Make IPC::Channel buffers stack based and secure against growth

ipc/ipc_channel_posix.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ipc/ipc_channel_posix.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <stddef.h>
 #include <sys/socket.h>
@@ skipping 174 matching lines @@
                            Mode mode, Listener* listener)
     : ChannelReader(listener),
       mode_(mode),
       peer_pid_(base::kNullProcessId),
       is_blocked_on_write_(false),
       waiting_connect_(true),
       message_send_bytes_written_(0),
       pipe_name_(channel_handle.name),
       in_dtor_(false),
       must_unlink_(false) {
-  memset(input_cmsg_buf_, 0, sizeof(input_cmsg_buf_));
   if (!CreatePipe(channel_handle)) {
     // The pipe may have been closed already.
     const char *modestr = (mode_ & MODE_SERVER_FLAG) ? "server" : "client";
     LOG(WARNING) << "Unable to create pipe named \"" << channel_handle.name
                  << "\" in " << modestr << " mode";
   }
 }
 
 ChannelPosix::~ChannelPosix() {
   in_dtor_ = true;
@@ skipping 611 matching lines @@
     int* bytes_read) {
   if (!pipe_.is_valid())
     return READ_FAILED;
 
   struct msghdr msg = {0};
 
   struct iovec iov = {buffer, static_cast<size_t>(buffer_len)};
   msg.msg_iov = &iov;
   msg.msg_iovlen = 1;
 
-  msg.msg_control = input_cmsg_buf_;
+  char input_cmsg_buf[kMaxReadFDBuffer];
+  msg.msg_control = input_cmsg_buf;
 
   // recvmsg() returns 0 if the connection has closed or EAGAIN if no data
   // is waiting on the pipe.
 #if defined(IPC_USES_READWRITE)
   if (fd_pipe_.is_valid()) {
     *bytes_read = HANDLE_EINTR(read(pipe_.get(), buffer, buffer_len));
     msg.msg_controllen = 0;
   } else
 #endif  // IPC_USES_READWRITE
   {
-    msg.msg_controllen = sizeof(input_cmsg_buf_);
+    msg.msg_controllen = sizeof(input_cmsg_buf);
     *bytes_read = HANDLE_EINTR(recvmsg(pipe_.get(), &msg, MSG_DONTWAIT));
   }
   if (*bytes_read < 0) {
     if (errno == EAGAIN) {
       return READ_PENDING;
 #if defined(OS_MACOSX)
     } else if (errno == EPERM) {
       // On OSX, reading from a pipe with no listener returns EPERM
       // treat this as a special case to prevent spurious error messages
       // to the console.
@@ skipping 20 matching lines @@
 }
 
 #if defined(IPC_USES_READWRITE)
 bool ChannelPosix::ReadFileDescriptorsFromFDPipe() {
   char dummy;
   struct iovec fd_pipe_iov = { &dummy, 1 };
 
   struct msghdr msg = { 0 };
   msg.msg_iov = &fd_pipe_iov;
   msg.msg_iovlen = 1;
-  msg.msg_control = input_cmsg_buf_;
-  msg.msg_controllen = sizeof(input_cmsg_buf_);
+  char input_cmsg_buf[kMaxReadFDBuffer];
+  msg.msg_control = input_cmsg_buf;
+  msg.msg_controllen = sizeof(input_cmsg_buf);
   ssize_t bytes_received =
       HANDLE_EINTR(recvmsg(fd_pipe_.get(), &msg, MSG_DONTWAIT));
 
   if (bytes_received != 1)
     return true;  // No message waiting.
 
   if (!ExtractFileDescriptorsFromMsghdr(&msg))
     return false;
   return true;
 }
@@ skipping 245 matching lines @@
 }
 
 #if defined(OS_LINUX)
 // static
 void Channel::SetGlobalPid(int pid) {
   ChannelPosix::SetGlobalPid(pid);
 }
 #endif  // OS_LINUX
 
 }  // namespace IPC