return sizeof(T) <= remainingLength(); }
88
89 template <typename D>
90 const Buffer<D> data(size_t offset = 0) const {
91 return {impl::data<const T, const D>(mData, offset), dataEnd()};
92 }
93
94 template <typename B>
getOffset(Buffer<B> inner)95 std::optional<uintptr_t> getOffset(Buffer<B> inner) const {
96 const auto selfStart = uintptr_t(mData);
97 const auto selfEnd = uintptr_t(mBufferEnd);
98 const auto innerStart = uintptr_t(inner.mData);
99 const auto innerEnd = uintptr_t(inner.mBufferEnd);
100
101 if (innerStart < selfStart || innerEnd > selfEnd) return std::nullopt;
102
103 return innerStart - selfStart;
104 }
105
106 class iterator {
107 public:
iterator()108 iterator() : mCurrent(nullptr, size_t(0)) {
109 CHECK(isEnd()) << "end() iterator should indicate it's beyond end";
110 }
iterator(const Buffer<T> & buf)111 iterator(const Buffer<T>& buf) : mCurrent(buf) {}
112
113 iterator operator++() {
114 // mBufferEnd stays the same
115 mCurrent.mData = reinterpret_cast<const T*>( //
116 uintptr_t(mCurrent.mData) + impl::align(mCurrent.declaredLength()));
117
118 return *this;
119 }
120
121 bool operator==(const iterator& other) const {
122 // all iterators beyond end are the same
123 if (isEnd() && other.isEnd()) return true;
124
125 return uintptr_t(other.mCurrent.mData) == uintptr_t(mCurrent.mData);
126 }
127
128 const Buffer<T>& operator*() const { return mCurrent; }
129
isEnd()130 bool isEnd() const { return !mCurrent.ok(); }
131
132 protected:
133 Buffer<T> mCurrent;
134 };
begin()135 iterator begin() const { return {*this}; }
end()136 iterator end() const { return {}; }
137
138 class raw_iterator : public iterator {
139 public:
140 iterator operator++() {
141 this->mCurrent.mData++; // ignore alignment
142 return *this;
143 }
144 const T& operator*() const { return *this->mCurrent.mData; }
145 };
146
147 class raw_view {
148 public:
raw_view(const Buffer<T> & buffer)149 raw_view(const Buffer<T>& buffer) : mBuffer(buffer) {}
begin()150 raw_iterator begin() const { return {mBuffer}; }
end()151 raw_iterator end() const { return {}; }
152
ptr()153 const T* ptr() const { return mBuffer.mData; }
len()154 size_t len() const { return mBuffer.remainingLength(); }
155
156 private:
157 const Buffer<T> mBuffer;
158 };
159
getRaw()160 raw_view getRaw() const { return {*this}; }
161
162 private:
163 const T* mData;
164 const void* mBufferEnd;
165
Buffer(const T * data,const void * bufferEnd)166 Buffer(const T* data, const void* bufferEnd) : mData(data), mBufferEnd(bufferEnd) {}
167
ok()168 bool ok() const { return declaredLength() <= remainingLength(); }
169
170 // to be specialized individually for each T with payload after a header
declaredLengthImpl()171 inline size_t declaredLengthImpl() const { return sizeof(T); }
172
declaredLength()173 size_t declaredLength() const {
174 // We can't even fit a header, so let's return some absurd high value to trip off
175 // buffer overflow checks.
176 static constexpr size_t badHeaderLength = std::numeric_limits<size_t>::max() / 2;
177
178 if (sizeof(T) > remainingLength()) return badHeaderLength;
179 const auto len = declaredLengthImpl();
180 if (sizeof(T) > len) return badHeaderLength;
181 return len;
182 }
183
remainingLength()184 size_t remainingLength() const {
185 auto len = intptr_t(mBufferEnd) - intptr_t(mData);
186 return (len >= 0) ? len : 0;
187 }
188
dataEnd()189 const void* dataEnd() const {
190 auto declaredEnd = pointerAdd(mData, declaredLength());
191 return std::min(declaredEnd, mBufferEnd);
192 }
193
pointerAdd(const void * ptr,size_t len)194 static const void* pointerAdd(const void* ptr, size_t len) {
195 return reinterpret_cast<const void*>(uintptr_t(ptr) + len);
196 }
197
198 template <typename D>
199 friend class Buffer; // calling private constructor of data buffers
200 };
201
202 template <>
declaredLengthImpl()203 inline size_t Buffer<nlmsghdr>::declaredLengthImpl() const {
204 return mData->nlmsg_len;
205 }
206
207 template <>
declaredLengthImpl()208 inline size_t Buffer<nlattr>::declaredLengthImpl() const {
209 return mData->nla_len;
210 }
211
212 } // namespace android::nl
213