Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 145553007: Correctly test for canonicalized path in the CreateNamedPipe policy engine. (Closed)

Created:
6 years, 11 months ago by Will Harris
Modified:
6 years, 10 months ago
CC:
chromium-reviews
Visibility:
Public.

Description

Correctly test for canonicalized path in the CreateNamedPipe policy engine. BUG=334897 TEST=sbox_integration_tests.exe Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=247511

Patch Set 1 #

Patch Set 2 : Disable path canonicalization when calling CreateNamedPipe #

Total comments: 1

Patch Set 3 : Add specific traversal checks. Move canonicalization test to in-process. #

Total comments: 4

Patch Set 4 : Test for more \ and / variants. #

Patch Set 5 : fix license #

Total comments: 3
Unified diffs Side-by-side diffs Delta from patch set Stats (+96 lines, -7 lines) Patch
M sandbox/win/src/named_pipe_dispatcher.cc View 1 2 3 3 chunks +28 lines, -0 lines 3 comments Download
M sandbox/win/src/named_pipe_policy_test.cc View 1 2 3 4 4 chunks +68 lines, -7 lines 0 comments Download

Messages

Total messages: 14 (0 generated)
Will Harris
6 years, 11 months ago (2014-01-23 21:35:54 UTC) #1
Will Harris
Changed the implementation to use the \\?\ syntax. On Windows XP CreatePipe calls inside the ...
6 years, 11 months ago (2014-01-24 22:44:01 UTC) #2
jschuh
https://codereview.chromium.org/145553007/diff/50001/sandbox/win/src/named_pipe_dispatcher.cc File sandbox/win/src/named_pipe_dispatcher.cc (right): https://codereview.chromium.org/145553007/diff/50001/sandbox/win/src/named_pipe_dispatcher.cc#newcode62 sandbox/win/src/named_pipe_dispatcher.cc:62: I thought we discussed having the dispatcher also look ...
6 years, 11 months ago (2014-01-24 22:53:32 UTC) #3
Will Harris
On 2014/01/24 22:53:32, Justin Schuh wrote: > https://codereview.chromium.org/145553007/diff/50001/sandbox/win/src/named_pipe_dispatcher.cc > File sandbox/win/src/named_pipe_dispatcher.cc (right): > > https://codereview.chromium.org/145553007/diff/50001/sandbox/win/src/named_pipe_dispatcher.cc#newcode62 ...
6 years, 11 months ago (2014-01-24 22:56:26 UTC) #4
jschuh
On 2014/01/24 22:56:26, Will Harris wrote: > On 2014/01/24 22:53:32, Justin Schuh wrote: > > ...
6 years, 11 months ago (2014-01-24 23:06:01 UTC) #5
Will Harris
PTAL - Added checks for ".." in the policy engine, and added an extra in-process ...
6 years, 11 months ago (2014-01-27 18:31:20 UTC) #6
jschuh
https://codereview.chromium.org/145553007/diff/120001/sandbox/win/src/named_pipe_dispatcher.cc File sandbox/win/src/named_pipe_dispatcher.cc (right): https://codereview.chromium.org/145553007/diff/120001/sandbox/win/src/named_pipe_dispatcher.cc#newcode48 sandbox/win/src/named_pipe_dispatcher.cc:48: ipc->return_info.handle = INVALID_HANDLE_VALUE; Never put INVALID_HANDLE_VALUE in anything that ...
6 years, 11 months ago (2014-01-27 20:29:47 UTC) #7
Will Harris
added better / and \ checks. Added a few more tests. PTAL. Thanks. https://codereview.chromium.org/145553007/diff/120001/sandbox/win/src/named_pipe_dispatcher.cc File ...
6 years, 10 months ago (2014-01-27 23:47:17 UTC) #8
jschuh
lgtm
6 years, 10 months ago (2014-01-28 01:32:25 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/wfh@chromium.org/145553007/180001
6 years, 10 months ago (2014-01-28 06:29:58 UTC) #10
commit-bot: I haz the power
Retried try job too often on chromium_presubmit for step(s) presubmit http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=chromium_presubmit&number=46750
6 years, 10 months ago (2014-01-28 18:36:25 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/wfh@chromium.org/145553007/200001
6 years, 10 months ago (2014-01-28 18:39:44 UTC) #12
commit-bot: I haz the power
Change committed as 247511
6 years, 10 months ago (2014-01-28 21:27:11 UTC) #13
rvargas (doing something else)
6 years, 10 months ago (2014-01-28 22:26:46 UTC) #14
Message was sent while issue was closed. 
https://codereview.chromium.org/145553007/diff/200001/sandbox/win/src/named_p...
File sandbox/win/src/named_pipe_dispatcher.cc (right):

https://codereview.chromium.org/145553007/diff/200001/sandbox/win/src/named_p...
sandbox/win/src/named_pipe_dispatcher.cc:54: for
(std::vector<base::string16>::const_iterator iter = paths.begin();
why not search ".." and fail right away if that is present? We don't have to
support arbitrary policy patterns.

https://codereview.chromium.org/145553007/diff/200001/sandbox/win/src/named_p...
sandbox/win/src/named_pipe_dispatcher.cc:58: iter2 != innerpaths.end(); ++iter2)
{
nit: indent one space less

https://codereview.chromium.org/145553007/diff/200001/sandbox/win/src/named_p...
sandbox/win/src/named_pipe_dispatcher.cc:79: name->replace(0, 4, L"\\\\\?\\");
we should not be fixing names. If we don't like it, we don't help the renderer.

Powered by Google App Engine
This is Rietveld 408576698