Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(337)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/child_thread_impl.cc

Issue 2268603002: Avoid UAF on ConnectionFilter impls (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/public/common/connection_filter.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/child_thread_impl.h" 5 #include "content/child/child_thread_impl.h"
6 6
7 #include <signal.h> 7 #include <signal.h>
8 #include <string> 8 #include <string>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after
250 platform_channel.reset(mojo::edk::PlatformHandle( 250 platform_channel.reset(mojo::edk::PlatformHandle(
251 base::GlobalDescriptors::GetInstance()->Get(kMojoIPCChannel))); 251 base::GlobalDescriptors::GetInstance()->Get(kMojoIPCChannel)));
252 #endif 252 #endif
253 // Mojo isn't supported on all child process types. 253 // Mojo isn't supported on all child process types.
254 // TODO(crbug.com/604282): Support Mojo in the remaining processes. 254 // TODO(crbug.com/604282): Support Mojo in the remaining processes.
255 if (!platform_channel.is_valid()) 255 if (!platform_channel.is_valid())
256 return; 256 return;
257 mojo::edk::SetParentPipeHandle(std::move(platform_channel)); 257 mojo::edk::SetParentPipeHandle(std::move(platform_channel));
258 } 258 }
259 259
260 class ChannelBootstrapFilter 260 class ChannelBootstrapFilter : public ConnectionFilter {
261 : public ConnectionFilter,
262 public shell::InterfaceFactory<IPC::mojom::ChannelBootstrap> {
263 public: 261 public:
264 explicit ChannelBootstrapFilter(IPC::mojom::ChannelBootstrapPtrInfo bootstrap) 262 explicit ChannelBootstrapFilter(IPC::mojom::ChannelBootstrapPtrInfo bootstrap)
265 : bootstrap_(std::move(bootstrap)) {} 263 : bootstrap_(std::move(bootstrap)), weak_factory_(this) {}
266 264
267 private: 265 private:
268 // ConnectionFilter: 266 // ConnectionFilter:
269 bool OnConnect(const shell::Identity& remote_identity, 267 bool OnConnect(const shell::Identity& remote_identity,
270 shell::InterfaceRegistry* registry, 268 shell::InterfaceRegistry* registry,
271 shell::Connector* connector) override { 269 shell::Connector* connector) override {
272 if (remote_identity.name() != kBrowserMojoApplicationName) 270 if (remote_identity.name() != kBrowserMojoApplicationName)
273 return false; 271 return false;
274 272
275 registry->AddInterface<IPC::mojom::ChannelBootstrap>(this); 273 registry->AddInterface(base::Bind(&ChannelBootstrapFilter::CreateBootstrap,
274 weak_factory_.GetWeakPtr()));
276 return true; 275 return true;
277 } 276 }
278 277
279 // shell::InterfaceFactory<IPC::mojom::ChannelBootstrap>: 278 void CreateBootstrap(IPC::mojom::ChannelBootstrapRequest request) {
280 void Create(const shell::Identity& remote_identity,
281 IPC::mojom::ChannelBootstrapRequest request) override {
282 DCHECK(bootstrap_.is_valid()); 279 DCHECK(bootstrap_.is_valid());
283 mojo::FuseInterface(std::move(request), std::move(bootstrap_)); 280 mojo::FuseInterface(std::move(request), std::move(bootstrap_));
284 } 281 }
285 282
286 IPC::mojom::ChannelBootstrapPtrInfo bootstrap_; 283 IPC::mojom::ChannelBootstrapPtrInfo bootstrap_;
284 base::WeakPtrFactory<ChannelBootstrapFilter> weak_factory_;
287 285
288 DISALLOW_COPY_AND_ASSIGN(ChannelBootstrapFilter); 286 DISALLOW_COPY_AND_ASSIGN(ChannelBootstrapFilter);
289 }; 287 };
290 288
291 } // namespace 289 } // namespace
292 290
293 ChildThread* ChildThread::Get() { 291 ChildThread* ChildThread::Get() {
294 return ChildThreadImpl::current(); 292 return ChildThreadImpl::current();
295 } 293 }
296 294
(...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after
849 void ChildThreadImpl::EnsureConnected() { 847 void ChildThreadImpl::EnsureConnected() {
850 VLOG(0) << "ChildThreadImpl::EnsureConnected()"; 848 VLOG(0) << "ChildThreadImpl::EnsureConnected()";
851 base::Process::Current().Terminate(0, false); 849 base::Process::Current().Terminate(0, false);
852 } 850 }
853 851
854 bool ChildThreadImpl::IsInBrowserProcess() const { 852 bool ChildThreadImpl::IsInBrowserProcess() const {
855 return static_cast<bool>(browser_process_io_runner_); 853 return static_cast<bool>(browser_process_io_runner_);
856 } 854 }
857 855
858 } // namespace content 856 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/public/common/connection_filter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698