Index: mojo/edk/system/node_channel.cc |
diff --git a/mojo/edk/system/node_channel.cc b/mojo/edk/system/node_channel.cc |
index 0277d46c4160ba158682587fcac1d1a4cac41e64..c23fb0f5b0eff12eaf1ea1b06de24d093fa7d417 100644 |
--- a/mojo/edk/system/node_channel.cc |
+++ b/mojo/edk/system/node_channel.cc |
@@ -194,6 +194,20 @@ void NodeChannel::SetRemoteNodeName(const ports::NodeName& name) { |
remote_node_name_ = name; |
} |
+void NodeChannel::SetExpectedSecret(const std::string& secret) { |
+#if !defined(OS_WIN) |
+ // Ensure we aren't expecting a secret on non-Windows. |
+ CHECK(secret.empty()); |
+#endif |
+ expected_secret_ = secret; |
+} |
+ |
+void NodeChannel::SendSecret(const std::string& secret) { |
+ Channel::MessagePtr message(new Channel::Message(secret.size(), 0)); |
+ memcpy(message->mutable_payload(), secret.data(), secret.size()); |
+ WriteChannelMessage(std::move(message)); |
+} |
+ |
void NodeChannel::AcceptChild(const ports::NodeName& parent_name, |
const ports::NodeName& token) { |
AcceptChildData* data; |
@@ -337,6 +351,18 @@ void NodeChannel::OnChannelMessage(const void* payload, |
ScopedPlatformHandleVectorPtr handles) { |
DCHECK(io_task_runner_->RunsTasksOnCurrentThread()); |
+ if (!expected_secret_.empty()) { |
+ // If we're expecting a secret string, that takes precedence over everything |
+ // else. |
+ if (std::string(static_cast<const char*>(payload), payload_size) != |
+ expected_secret_) { |
+ LOG(ERROR) << "Received invalid secret from peer. Dropping channel."; |
+ delegate_->OnChannelError(remote_node_name_); |
+ } |
+ expected_secret_.clear(); |
+ return; |
+ } |
+ |
#if defined(OS_WIN) |
// If we receive handles from a known process, rewrite them to our own |
// process. This can occur when a privileged node receives handles directly |