Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipc/ipc_channel_posix.h

Issue 1120343002: Make IPC::Channel buffers stack based and secure against growth (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Moved static_assert Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | ipc/ipc_channel_posix.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef IPC_IPC_CHANNEL_POSIX_H_ 5 #ifndef IPC_IPC_CHANNEL_POSIX_H_
6 #define IPC_IPC_CHANNEL_POSIX_H_ 6 #define IPC_IPC_CHANNEL_POSIX_H_
7 7
8 #include "ipc/ipc_channel.h" 8 #include "ipc/ipc_channel.h"
9 9
10 #include <sys/socket.h> // for CMSG macros 10 #include <sys/socket.h> // for CMSG macros
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 // Messages to be sent are queued here. 132 // Messages to be sent are queued here.
133 std::queue<Message*> output_queue_; 133 std::queue<Message*> output_queue_;
134 134
135 // We assume a worst case: kReadBufferSize bytes of messages, where each 135 // We assume a worst case: kReadBufferSize bytes of messages, where each
136 // message has no payload and a full complement of descriptors. 136 // message has no payload and a full complement of descriptors.
137 static const size_t kMaxReadFDs = 137 static const size_t kMaxReadFDs =
138 (Channel::kReadBufferSize / sizeof(IPC::Message::Header)) * 138 (Channel::kReadBufferSize / sizeof(IPC::Message::Header)) *
139 MessageAttachmentSet::kMaxDescriptorsPerMessage; 139 MessageAttachmentSet::kMaxDescriptorsPerMessage;
140 140
141 // Buffer size for file descriptors used for recvmsg. On Mac the CMSG macros 141 // Buffer size for file descriptors used for recvmsg. On Mac the CMSG macros
142 // don't seem to be constant so we have to pick a "large enough" value. 142 // are not constant so we have to pick a "large enough" padding for headers.
143 #if defined(OS_MACOSX) 143 #if defined(OS_MACOSX)
144 static const size_t kMaxReadFDBuffer = 1024; 144 static const size_t kMaxReadFDBuffer = 1024 + sizeof(int) * kMaxReadFDs;
145 #else 145 #else
146 static const size_t kMaxReadFDBuffer = CMSG_SPACE(sizeof(int) * kMaxReadFDs); 146 static const size_t kMaxReadFDBuffer = CMSG_SPACE(sizeof(int) * kMaxReadFDs);
147 #endif 147 #endif
148 148 static_assert(kMaxReadFDBuffer <= 8192,
149 // Temporary buffer used to receive the file descriptors from recvmsg. 149 "kMaxReadFDBuffer too big for a stack buffer");
150 // Code that writes into this should immediately read them out and save
151 // them to input_fds_, since this buffer will be re-used anytime we call
152 // recvmsg.
153 char input_cmsg_buf_[kMaxReadFDBuffer];
154 150
155 // File descriptors extracted from messages coming off of the channel. The 151 // File descriptors extracted from messages coming off of the channel. The
156 // handles may span messages and come off different channels from the message 152 // handles may span messages and come off different channels from the message
157 // data (in the case of READWRITE), and are processed in FIFO here. 153 // data (in the case of READWRITE), and are processed in FIFO here.
158 // NOTE: The implementation assumes underlying storage here is contiguous, so 154 // NOTE: The implementation assumes underlying storage here is contiguous, so
159 // don't change to something like std::deque<> without changing the 155 // don't change to something like std::deque<> without changing the
160 // implementation! 156 // implementation!
161 std::vector<int> input_fds_; 157 std::vector<int> input_fds_;
162 158
163 159
(...skipping 14 matching lines...) Expand all
178 // If non-zero, overrides the process ID sent in the hello message. 174 // If non-zero, overrides the process ID sent in the hello message.
179 static int global_pid_; 175 static int global_pid_;
180 #endif // OS_LINUX 176 #endif // OS_LINUX
181 177
182 DISALLOW_IMPLICIT_CONSTRUCTORS(ChannelPosix); 178 DISALLOW_IMPLICIT_CONSTRUCTORS(ChannelPosix);
183 }; 179 };
184 180
185 } // namespace IPC 181 } // namespace IPC
186 182
187 #endif // IPC_IPC_CHANNEL_POSIX_H_ 183 #endif // IPC_IPC_CHANNEL_POSIX_H_
OLDNEW
« no previous file with comments | « no previous file | ipc/ipc_channel_posix.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698