| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
| 6 | 6 |
| 7 #include <AclAPI.h> | 7 #include <AclAPI.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| (...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 403 | 403 |
| 404 base::win::ScopedHandle job(job_temp); | 404 base::win::ScopedHandle job(job_temp); |
| 405 | 405 |
| 406 // Initialize the startup information from the policy. | 406 // Initialize the startup information from the policy. |
| 407 base::win::StartupInformation startup_info; | 407 base::win::StartupInformation startup_info; |
| 408 // The liftime of |mitigations| and |inherit_handle_list| have to be at least | 408 // The liftime of |mitigations| and |inherit_handle_list| have to be at least |
| 409 // as long as |startup_info| because |UpdateProcThreadAttribute| requires that | 409 // as long as |startup_info| because |UpdateProcThreadAttribute| requires that |
| 410 // its |lpValue| parameter persist until |DeleteProcThreadAttributeList| is | 410 // its |lpValue| parameter persist until |DeleteProcThreadAttributeList| is |
| 411 // called; StartupInformation's destructor makes such a call. | 411 // called; StartupInformation's destructor makes such a call. |
| 412 DWORD64 mitigations; | 412 DWORD64 mitigations; |
| 413 HANDLE inherit_handle_list[2]; | 413 |
| 414 std::vector<HANDLE> inherited_handle_list; |
| 415 |
| 414 base::string16 desktop = policy_base->GetAlternateDesktop(); | 416 base::string16 desktop = policy_base->GetAlternateDesktop(); |
| 415 if (!desktop.empty()) { | 417 if (!desktop.empty()) { |
| 416 startup_info.startup_info()->lpDesktop = | 418 startup_info.startup_info()->lpDesktop = |
| 417 const_cast<wchar_t*>(desktop.c_str()); | 419 const_cast<wchar_t*>(desktop.c_str()); |
| 418 } | 420 } |
| 419 | 421 |
| 420 bool inherit_handles = false; | 422 bool inherit_handles = false; |
| 421 | 423 |
| 422 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | 424 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { |
| 423 int attribute_count = 0; | 425 int attribute_count = 0; |
| 424 const AppContainerAttributes* app_container = | 426 const AppContainerAttributes* app_container = |
| 425 policy_base->GetAppContainer(); | 427 policy_base->GetAppContainer(); |
| 426 if (app_container) | 428 if (app_container) |
| 427 ++attribute_count; | 429 ++attribute_count; |
| 428 | 430 |
| 429 size_t mitigations_size; | 431 size_t mitigations_size; |
| 430 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(), | 432 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(), |
| 431 &mitigations, &mitigations_size); | 433 &mitigations, &mitigations_size); |
| 432 if (mitigations) | 434 if (mitigations) |
| 433 ++attribute_count; | 435 ++attribute_count; |
| 434 | 436 |
| 435 HANDLE stdout_handle = policy_base->GetStdoutHandle(); | 437 HANDLE stdout_handle = policy_base->GetStdoutHandle(); |
| 436 HANDLE stderr_handle = policy_base->GetStderrHandle(); | 438 HANDLE stderr_handle = policy_base->GetStderrHandle(); |
| 437 int inherit_handle_count = 0; | 439 |
| 438 if (stdout_handle != INVALID_HANDLE_VALUE) | 440 if (stdout_handle != INVALID_HANDLE_VALUE) |
| 439 inherit_handle_list[inherit_handle_count++] = stdout_handle; | 441 inherited_handle_list.push_back(stdout_handle); |
| 442 |
| 440 // Handles in the list must be unique. | 443 // Handles in the list must be unique. |
| 441 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) | 444 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) |
| 442 inherit_handle_list[inherit_handle_count++] = stderr_handle; | 445 inherited_handle_list.push_back(stderr_handle); |
| 443 | 446 |
| 444 HandleList handle_list = policy_base->GetHandlesBeingShared(); | 447 HandleList policy_handle_list = policy_base->GetHandlesBeingShared(); |
| 445 for (auto handle : handle_list) | |
| 446 inherit_handle_list[inherit_handle_count++] = handle; | |
| 447 | 448 |
| 448 if (inherit_handle_count) | 449 for (auto handle : policy_handle_list) |
| 450 inherited_handle_list.push_back(handle); |
| 451 |
| 452 if (inherited_handle_list.size()) |
| 449 ++attribute_count; | 453 ++attribute_count; |
| 450 | 454 |
| 451 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) | 455 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) |
| 452 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | 456 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 453 | 457 |
| 454 if (app_container) { | 458 if (app_container) { |
| 455 result = app_container->ShareForStartup(&startup_info); | 459 result = app_container->ShareForStartup(&startup_info); |
| 456 if (SBOX_ALL_OK != result) | 460 if (SBOX_ALL_OK != result) |
| 457 return result; | 461 return result; |
| 458 } | 462 } |
| 459 | 463 |
| 460 if (mitigations) { | 464 if (mitigations) { |
| 461 if (!startup_info.UpdateProcThreadAttribute( | 465 if (!startup_info.UpdateProcThreadAttribute( |
| 462 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, | 466 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, |
| 463 mitigations_size)) { | 467 mitigations_size)) { |
| 464 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | 468 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 465 } | 469 } |
| 466 } | 470 } |
| 467 | 471 |
| 468 if (inherit_handle_count) { | 472 if (inherited_handle_list.size()) { |
| 469 if (!startup_info.UpdateProcThreadAttribute( | 473 if (!startup_info.UpdateProcThreadAttribute( |
| 470 PROC_THREAD_ATTRIBUTE_HANDLE_LIST, | 474 PROC_THREAD_ATTRIBUTE_HANDLE_LIST, |
| 471 inherit_handle_list, | 475 &inherited_handle_list[0], |
| 472 sizeof(inherit_handle_list[0]) * inherit_handle_count)) { | 476 sizeof(HANDLE) * inherited_handle_list.size())) { |
| 473 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | 477 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 474 } | 478 } |
| 475 startup_info.startup_info()->dwFlags |= STARTF_USESTDHANDLES; | 479 startup_info.startup_info()->dwFlags |= STARTF_USESTDHANDLES; |
| 476 startup_info.startup_info()->hStdInput = INVALID_HANDLE_VALUE; | 480 startup_info.startup_info()->hStdInput = INVALID_HANDLE_VALUE; |
| 477 startup_info.startup_info()->hStdOutput = stdout_handle; | 481 startup_info.startup_info()->hStdOutput = stdout_handle; |
| 478 startup_info.startup_info()->hStdError = stderr_handle; | 482 startup_info.startup_info()->hStdError = stderr_handle; |
| 479 // Allowing inheritance of handles is only secure now that we | 483 // Allowing inheritance of handles is only secure now that we |
| 480 // have limited which handles will be inherited. | 484 // have limited which handles will be inherited. |
| 481 inherit_handles = true; | 485 inherit_handles = true; |
| 482 } | 486 } |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 607 return SBOX_ERROR_UNSUPPORTED; | 611 return SBOX_ERROR_UNSUPPORTED; |
| 608 | 612 |
| 609 base::string16 name = LookupAppContainer(sid); | 613 base::string16 name = LookupAppContainer(sid); |
| 610 if (name.empty()) | 614 if (name.empty()) |
| 611 return SBOX_ERROR_INVALID_APP_CONTAINER; | 615 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 612 | 616 |
| 613 return DeleteAppContainer(sid); | 617 return DeleteAppContainer(sid); |
| 614 } | 618 } |
| 615 | 619 |
| 616 } // namespace sandbox | 620 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1128903006:
Fix a stack overflow in the windows sandbox SpawnTarget function. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master