| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "mojo/public/cpp/bindings/lib/message_header_validator.h" |
| 6 |
| 7 #include "mojo/public/cpp/bindings/lib/bindings_serialization.h" |
| 8 |
| 9 namespace mojo { |
| 10 namespace internal { |
| 11 namespace { |
| 12 |
| 13 bool IsValidMessageHeader(const internal::MessageHeader* header) { |
| 14 // NOTE: Our goal is to preserve support for future extension of the message |
| 15 // header. If we encounter fields we do not understand, we must ignore them. |
| 16 |
| 17 // Validate num_bytes: |
| 18 |
| 19 if (header->num_bytes < sizeof(internal::MessageHeader)) |
| 20 return false; |
| 21 if (internal::Align(header->num_bytes) != header->num_bytes) |
| 22 return false; |
| 23 |
| 24 // Validate num_fields: |
| 25 |
| 26 if (header->num_fields < 2) |
| 27 return false; |
| 28 if (header->num_fields == 2) { |
| 29 if (header->num_bytes != sizeof(internal::MessageHeader)) |
| 30 return false; |
| 31 } else if (header->num_fields == 3) { |
| 32 if (header->num_bytes != sizeof(internal::MessageHeaderWithRequestID)) |
| 33 return false; |
| 34 } else if (header->num_fields > 3) { |
| 35 if (header->num_bytes < sizeof(internal::MessageHeaderWithRequestID)) |
| 36 return false; |
| 37 } |
| 38 |
| 39 // Validate flags (allow unknown bits): |
| 40 |
| 41 // These flags require a RequestID. |
| 42 if (header->num_fields < 3 && |
| 43 ((header->flags & internal::kMessageExpectsResponse) || |
| 44 (header->flags & internal::kMessageIsResponse))) |
| 45 return false; |
| 46 |
| 47 // These flags are mutually exclusive. |
| 48 if ((header->flags & internal::kMessageExpectsResponse) && |
| 49 (header->flags & internal::kMessageIsResponse)) |
| 50 return false; |
| 51 |
| 52 return true; |
| 53 } |
| 54 |
| 55 } // namespace |
| 56 |
| 57 MessageHeaderValidator::MessageHeaderValidator(MessageReceiver* next) |
| 58 : next_(next) { |
| 59 assert(next); |
| 60 } |
| 61 |
| 62 bool MessageHeaderValidator::Accept(Message* message) { |
| 63 // Make sure the message header isn't truncated before we start to read it. |
| 64 if (message->data_num_bytes() < message->header()->num_bytes) |
| 65 return false; |
| 66 |
| 67 if (!IsValidMessageHeader(message->header())) |
| 68 return false; |
| 69 |
| 70 return next_->Accept(message); |
| 71 } |
| 72 |
| 73 bool MessageHeaderValidator::AcceptWithResponder(Message* message, |
| 74 MessageReceiver* responder) { |
| 75 assert(false); // Not reached! |
| 76 return false; |
| 77 } |
| 78 |
| 79 } // namespace internal |
| 80 } // namespace mojo |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 229683005:
Validate MessageHeader before using (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src