IndexedDB: Pass url::Origin rather than GURL over IPC

content/browser/indexed_db/indexed_db_dispatcher_host.cc

Index: content/browser/indexed_db/indexed_db_dispatcher_host.cc
diff --git a/content/browser/indexed_db/indexed_db_dispatcher_host.cc b/content/browser/indexed_db/indexed_db_dispatcher_host.cc
index 9613809a9ad01ba66f206753b51e71b5527c8f0b..56993ca12228ed34722e35f37d3ca611ba728273 100644
--- a/content/browser/indexed_db/indexed_db_dispatcher_host.cc
+++ b/content/browser/indexed_db/indexed_db_dispatcher_host.cc
@@ -44,6 +44,14 @@ using blink::WebIDBKey;
 
 namespace content {
 
+namespace {
+
+bool IsValidOrigin(const url::Origin& origin) {
+  return !origin.unique();
+}
+
+}  // namespace
+
 IndexedDBDispatcherHost::IndexedDBDispatcherHost(
     int ipc_process_id,
     net::URLRequestContextGetter* request_context_getter,
@@ -311,8 +319,13 @@ IndexedDBCursor* IndexedDBDispatcherHost::GetCursorFromId(
 void IndexedDBDispatcherHost::OnIDBFactoryGetDatabaseNames(
     const IndexedDBHostMsg_FactoryGetDatabaseNames_Params& params) {
   DCHECK(indexed_db_context_->TaskRunner()->RunsTasksOnCurrentThread());
-  base::FilePath indexed_db_path = indexed_db_context_->data_path();
 
+  if (!IsValidOrigin(params.origin)) {
+    bad_message::ReceivedBadMessage(this, bad_message::IDBDH_INVALID_ORIGIN);

[Charlie Reis, 2016/04/13 20:21:07]

You're using the same value in multiple places, which means you won't be able to
distinguish which IPC is to blame if this kill happens in practice.  Maybe
that's fine for now, and you can split them apart if it turns out that you see a
bunch in the wild?

(Don't forget to check the histogram after a few days on Dev Channel, or
subscribe to alerts.)

[jsbell, 2016/04/13 21:52:45]

Yeah, this would only happen if (1) we've got a bug and allowing an invalid
origin to start using Indexed DB (so any IPC is equally bad, and has a common
fix) or (2) the renderer is corrupted/compromised.

+    return;
+  }
+
+  base::FilePath indexed_db_path = indexed_db_context_->data_path();
   context()->GetIDBFactory()->GetDatabaseNames(
       new IndexedDBCallbacks(this, params.ipc_thread_id,
                              params.ipc_callbacks_id),
@@ -322,6 +335,12 @@ void IndexedDBDispatcherHost::OnIDBFactoryGetDatabaseNames(
 void IndexedDBDispatcherHost::OnIDBFactoryOpen(
     const IndexedDBHostMsg_FactoryOpen_Params& params) {
   DCHECK(indexed_db_context_->TaskRunner()->RunsTasksOnCurrentThread());
+
+  if (!IsValidOrigin(params.origin)) {
+    bad_message::ReceivedBadMessage(this, bad_message::IDBDH_INVALID_ORIGIN);
+    return;
+  }
+
   base::TimeTicks begin_time = base::TimeTicks::Now();
   base::FilePath indexed_db_path = indexed_db_context_->data_path();
 
@@ -331,7 +350,8 @@ void IndexedDBDispatcherHost::OnIDBFactoryOpen(
   // created) if this origin is already over quota.
   scoped_refptr<IndexedDBCallbacks> callbacks = new IndexedDBCallbacks(
       this, params.ipc_thread_id, params.ipc_callbacks_id,
-      params.ipc_database_callbacks_id, host_transaction_id, params.origin);
+      params.ipc_database_callbacks_id, host_transaction_id,
+      GURL(params.origin.Serialize()));
   callbacks->SetConnectionOpenStartTime(begin_time);
   scoped_refptr<IndexedDBDatabaseCallbacks> database_callbacks =
       new IndexedDBDatabaseCallbacks(
@@ -349,6 +369,12 @@ void IndexedDBDispatcherHost::OnIDBFactoryOpen(
 void IndexedDBDispatcherHost::OnIDBFactoryDeleteDatabase(
     const IndexedDBHostMsg_FactoryDeleteDatabase_Params& params) {
   DCHECK(indexed_db_context_->TaskRunner()->RunsTasksOnCurrentThread());
+
+  if (!IsValidOrigin(params.origin)) {
+    bad_message::ReceivedBadMessage(this, bad_message::IDBDH_INVALID_ORIGIN);
+    return;
+  }
+
   base::FilePath indexed_db_path = indexed_db_context_->data_path();
   DCHECK(request_context_);
   context()->GetIDBFactory()->DeleteDatabase(