OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0cb7903) | patch
Don't make lockdown VPN source firewall rules over-broad.
authorLorenzo Colitti <lorenzo@google.com>
Wed, 15 Oct 2014 15:55:07 +0000 (00:55 +0900)
committerLorenzo Colitti <lorenzo@google.com>
Wed, 15 Oct 2014 16:16:50 +0000 (01:16 +0900)
commit02c7abac856c3e94f4a2714d673cefb65c55efb7
treeef05718481146d0d5e92e70c8ccec674db427ba3tree | snapshot
parent0cb7903ddedbbb8a8171926e4460b74af589369dcommit | diff
Don't make lockdown VPN source firewall rules over-broad.

Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.

This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.

Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
services/core/java/com/android/server/net/LockdownVpnTracker.java diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help