Issue 1985523002: [mojo-edk] Better validation of untrusted message data - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(249)

My Issues | Starred Open | Closed | All

Issue 1985523002: [mojo-edk] Better validation of untrusted message data (Closed)

Created:
4 years, 7 months ago by Ken Rockot(use gerrit already)

Modified:
4 years, 7 months ago

Reviewers:
Oliver Chang, Anand Mistry (off Chromium)

CC:
Aaron Boodman, abarth-chromium, ben+mojo_chromium.org, chromium-reviews, darin (slow to review), qsr+mojo_chromium.org, viettrungluu+watch_chromium.org, yzshen+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

[mojo-edk] Better validation of untrusted message data Adds some more sanity checks to close a Channel if it receives bad data. BUG=611887 R=amistry@chromium.org,ochang@chromium.org Committed: https://crrev.com/8eb4c80b7558a1bdd547e24b6b129b0d84223b21 Cr-Commit-Position: refs/heads/master@{#393874}

Patch Set 1 : #

Patch Set 2 : #

Total comments: 7

Patch Set 3 : #

Total comments: 2

Patch Set 4 : #

Total comments: 1

Patch Set 5 : #

Created: 4 years, 7 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+101 lines, -53 lines)			Patch
	M	mojo/edk/system/channel.h	View		1 chunk	+14 lines, -6 lines	0 comments	Download
	M	mojo/edk/system/channel.cc	View	1 2	6 chunks	+38 lines, -14 lines	0 comments	Download
	M	mojo/edk/system/channel_posix.cc	View	1 2 3 4	4 chunks	+38 lines, -25 lines	0 comments	Download
	M	mojo/edk/system/channel_win.cc	View	1 2 3	2 chunks	+11 lines, -8 lines	0 comments	Download

Dependent Patchsets:

Issue 1985773002 Patch 1

Messages

Total messages: 17 (5 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Ken Rockot(use gerrit already)

Please take a look. I've combed through the Channel code and fixed any potential problems ...

4 years, 7 months ago (2016-05-15 06:43:53 UTC) #3

Anand Mistry (off Chromium)

https://codereview.chromium.org/1985523002/diff/60001/mojo/edk/system/channel.cc File mojo/edk/system/channel.cc (right): https://codereview.chromium.org/1985523002/diff/60001/mojo/edk/system/channel.cc#newcode153 mojo/edk/system/channel.cc:153: uint32_t max_handles = extra_header_size / sizeof(MachPortsEntry); Hm. This reminds ...

4 years, 7 months ago (2016-05-16 04:27:48 UTC) #4

Ken Rockot(use gerrit already)

https://codereview.chromium.org/1985523002/diff/60001/mojo/edk/system/channel.cc File mojo/edk/system/channel.cc (right): https://codereview.chromium.org/1985523002/diff/60001/mojo/edk/system/channel.cc#newcode153 mojo/edk/system/channel.cc:153: uint32_t max_handles = extra_header_size / sizeof(MachPortsEntry); On 2016/05/16 at ...

4 years, 7 months ago (2016-05-16 04:39:14 UTC) #5

Anand Mistry (off Chromium)

LGTM https://codereview.chromium.org/1985523002/diff/60001/mojo/edk/system/channel.cc File mojo/edk/system/channel.cc (right): https://codereview.chromium.org/1985523002/diff/60001/mojo/edk/system/channel.cc#newcode540 mojo/edk/system/channel.cc:540: header->num_header_bytes > header->num_bytes) On 2016/05/16 04:39:14, Ken Rockot ...

4 years, 7 months ago (2016-05-16 04:45:51 UTC) #6

Ken Rockot(use gerrit already)

ochang@ mind taking a look for security?

4 years, 7 months ago (2016-05-16 13:59:49 UTC) #7

Oliver Chang

https://codereview.chromium.org/1985523002/diff/80001/mojo/edk/system/channel_win.cc File mojo/edk/system/channel_win.cc (right): https://codereview.chromium.org/1985523002/diff/80001/mojo/edk/system/channel_win.cc#newcode122 mojo/edk/system/channel_win.cc:122: size_t handles_size = sizeof(PlatformHandle) * num_handles; |num_handles| here is ...

4 years, 7 months ago (2016-05-16 17:11:34 UTC) #8

Ken Rockot(use gerrit already)

https://codereview.chromium.org/1985523002/diff/80001/mojo/edk/system/channel_win.cc File mojo/edk/system/channel_win.cc (right): https://codereview.chromium.org/1985523002/diff/80001/mojo/edk/system/channel_win.cc#newcode122 mojo/edk/system/channel_win.cc:122: size_t handles_size = sizeof(PlatformHandle) * num_handles; On 2016/05/16 at ...

4 years, 7 months ago (2016-05-16 17:15:32 UTC) #9

Oliver Chang

lgtm, thanks for the fixes! https://codereview.chromium.org/1985523002/diff/100001/mojo/edk/system/channel_posix.cc File mojo/edk/system/channel_posix.cc (right): https://codereview.chromium.org/1985523002/diff/100001/mojo/edk/system/channel_posix.cc#newcode136 mojo/edk/system/channel_posix.cc:136: size_t num_handles, could we ...

4 years, 7 months ago (2016-05-16 17:17:10 UTC) #10

Ken Rockot(use gerrit already)

On 2016/05/16 at 17:17:10, ochang wrote: > lgtm, thanks for the fixes! > > https://codereview.chromium.org/1985523002/diff/100001/mojo/edk/system/channel_posix.cc ...

4 years, 7 months ago (2016-05-16 17:23:48 UTC) #11

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1985523002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1985523002/120001

4 years, 7 months ago (2016-05-16 17:24:21 UTC) #14

commit-bot: I haz the power

4 years, 7 months ago (2016-05-16 18:26:42 UTC) #17

Message was sent while issue was closed.

Patchset 5 (id:??) landed as
https://crrev.com/8eb4c80b7558a1bdd547e24b6b129b0d84223b21
Cr-Commit-Position: refs/heads/master@{#393874}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Powered by Google App Engine

This is Rietveld 408576698