| OLD | NEW |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "ipc/ipc_channel_posix.h" | 5 #include "ipc/ipc_channel_posix.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <stddef.h> | 9 #include <stddef.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 574 } | 574 } |
| 575 } | 575 } |
| 576 | 576 |
| 577 // Process messages from input buffer. | 577 // Process messages from input buffer. |
| 578 const char *p; | 578 const char *p; |
| 579 const char *end; | 579 const char *end; |
| 580 if (input_overflow_buf_.empty()) { | 580 if (input_overflow_buf_.empty()) { |
| 581 p = input_buf_; | 581 p = input_buf_; |
| 582 end = p + bytes_read; | 582 end = p + bytes_read; |
| 583 } else { | 583 } else { |
| 584 if (input_overflow_buf_.size() > | 584 if (input_overflow_buf_.size() > (kMaximumMessageSize - bytes_read)) { |
| 585 static_cast<size_t>(kMaximumMessageSize - bytes_read)) { | |
| 586 input_overflow_buf_.clear(); | 585 input_overflow_buf_.clear(); |
| 587 LOG(ERROR) << "IPC message is too big"; | 586 LOG(ERROR) << "IPC message is too big"; |
| 588 return false; | 587 return false; |
| 589 } | 588 } |
| 590 input_overflow_buf_.append(input_buf_, bytes_read); | 589 input_overflow_buf_.append(input_buf_, bytes_read); |
| 591 p = input_overflow_buf_.data(); | 590 p = input_overflow_buf_.data(); |
| 592 end = p + input_overflow_buf_.size(); | 591 end = p + input_overflow_buf_.size(); |
| 593 } | 592 } |
| 594 | 593 |
| 595 // A pointer to an array of |num_fds| file descriptors which includes any | 594 // A pointer to an array of |num_fds| file descriptors which includes any |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 665 fds = &input_overflow_fds_[0]; | 664 fds = &input_overflow_fds_[0]; |
| 666 num_fds = input_overflow_fds_.size(); | 665 num_fds = input_overflow_fds_.size(); |
| 667 } | 666 } |
| 668 } | 667 } |
| 669 if (header_fds > num_fds - fds_i) | 668 if (header_fds > num_fds - fds_i) |
| 670 #endif // IPC_USES_READWRITE | 669 #endif // IPC_USES_READWRITE |
| 671 error = "Message needs unreceived descriptors"; | 670 error = "Message needs unreceived descriptors"; |
| 672 } | 671 } |
| 673 | 672 |
| 674 if (header_fds > | 673 if (header_fds > |
| 675 FileDescriptorSet::MAX_DESCRIPTORS_PER_MESSAGE) { | 674 FileDescriptorSet::kMaxDescriptorsPerMessage) { |
| 676 // There are too many descriptors in this message | 675 // There are too many descriptors in this message |
| 677 error = "Message requires an excessive number of descriptors"; | 676 error = "Message requires an excessive number of descriptors"; |
| 678 } | 677 } |
| 679 | 678 |
| 680 if (error) { | 679 if (error) { |
| 681 LOG(WARNING) << error | 680 LOG(WARNING) << error |
| 682 << " channel:" << this | 681 << " channel:" << this |
| 683 << " message-type:" << m.type() | 682 << " message-type:" << m.type() |
| 684 << " header()->num_fds:" << header_fds | 683 << " header()->num_fds:" << header_fds |
| 685 << " num_fds:" << num_fds | 684 << " num_fds:" << num_fds |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 771 size_t amt_to_write = msg->size() - message_send_bytes_written_; | 770 size_t amt_to_write = msg->size() - message_send_bytes_written_; |
| 772 DCHECK_NE(0U, amt_to_write); | 771 DCHECK_NE(0U, amt_to_write); |
| 773 const char* out_bytes = reinterpret_cast<const char*>(msg->data()) + | 772 const char* out_bytes = reinterpret_cast<const char*>(msg->data()) + |
| 774 message_send_bytes_written_; | 773 message_send_bytes_written_; |
| 775 | 774 |
| 776 struct msghdr msgh = {0}; | 775 struct msghdr msgh = {0}; |
| 777 struct iovec iov = {const_cast<char*>(out_bytes), amt_to_write}; | 776 struct iovec iov = {const_cast<char*>(out_bytes), amt_to_write}; |
| 778 msgh.msg_iov = &iov; | 777 msgh.msg_iov = &iov; |
| 779 msgh.msg_iovlen = 1; | 778 msgh.msg_iovlen = 1; |
| 780 char buf[CMSG_SPACE( | 779 char buf[CMSG_SPACE( |
| 781 sizeof(int[FileDescriptorSet::MAX_DESCRIPTORS_PER_MESSAGE]))]; | 780 sizeof(int) * FileDescriptorSet::kMaxDescriptorsPerMessage)]; |
| 782 | 781 |
| 783 ssize_t bytes_written = 1; | 782 ssize_t bytes_written = 1; |
| 784 int fd_written = -1; | 783 int fd_written = -1; |
| 785 | 784 |
| 786 if (message_send_bytes_written_ == 0 && | 785 if (message_send_bytes_written_ == 0 && |
| 787 !msg->file_descriptor_set()->empty()) { | 786 !msg->file_descriptor_set()->empty()) { |
| 788 // This is the first chunk of a message which has descriptors to send | 787 // This is the first chunk of a message which has descriptors to send |
| 789 struct cmsghdr *cmsg; | 788 struct cmsghdr *cmsg; |
| 790 const unsigned num_fds = msg->file_descriptor_set()->size(); | 789 const unsigned num_fds = msg->file_descriptor_set()->size(); |
| 791 | 790 |
| 792 DCHECK_LE(num_fds, FileDescriptorSet::MAX_DESCRIPTORS_PER_MESSAGE); | 791 DCHECK(num_fds <= FileDescriptorSet::kMaxDescriptorsPerMessage); |
| 793 if (msg->file_descriptor_set()->ContainsDirectoryDescriptor()) { | 792 if (msg->file_descriptor_set()->ContainsDirectoryDescriptor()) { |
| 794 LOG(FATAL) << "Panic: attempting to transport directory descriptor over" | 793 LOG(FATAL) << "Panic: attempting to transport directory descriptor over" |
| 795 " IPC. Aborting to maintain sandbox isolation."; | 794 " IPC. Aborting to maintain sandbox isolation."; |
| 796 // If you have hit this then something tried to send a file descriptor | 795 // If you have hit this then something tried to send a file descriptor |
| 797 // to a directory over an IPC channel. Since IPC channels span | 796 // to a directory over an IPC channel. Since IPC channels span |
| 798 // sandboxes this is very bad: the receiving process can use openat | 797 // sandboxes this is very bad: the receiving process can use openat |
| 799 // with ".." elements in the path in order to reach the real | 798 // with ".." elements in the path in order to reach the real |
| 800 // filesystem. | 799 // filesystem. |
| 801 } | 800 } |
| 802 | 801 |
| 803 msgh.msg_control = buf; | 802 msgh.msg_control = buf; |
| 804 msgh.msg_controllen = CMSG_SPACE(sizeof(int) * num_fds); | 803 msgh.msg_controllen = CMSG_SPACE(sizeof(int) * num_fds); |
| 805 cmsg = CMSG_FIRSTHDR(&msgh); | 804 cmsg = CMSG_FIRSTHDR(&msgh); |
| 806 cmsg->cmsg_level = SOL_SOCKET; | 805 cmsg->cmsg_level = SOL_SOCKET; |
| 807 cmsg->cmsg_type = SCM_RIGHTS; | 806 cmsg->cmsg_type = SCM_RIGHTS; |
| 808 cmsg->cmsg_len = CMSG_LEN(sizeof(int) * num_fds); | 807 cmsg->cmsg_len = CMSG_LEN(sizeof(int) * num_fds); |
| 809 msg->file_descriptor_set()->GetDescriptors( | 808 msg->file_descriptor_set()->GetDescriptors( |
| 810 reinterpret_cast<int*>(CMSG_DATA(cmsg))); | 809 reinterpret_cast<int*>(CMSG_DATA(cmsg))); |
| 811 msgh.msg_controllen = cmsg->cmsg_len; | 810 msgh.msg_controllen = cmsg->cmsg_len; |
| 812 | 811 |
| 813 // DCHECK_LE above already checks that | 812 // DCHECK_LE above already checks that |
| 814 // num_fds < MAX_DESCRIPTORS_PER_MESSAGE so no danger of overflow. | 813 // num_fds < kMaxDescriptorsPerMessage so no danger of overflow. |
| 815 msg->header()->num_fds = static_cast<uint16>(num_fds); | 814 msg->header()->num_fds = static_cast<uint16>(num_fds); |
| 816 | 815 |
| 817 #if defined(IPC_USES_READWRITE) | 816 #if defined(IPC_USES_READWRITE) |
| 818 if (!IsHelloMessage(msg)) { | 817 if (!IsHelloMessage(msg)) { |
| 819 // Only the Hello message sends the file descriptor with the message. | 818 // Only the Hello message sends the file descriptor with the message. |
| 820 // Subsequently, we can send file descriptors on the dedicated | 819 // Subsequently, we can send file descriptors on the dedicated |
| 821 // fd_pipe_ which makes Seccomp sandbox operation more efficient. | 820 // fd_pipe_ which makes Seccomp sandbox operation more efficient. |
| 822 struct iovec fd_pipe_iov = { const_cast<char *>(""), 1 }; | 821 struct iovec fd_pipe_iov = { const_cast<char *>(""), 1 }; |
| 823 msgh.msg_iov = &fd_pipe_iov; | 822 msgh.msg_iov = &fd_pipe_iov; |
| 824 fd_written = fd_pipe_; | 823 fd_written = fd_pipe_; |
| (...skipping 380 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1205 void Channel::ResetToAcceptingConnectionState() { | 1204 void Channel::ResetToAcceptingConnectionState() { |
| 1206 channel_impl_->ResetToAcceptingConnectionState(); | 1205 channel_impl_->ResetToAcceptingConnectionState(); |
| 1207 } | 1206 } |
| 1208 | 1207 |
| 1209 // static | 1208 // static |
| 1210 bool Channel::IsNamedServerInitialized(const std::string& channel_id) { | 1209 bool Channel::IsNamedServerInitialized(const std::string& channel_id) { |
| 1211 return ChannelImpl::IsNamedServerInitialized(channel_id); | 1210 return ChannelImpl::IsNamedServerInitialized(channel_id); |
| 1212 } | 1211 } |
| 1213 | 1212 |
| 1214 } // namespace IPC | 1213 } // namespace IPC |
| OLD | NEW |