One day we should slim this down. (Maybe implement the "help" versus
"help all" distinction that doesn't currently exist but was documented
before this change.)
Bug: https://code.google.com/p/android/issues/detail?id=158394
Change-Id: Ie24b588ffea00d262ce7ab0e5c328120ba8af240
I think this fixes a scary bug that could be on all host platforms.
When running 'adb unroot' with an emulator, the connection to the
emulator is dropped (as expected). I noticed that the adb.log showed:
_fh_from_int: 1168: 5280 | _fh_from_int: invalid fd 106 passed to adb_close
Background: Every transport has a socketpair (two bidirectional sockets
connected to each other to form one 'pipe') that are used as follows:
* When adb wants to write to a transport, it writes to
t->transport_socket (half of the socketpair). An input thread reads from
t->fd (the other half of the socketpair) and writes the data to the
underlying transport (TCP, USB).
* An output thread reads from the underlying transport (TCP, USB) and
writes the data to t->fd. The main thread runs fdevent_loop() which
reads from t->transport_socket and processes the packets (that really
came from the underlying transport).
So t->fd and t->transport_socket are just an intermediate pipe between
transport agnostic code in adb and the underlying transport (TCP, USB).
Here's what I think is going on:
1. When the TCP transport is closed (such as when running adb unroot),
adb server's output thread notices this (adb_read() returns zero), and
it writes a special packet to t->fd.
2. The main thread processes the special packet by writing the special
packet to the input thread.
3. input_thread() sees the special packet, so it breaks out of a read
loop and calls transport_unref() which calls transport_unref_locked().
4. transport_unref_locked() calls t->close() which is a function pointer
that points to transport_local.cpp: remote_close() which calls
adb_close(t->fd). <----- ****THIS IS THE BUG****
I think this is a (very old) typo and it should instead be
adb_close(t->sfd) (the transport’s actual TCP socket) because it does
not make sense for the particular transport mechanism (TCP, USB) to be
messing with a socket of the socketpair of the transport agnostic code
(t->fd).
5. transport_unref_locked() calls remove_transport() which writes an
action to another special socketpair.
6. The action is read and eventually transport_registration_func() is
called and it calls adb_close(t->fd). But t->fd was already
(erroneously) closed in #4 above!! Anyway, this causes the adb.log
output.
The fix is to fix the typo changing t->fd to t->sfd and adding some
resiliency around whether the socket has already been closed (probably
by remote_kick()).
I tested this by putting a new adbd on an emulator, a new adb on Linux
and Windows and running the adb unroot scenario and checking adb.log. I
also ran test_adb.py (which doesn't totally work without problems with
an emulator, but I'll leave that to another day.)
Change-Id: I188b6c74917a3d721c150fd17ed0f2b63a2178c3
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
adb exec-in and exec-out are designed to read/write binary data
according to the commit description at:
https://android.googlesource.com/platform/system/core/+/5d9d434%5E!/
On Windows, when adb_read and adb_write are used, they are always in
binary mode (because sysdeps_win32.cpp calls Windows APIs direct). But
unix_read, unix_write, fread, fwrite, read, write use the text
translation mode of the C Runtime file descriptor, which is by default
textmode.
adb exec-in and exec-out use copy_to_file() which uses unix_read() and
fwrite() when reading/writing stdin and stdout, thus, copy_to_file()
should switch to binary mode for those cases (it already uses binary
mode for file descriptors other than stdin and stdout).
copy_to_file() is also called by adb backup, adb restore, and adb
install-multiple, but those do not use stdin or stdout, so those
codepaths should not be affected by this change.
Change-Id: I3446d9b363d20a2c2f6be2b96e55b653d99df2f9
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
The descriptors to enable USB 3.0 SuperSpeed support had previously
been added in commit d6ee9f26a5
but were removed when the v1/v2 descriptor handling was refactored
in commits ab3446dd34 and again in
c49f51c451. Now that the dust has
settled, add back the SS descriptors to re-enable USB 3.0.
Change-Id: I8de7c7e50d9216a7492ce7863e3aaf92ff805eff
Also use assertEqual for better errors. (I accidentally tested against
a non-AOSP build that doesn't have the \r fix.)
Change-Id: Ib032c01efa4e1efb14467ca776a14160fff4ad39
In the adb client, redirect stdin and stderr of the adb server to `nul',
so that when the adb server starts up, it avoids issues in the C Runtime
where it closes stderr, making it hard to properly reopen. There are
probably other ways to avoid this issue, but I think this is the
cleanest that will keep working over the years and will exercise the
most commonly used code-paths in the C Runtime.
Fix some adb_close() calls to be unix_close() (only really matters on
Windows).
Make stderr non-buffered on Windows, to match the (sensible) Linux
behavior.
Change-Id: I1b15c64240e50dbeb56788b0d0d901f4536ad788
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
We really need better infrastructure for parsing adb subcommands, but
in the meantime...
At least this cleans up a little more of the implementation too.
Bug: http://b/20736014
Change-Id: I76209847da3724906c71924017bcb69fa31e0b49
* Use posixpath instead of os.path, because os.path uses '\' instead of
'/' when running on Windows.
* tempfile.NamedTemporaryFile() does not work right on Windows because
it holds the file open, preventing other processes from accessing the
same file (https://bugs.python.org/issue14243). To work-around this, use
the mechanical transformation described at
http://stackoverflow.com/questions/15169101/how-to-create-a-temporary-file-that-can-be-read-by-a-subprocess
* Use pipes.quote() to quote path arguments, to prevent C:\foo\bar from
turning into C:foobar.
* Open files in binary mode with "b".
* Fix line-ending test to allow for \r\n on Windows, but to still test
for adbd incorrectly sending \r\n (which is then translated to \r\r\n).
Change-Id: Ib6ba94b919b747a878ba3ab54a4dea0801f76947
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Document the differences between adb_*() and unix_*() in the function
prototypes in sysdeps.h. See the file for the details (CR/LF
translation, well-known file descriptors, etc.).
Fix adb_read(), adb_write(), and adb_close() calls that should really be
unix_read(), unix_write(), and unix_close(). Note that this should have
no impact on unix because on unix, unix_read/unix_write/unix_close are
macros that map to adb_read/adb_write/adb_close.
Improve sysdeps_win32.cpp file descriptor diagnostic logging to output
the name of the function that was passed a bad file descriptor.
Change-Id: I0a1d9c28772656c80bcc303ef8b61fccf4cd637c
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Any output from the LOG family will now go to stderr and logcat on the
device. stderr is usually redirected to a log file, but that is now
inhibited for adbd if being run from a tty (useful when debugging with
the serial console).
This also fixes sending logs to the file on device for the trace mask
of "all". The "all" tag was specifically handled to return early from
the function, preventing the file initialization from happening.
Change-Id: Id253577bfd1500fbce92dbfba0f9be23dbfd5ee4
Using non-POD types in atransport means we'll need to start treating
it as a real class (specifically with regards to new/delete rather
than malloc/free).
I've also cleaned up the home grown linked lists for transport_list
and pending_list to just be std::lists. We might want to refactor that
again to be an std::unordered_map keyed on serial, since that seems to
be a common way to search it.
Change-Id: I7f5e23cdc47944a9278099723ca029585fe52105
Old code was a mess for splitting a string and then searching a list
when they really wanted a map.
To more closely match ANDROID_LOG_TAG, only use a space separated list
rather than space/colon/semi-colon/comma.
Change-Id: I915ff4968e42d5f8dec1b43b6eacc0c8d7b44d7b
Instead of defining and undefining NOGDI:
1. Always #include "base/logging.h" after #include <windows.h>.
Unfortunately, I could not find an easy way to give the user a
warning/error if they include in the wrong order.
2. base/logging.h does #undef ERROR to undefine the evil ERROR macro
that is from another era and probably a bad idea to begin with.
Change-Id: I995d89620611e849af9d7ec47eb55fc0512377f2
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Unfortunately this lint check also fires when public/private are not
indented by a single space. The indentation format in adb does not
match google style, so that's not going to happen.
Change-Id: I35e5654a2359222bb274ac5fb2961aee6a3a280f
The main goal here is fixing the line ending translation from \n to
\r\n, but we probably don't want any translation to happen.
Bug: http://b/19735063
Change-Id: I1d6d6c6b57cc741b046c2432cd864b344ce1f28a
At runtime, vsnprintf (and android::base::StringPrintf which calls it)
call a mingw version of vsnprintf, not the vsnprintf from MSVCRT.DLL.
The mingw version properly understands %zd and PRIu64 (the latter,
provided that you #include <inttypes.h>).
The problem was that android::base::StringPrintf was causing
compile-time errors saying that %zd and PRIu64 were not recognized. It
seems that this was because the attribute on the function prototypes
specified `printf' instead of `gnu_printf'. Once that was fixed to match
vsnprintf's attribute, the warnings went away.
This uses similar preprocessor techniques as <android/log.h>.
Also restore a %zd usage to avoid a static_cast<>, and make
print_transfer_progress()'s format string compile-time checkable (and
tweak some types and %llu => PRIu64).
Change-Id: I80b31b9994858a28cb7c6847143b86108b8ab842
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
When multiple client try to connect to other hosts, it failed because
memory corruption. Allocate memory for each thread like other command did.
Change-Id: I79959ce3dbfd11c7553736cd3f5a899815873584
Signed-off-by: Alan Jeon <skyisle@gmail.com>
The daemon failed to startup because main.cpp was changed from calling
WriteFile() to android::base::WriteStringToFd(), the later which calls
write() in the C Runtime which by default has stdout in textmode which
does \n to \r\n translation.
The quick fix is to change stdout's mode from text to binary since right
after it is reopened to redirect to the daemon log file anyway.
Change-Id: I322fc9eae5d6abbf63f3d5917b0beb2171b5a15c
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Many devices don't have an /oem partition, so find_mount should be
expected to fail, but shouldn't cause the overall remount to fail.
Also clean up all the error handling and reporting, and remove the
dead int* globals.
Bug: http://b/21024141
Change-Id: Ie31021b03c9cab8e972269d7d1ffe383cd30ee9e
The name "client" is somewhat misleading as it also contains the host
side adb server, but it's a part of the client binary.
Change-Id: I128b7bab213e330eb21b5010cd1fec5f7a62c8af
On a device without an oem partition, we now have an /oem directory
anyway. This causes find_mount to fail, and that was returning nullptr
from a std::string-returning function. Boom!
Also clean up the bits of code I had to trace through between "adb remount"
on the host to the crash on the device as I debugged this.
The only other meaningful change is the error checking in
adb_connect_command --- adb_connect can also return -2.
Bug: http://b/20916855
Change-Id: I4c3b7858e13f3a3a8bbc7d30b3c0ee470bead587
The issue is that adb uses fopen() with "e" (presumably to open the file
with O_CLOEXEC), but that flag causes MSVCRT.DLL to return an error. So
when adb_auth_host.cpp goes to read or write the adbkey files, it fails.
The quick fix is to not use the "e" option on adb host code since it
isn't necessary there, compared to adbd.
An alternative fix would be to have a fopen() wrapper on Windows that
filters out the "e" option.
Change-Id: I7d8ba2847dab0ed558ffe156e79093251eb253c9
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
The adb emu command was never working because the socket connection to
the emulator was closed without reading all of the data that the
emulator sent. On Windows, this caused the emulator's recv() call to
error-out, so it never got the command that was sent.
Before settling on this fix, I also experimented changing the arguments
to the socket shutdown() call and that didn't seem to help. I also tried
removing the call to shutdown() and that didn't help. So that should
rule out shutdown() as the problem. One experiment that helped was
delaying before calling adb_close(), but that is of course fragile and
doesn't address the real issue, which is not closing the socket until
the commands have been read.
https://code.google.com/p/android/issues/detail?id=21021
Change-Id: I8fa4d740a2faa2c9922ec50792e16564a94f6eed
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
The USB spec explicitly says this is optional, so we shouldn't be
relying on it.
Bug: http://b/20883914
Change-Id: Icf38405b00275199bcf51a70c47d428ae7264f2b
The tests will need some massaging before they're ready to go for
Windows, so just disable them to unblock people trying to mm in adb.
Change-Id: I67f2cd3af1a2444dea9cbb61c0553989442ba44b
It isn't documented, it doesn't work, and it was only hacked into
"adb shell" anyway. (It's not a bad idea, though, but if we do it
we should do it properly.)
Change-Id: I930a5c6dd1d2850bfdf131f2e989ae04100f7db9
The first rule of ssh(1) escaping is that there is no escaping.
This doesn't undo any of my recent security fixes because they're all
calling escape_arg themselves.
This fixes "adb shell rm /data/dalvik-cache/arm/*".
Also remove do_cmd which caused concern during code review.
Bug: http://b/20564385
Change-Id: I4588fd949d51e2a50cff47ea171ed2d75f402d0d
This patch factors out a lot of the basic protocol code: sending OKAY,
sending FAIL, and sending a length-prefixed string.
ADB_TRACE has been non-optional for a long time, so let's just remove
the #ifs.
Also actually build the device tracker test tool (and remove its duplicate).
Bug: http://b/20666660
Change-Id: I6c7d59f18707bdc62ca69dea45547617f9f31fc6
Also remove an sprintf. Also fix various bits of code that were
reporting stale adb_error values when they meant strerror.
Bug: http://b/20666660
Change-Id: Ibeb48b7bc21bb0ec30ba47889d1d671ee480e1b7
Two bugs: we couldn't report the serial number correctly if it was long
enough, and it wasn't possible to connect to a device whose serial number
was long enough to overflow a different fixed-length buffer.
Bug: http://b/20317730
Change-Id: Ic9cf3c847066449ac78069bd1718184935098ac7
This doesn't fix the bug, but it does flatten the bug to the well-known
and long-standing "adb shell" doesn't return exit statuses, so when we
fix that, this one will fix itself.
Bug: http://b/20423886
Change-Id: I48351e46f05dd3f2f6e57f0df1d851333458d0ef
Until I fixed this, we would fail this example:
$ adb shell sh -c 'echo hello; echo world'
hello
/system/bin/sh: echo world: not found
Bug: http://b/19734868
Change-Id: I11a437cd0c0362303028f23fbaa103611b75707e
It looks like we can't use clang on Windows yet because libc++ isn't ready.
So move back to GCC for the Windows host clang. Work around the mingw
printf format string problems that made us want to switch to clang in the
first place, and #include "sysdeps.h" in adb_utils.cpp to work around the
absence of lstat(2) on Windows.
Change-Id: Icd0797a8c0c2d1d326bdd704ba6bcafcbaeb742f
The specific motivating case is "text;ls;1.apk", but rather than continue
adding individual characters to the list of characters to be escaped, let's
just switch to quote all arguments with ', which only leaves ' itself to be
escaped.
Bug: 20323053
Bug: 19734868
Change-Id: I8bd71db9373bc2d1169fc11e46c889da6638550a
This doesn't fix the injection vulnerability, but it makes "adb backup"
no worse than the other commands, and lets me fix them all at once.
Bug: 20323053
Change-Id: I39843c065d9d738b6b7943b2ffd660e4a031cc36
Incorrectly set $ADB_VENDOR_KEYS is the most likely cause of failed
adb connections. Make it easier to debug such problems by including
the value in use in the error message.
Bug: 20165551
Change-Id: I64c1d98ae6d3fb40eea9e1f0ddcfcf4f2d9d7318
libc++.so is not widely available on the host, so we compile against
one built as part of the platform. This causes problems for adb and
fastboot, which are distributed through a number of channels - the
sdk, distro packages, downloaded from the build server, or manually
copied. Instead of forcing all users to handle libc++.so too,
statically link against libc++.
Change-Id: I51b75258653a23558c8b598802005f6c1166a439
adb shell uses termios to disable canonical input processing in order to
get raw control codes but it does not disable CR/LF translation. The default
for Linux terminals is to convert CR to LF unless the running program
specifically asks for this to be disabled. Since adb does not, there is no
way to send a CR to any program run on adb shell. Many programs do in fact
differentiate and so are broken by this behaviour, notably nano. This patch
sets the termios flags to disable all line ending translation.
Change-Id: I8b950220f7cc52fefaed2ee37d97e0789b40a078
Signed-off-by: Alistair Buxton <a.j.buxton@gmail.com>
Change 055f1aa4ff switched to using isalnum(3)
but didn't take into account that isalnum has the opposite sense to the
function it replaced, so the tests should have been inverted.
Bug: http://b/20056546
Change-Id: I90630c0bea69ddbb4a95dc09f79f49d23fd497de
Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.
Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
Currently it requires manual key press to enter the sideload mode. This
CL adds 'adb reboot sideload' to reboot the device into sideload mode
directly with text display on. With 'adb reboot sideload-auto-reboot',
it will reboot after the sideload regardless of the installation result,
unless interrupted by user.
Since it needs to write to /cache/recovery/command file, 'adb root' is
required before calling 'adb reboot sideload' and the one with
'-auto-reboot'.
Also it requires the matching CL in bootable/recovery.
Change-Id: Ib7bd4e216a1efc01e64460659c97c6005bbaec1b
adb root doesn't work on the emulator, so this prevents root access
to a userdebug emulator.
Since the emulator has always been root even on userdebug builds, it
may be that adb root has never worked on the emulator.
Bug: 19974213
This reverts commit abd6773b41.
The 'adb shell' command on Windows has had problems:
* Ctrl-C killed the local Windows adb.exe process instead of sending the
Ctrl-C to the Android device.
* Local echo was enabled, causing everything typed to be displayed twice.
* Line input was enabled, so the Android device only received input
after hitting enter. This meant that tab completion did not work because
the tab wasn't seen by the shell until pressing enter.
* The usual input line editing keys did not work (Ctrl-A to go to the
beginning of the line, etc.).
This commit fixes these issues by reconfiguring the Win32 console and
then translating input into what Gnome Terminal would send, in effect
somewhat emulating a Unix terminal.
This does not fix all Win32 console issues, but is designed to be better
than what we had before, and to make the common day-to-day usage much
more comfortable and usable.
Change-Id: Idb10e0b634e27002804fa99c09a64e7176cf7c09
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Addresses nnk's post commit review comments on
https://android-review.googlesource.com/#/c/139381/
Remove unneeded code for creating /data/adb.
Add an O_CLOEXEC.
Move the closing of stdin out to main().
Append the pid of the current process to the log file to avoid
clobbering the log if the process crashes and restarts within the same
second.
Change-Id: Ide0be86b4b33256486634c29ba02efaf10cf913d
Previously the adbd trace mask had to be set as raw hex rather than
with the colon separated list. We all have better things to do than
memorize bitmasks, so make adbd use the same trace mask setting code
as adb.
Change-Id: I0bf0ab61c070d06d1cc2acf1ed90b2b77ccd261b
* sysdeps.h should always be included first.
* TRACE_TAG needs to be defined before anything is included.
* Some files were missing copyright headers.
* Save precious bytes on my SSD by removing useless whitespace.
Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).
Split the fd cleanup into a separate function that is called
unconditionally.
Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
This reverts commit 6084a0124f.
The original build breakage is fixed by (a) building the verity
code for eng builds as well as userdebug builds and (b) moving
the exported remount service functions into a new header file.
Change-Id: Ice0c4f97d4db38ab7eb333c7a6e56bbd11123f5b
This is broken on userdebug builds, and it isn't completely clear why. The declaration for make_block-device_writable in adb.h wasn't updated to match the definition (which uses a std::string instead of a char*). adb.h is currently extern "C", and it isn't clear why this is only broken for userdebug, so I'd like to revert while we investigate.
This reverts commit 81416fdb18.
Change-Id: I47f321574f9f21052e2c7332e8b0f6ef9ab98277
This won't actually ever be uninitialized because the code will take a
failure path if the code that initializes it fails. The goto seems to
thwart this check though.
Not sure why this is only firing on userdebug builds yet. I'll look in
to it tomorrow.
Change-Id: Ie9d837d6baea255d2a4d169355b53dfd775eacce
I keep trying to clean things up and needing std::strings. Might as
well just do this now.
usb_linux_client.c is going to stay as C because GCC isn't smart
enough to deal with the designated initializers it uses (though for
some reason it is in C mode).
The Darwin files are staying as C because I don't have a way to test
that they build.
The Windows files are staying as C because while I can actually build
for them, it's slow and painful.
Change-Id: I75367d29205a9049d34460032b3bb36384f43941
* Check the current adb user to choose the order of root/unroot.
* Re-root the device when finished.
Change-Id: I47a14b89e2c405bd63722e4d2043fcc629fb5e58
if many jdwp connection are created(), the memory will be leaked.
When it deletes heap memory on jdwp_process_free(),
the proc->fde just set to null.
so it need to free() in fdevent_destory().
If "adb remount" is done without having done "adb root" first,
scary looking SELinux denials are emitted before the operation
eventually fails. Avoid the scary looking messages by refusing
remount attempts if we're not running with privileges.
Change-Id: I298621251a10e38345ef77875003a97c8b5a0270
Renamed readx/writex to ReadFdExactly/WriteFdExactly respectively.
These read/write a full fixed-size buffer. If the whole buffer cannot
be read/written, these functions return an error.
Rename write_string to WriteStringFully.
Move the TEMP_FAILURE_RETRY definition in sysdeps.h out of the
!Windows section. It seems Windows won't actually interrupt a call,
but it's easier to just define it than to #ifdef each call.
Change-Id: Ia8ddffa2a52764a2f9a281c96c937660e002b9b9
I'll probably make this the default soon, but I'm not brave enough to
do that without checking the recovery image first.
Change-Id: I9cde687b08a588e3797645a308f381e4ec553447
In practice testing all connected devices is a pain, since it's
probably each device is running a different build. It would probably
make sense to just move this functionality up into a higher level test
runner (which could just live in main).
Also rename test_devices to test_shell, since it doesn't really test
`adb devices`.
Change-Id: Ie96d3e83b30acfac4e3bcbd9821690c0ad4d2f7e
Prior to https://android-review.googlesource.com/#/c/134253/ the
makefile had assumed !Windows was the same as Linux, so the Mac was
actually getting all the Linux sources as well. I mistakenly didn't
add fdevent.cpp to the Darwin sources in that change.
Change-Id: I4e12a394e9a2baf7c1e3c711a01a6b5fccbf79d9
None of this needs to be shared with minadbd, but these sources are
still needed for anything linking libadb (such as tests).
Change-Id: I3024f714da42364bf27a991986f00676e2bbbf2c
Also kill the device side libadb. This was added for the now dead
device side adb, and is no longer used.
Bug: 17626262
Change-Id: I3b28915641fd5b4f16fc86cf1f4f4e9711093001
Also note that we need both a libadb and a libadbd (for now) to
differentiate between code using ADB_HOST=1 and ADB_HOST=0.
Bug: 17626262
Change-Id: I873a8fb442a8a69258fe39af17781714a8fae4f6
lfd returned by adb_open is not the actual file desc.
on win32 builds. calling through fstat with invalid fd
will lead to crash, using stat instead.
Change-Id: I7fdc8b825162eaa42efe8755265842c300b00e39
Signed-off-by: eric.yan <eric.yan@yulong.com>
Signed-off-by: severecold <severecold@gmail.com>
If tracing was not enabled (the ADB_TRACE environment variable was not
set specially), writex() and readx() would still call dump_hex() which
would construct hex tracing strings, which would be immediately
discarded and not printed (because tracing is not enabled).
The fix is to only call dump_hex() if ADB_TRACING evalutes to true, the
same way that dump_packet() is only called if ADB_TRACING evaluates to
true.
Change-Id: I1651680da344389475ebdeea77ba1982960d5764
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Currently, a host running adb will sign a token of any length passed
to it by a device, effectively acting as a signing oracle. If the
ADB_VENDOR_KEYS environment variable is used to specify an additional
key to use, this behavior is not only unexpected, but probably also
unwanted. Further discussion can be found from this thread:
http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html
This change adds a check to ensure token length matches TOKEN_SIZE
before it's signed, which prevents an attacker from signing longer
messages.
Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
On Windows, adb_socket_setbufsize() was taking a file descriptor value
from the compatibility layer in sysdeps_win32.c (namely, an index into
the _win32_fhs array) and passing it to the Winsock setsockopt() call,
which wants a Winsock SOCKET handle. Basically, adb_socket_setbufsize()
was passing `fd` instead of `_fh_from_int(fd)->fh_socket`, resulting in
adb effectively setting a socket buffer size on a random socket in the
process.
The fix is to introduce adb_setsockopt() which just calls setsockopt()
on non-Win32, and which uses the Winsock SOCKET handle on Win32. The
change also moves Win32 disable_tcp_nagle() to a header and adds an
extra sanity check to adb_shutdown().
Change-Id: I4354e818d27538f7ff5b0e70b28bdb6300e1b98b
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Using a const bool rather than an ifdef means the compiler can still
protect us from breaking code paths that aren't included in every
build variant.
Change-Id: Ic45c8fb52cd66c3ce090d760cdb92104e31265f5
Hadn't caught this in the previous submission because I tested the
build with another change on top of it that also fixes this.
Bug: 17626262
Change-Id: Ia40127618a5466e382081760d614ff7fc09d50a3
Much of adb is duplicated in bootable/recovery/minadb and fastboot.
Changes made to adb rarely get ported to the other two, so the trees
have diverged a bit. We'd like to stop this because it is a
maintenance nightmare, but the divergence makes this difficult to do
all at once. For now, we will start small by moving common files into
a static library. Hopefully some day we can get enough of adb in here
that we no longer need minadb.
Bug: 17626262
Change-Id: Ic8d5653bfcc0fec4e1acbece124402355084b864
There was a misinterpretation of how the v2 header works. The flags
in the header indicate what is in the rest of the structure.
Bug: 19127803
Change-Id: I5fa0dae6da51522c9afc4c94838eb6f462208683
If you run `adb tcpip`, adbd tries to process a string of 'tcpip:' using
this code:
} else if(!strncmp(name, "tcpip:", 6)) {
int port;
if (sscanf(name + 6, "%d", &port) == 0) {
port = 0;
}
ret = create_service_thread(restart_tcp_service, (void *) (uintptr_t) port);
If a zero-length string is passed to sscanf(), it returns EOF (-1) which
causes the if statement to skip the block, leaving the port variable
uninitialized.
I found this by running `adb tcpip` and sometimes getting 'invalid port'
and sometimes a device would start listening on a random port number.
The fix is to check the sscanf() return value for the success case (the
number of items successfully parsed), as is already done in other parts
of the adb code. I also fixed-up another instance of the same
code-pattern in services.c.
Change-Id: I8c9c33485ad076828da0ac74f048fdad561669d3
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Due to a typo, the --no-rebind option never worked (it always failed).
The root of the problem was that the client was sending on the wire
a command like:
host:forward:norebind::tcp:<port>;tcp:<port>
^^
Instead of:
host:forward:norebind:tcp:<port>;tcp:<port>
^
Note the erroneous double-column.
The fix is local to the adb client and thus doesn't require a new
version of the server or guest adbd on the device-side.
This also fixes 'adb reverse --no-rebind'.
See https://code.google.com/p/chromium/issues/detail?id=451109
Change-Id: I680fd432b5470072f6a9968ca32a7f90c600ac68
If verity is enabled and the underlying block device is marked
read-only, disable-verity fails. We cannot use the existing code
for enable-verity to make the device writable as the device in
/proc/mounts will be the verity device instead of the underlying
device we want to change. This change makes the correct device
writable when altering verity state.
Change-Id: I423ee50fb34d78cff2fe843318b9081c03c5142d
Remove 2 unused functions and 1 unused label in the
!ALLOW_ADBD_DISABLE_VERITY case
Change-Id: Id6b29f57bcb95e54f5a4014021d47d8ca6e4556e
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
Note that it is *easy* to break your phone with this feature. It is
not a bug that reenabling verity after changing one byte of the system
partition stops the device booting.
(cherry-pick of 7c442e1700e6312727283db402dec6f666f1b55a.)
Bug: 18529433
Change-Id: I632e91281884471a362960f1ba30312d2669b8ff
This reverts commit 152d2d4234.
Fixed build error, and also fixed memory leak spotted from warning.
(cherry-pick of bbb36319119edde9377fb80015235893c30d2bc9.)
Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
