| Index: sandbox/win/src/named_pipe_policy_test.cc
|
| diff --git a/sandbox/win/src/named_pipe_policy_test.cc b/sandbox/win/src/named_pipe_policy_test.cc
|
| index b89a1913d069f380e36ede61859b2c22b838d398..fe8c71f70b91e9d31fede3d688a842633871bad2 100644
|
| --- a/sandbox/win/src/named_pipe_policy_test.cc
|
| +++ b/sandbox/win/src/named_pipe_policy_test.cc
|
| @@ -1,18 +1,20 @@
|
| -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
|
| +// Copyright (c) 2014 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| +#include "base/win/windows_version.h"
|
| +#include "sandbox/win/src/handle_closer.h"
|
| #include "sandbox/win/src/sandbox.h"
|
| #include "sandbox/win/src/sandbox_policy.h"
|
| #include "sandbox/win/src/sandbox_factory.h"
|
| #include "sandbox/win/tests/common/controller.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
|
|
| namespace sandbox {
|
|
|
|
|
| SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
|
| - if (argc != 1) {
|
| + if (argc < 1 || argc > 2) {
|
| return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
|
| }
|
| if ((NULL == argv) || (NULL == argv[0])) {
|
| @@ -26,6 +28,18 @@ SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
|
| if (INVALID_HANDLE_VALUE == pipe)
|
| return SBOX_TEST_DENIED;
|
|
|
| + // The second parameter allows us to enforce a whitelist for where the
|
| + // pipe should be in the object namespace after creation.
|
| + if (argc == 2) {
|
| + base::string16 handle_name;
|
| + if (GetHandleName(pipe, &handle_name)) {
|
| + if (handle_name.compare(0, wcslen(argv[1]), argv[1]) != 0)
|
| + return SBOX_TEST_FAILED;
|
| + } else {
|
| + return SBOX_TEST_FAILED;
|
| + }
|
| + }
|
| +
|
| OVERLAPPED overlapped = {0};
|
| overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL);
|
| BOOL result = ::ConnectNamedPipe(pipe, &overlapped);
|
| @@ -45,19 +59,59 @@ SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
|
| return SBOX_TEST_SUCCEEDED;
|
| }
|
|
|
| -// Tests if we can create a pipe in the sandbox. On XP, the sandbox can create
|
| -// a pipe without any help but it fails on Vista, this is why we do not test
|
| -// the "denied" case.
|
| +// Tests if we can create a pipe in the sandbox.
|
| TEST(NamedPipePolicyTest, CreatePipe) {
|
| TestRunner runner;
|
| // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
|
| // namedpipe name. Here we apply it like a wildcard. http://b/893603
|
| EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
|
| TargetPolicy::NAMEDPIPES_ALLOW_ANY,
|
| - L"\\\\.\\pipe\\test*"));
|
| + L"\\\\.\\pipe\\test*"));
|
|
|
| EXPECT_EQ(SBOX_TEST_SUCCEEDED,
|
| runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
|
| +
|
| + // On XP, the sandbox can create a pipe without any help but it fails on
|
| + // Vista+, this is why we do not test the "denied" case.
|
| + if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
|
| + EXPECT_EQ(SBOX_TEST_DENIED,
|
| + runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh"));
|
| + }
|
| +}
|
| +
|
| +// Tests if we can create a pipe with a path traversal in the sandbox.
|
| +TEST(NamedPipePolicyTest, CreatePipeTraversal) {
|
| + TestRunner runner;
|
| + // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
|
| + // namedpipe name. Here we apply it like a wildcard. http://b/893603
|
| + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
|
| + TargetPolicy::NAMEDPIPES_ALLOW_ANY,
|
| + L"\\\\.\\pipe\\test*"));
|
| +
|
| + // On XP, the sandbox can create a pipe without any help but it fails on
|
| + // Vista+, this is why we do not test the "denied" case.
|
| + if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
|
| + EXPECT_EQ(SBOX_TEST_DENIED,
|
| + runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\..\\bleh"));
|
| + EXPECT_EQ(SBOX_TEST_DENIED,
|
| + runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/../bleh"));
|
| + EXPECT_EQ(SBOX_TEST_DENIED,
|
| + runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\../bleh"));
|
| + EXPECT_EQ(SBOX_TEST_DENIED,
|
| + runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/..\\bleh"));
|
| + }
|
| +}
|
| +
|
| +// This tests that path canonicalization is actually disabled if we use \\?\
|
| +// syntax.
|
| +TEST(NamedPipePolicyTest, CreatePipeCanonicalization) {
|
| + // "For file I/O, the "\\?\" prefix to a path string tells the Windows APIs to
|
| + // disable all string parsing and to send the string that follows it straight
|
| + // to the file system."
|
| + // http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx
|
| + wchar_t* argv[2] = { L"\\\\?\\pipe\\test\\..\\bleh",
|
| + L"\\Device\\NamedPipe\\test" };
|
| + EXPECT_EQ(SBOX_TEST_SUCCEEDED, NamedPipe_Create(2, argv));
|
| }
|
|
|
| // The same test as CreatePipe but this time using strict interceptions.
|
| @@ -73,6 +127,13 @@ TEST(NamedPipePolicyTest, CreatePipeStrictInterceptions) {
|
|
|
| EXPECT_EQ(SBOX_TEST_SUCCEEDED,
|
| runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
|
| +
|
| + // On XP, the sandbox can create a pipe without any help but it fails on
|
| + // Vista+, this is why we do not test the "denied" case.
|
| + if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
|
| + EXPECT_EQ(SBOX_TEST_DENIED,
|
| + runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh"));
|
| + }
|
| }
|
|
|
| } // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 145553007:
Correctly test for canonicalized path in the CreateNamedPipe policy engine. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src