github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Detect PID loops in api auth

Browse Source
This commit is contained in:
Daniel
2020-06-05 14:00:44 +02:00
parent f7fbf40cf9
commit 625b79e3b3
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
firewall/api.go
View File

@@ -112,6 +112,7 @@ func authenticateAPIRequest(ctx context.Context, pktInfo *packet.Info) (retry bo
return true, fmt.Errorf("failed to get process: %s", err)
}
originalPid := proc.Pid
var previousPid int
// go up up to two levels, if we don't match
for i := 0; i < 5; i++ {
@@ -130,11 +131,20 @@ func authenticateAPIRequest(ctx context.Context, pktInfo *packet.Info) (retry bo
procsChecked = append(procsChecked, proc.Path)
if i < 4 {
// save previous PID
previousPid = proc.Pid
// get parent process
proc, err = process.GetOrFindProcess(ctx, proc.ParentPid)
if err != nil {
return true, fmt.Errorf("failed to get process: %s", err)
}
// abort if we are looping
if proc.Pid == previousPid {
// this also catches -1 pid loops
break
}
}
}