mojo/public/cpp/bindings/lib/message_header_validator.cc - Issue 229683005: Validate MessageHeader before using

Unified Diff: mojo/public/cpp/bindings/lib/message_header_validator.cc

Issue 229683005: Validate MessageHeader before using (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: remove validation_interfaces.mojom for now Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« mojo/public/cpp/bindings/lib/message_header_validator.h ('K') | « mojo/public/cpp/bindings/lib/message_header_validator.h ('k') | mojo/public/cpp/bindings/tests/validation_unittest.cc » ('j') | mojo/public/cpp/bindings/tests/validation_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: mojo/public/cpp/bindings/lib/message_header_validator.cc

diff --git a/mojo/public/cpp/bindings/lib/message_header_validator.cc b/mojo/public/cpp/bindings/lib/message_header_validator.cc

new file mode 100644

index 0000000000000000000000000000000000000000..889840b3a5c9fd90017c87445064d56b6da340bd

--- /dev/null

+++ b/mojo/public/cpp/bindings/lib/message_header_validator.cc

@@ -0,0 +1,65 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "mojo/public/cpp/bindings/lib/message_header_validator.h"

+#include "mojo/public/cpp/bindings/lib/bindings_serialization.h"

+namespace mojo {

+namespace internal {

+namespace {

+bool IsValidMessageHeader(const internal::MessageHeader* header) {

+ // Validate num_bytes

+ if (header->num_bytes < sizeof(internal::MessageHeader))

+ return false;

+ if (internal::Align(header->num_bytes) != header->num_bytes)

+ return false;

+ // Validate num_fields

+ if (header->num_fields < 2)

+ return false;

+ if (header->num_fields == 2 &&

viettrungluu 2014/04/25 21:55:59 Probably this should be structured as: if (header

darin (slow to review) 2014/04/29 06:31:45 Done.

+ header->num_bytes != sizeof(internal::MessageHeader))

+ return false;

+ if (header->num_fields == 3 &&

+ header->num_bytes != sizeof(internal::MessageHeaderWithRequestID))

+ return false;

+ // Validate flags

+ if (header->flags &

viettrungluu 2014/04/25 21:55:59 Do we want to disallow future flags?

darin (slow to review) 2014/04/29 06:31:45 No, I don't think we do. Revising code.

+ ~(internal::kMessageExpectsResponse | internal::kMessageIsResponse))

+ return false;

+ if ((header->flags & internal::kMessageExpectsResponse) &&

+ header->num_fields < 3)

+ return false;

+ if ((header->flags & internal::kMessageIsResponse) &&

+ header->num_fields < 3)

+ return false;

viettrungluu 2014/04/25 21:55:59 Also check that "expects response" and "is respons

darin (slow to review) 2014/04/29 06:31:45 Done.

+ return true;

+} // namespace

+MessageHeaderValidator::MessageHeaderValidator(MessageReceiver* next)

+ : next_(next) {

+ assert(next);

+bool MessageHeaderValidator::Accept(Message* message) {

+ if (!IsValidMessageHeader(message->header()))

+ return false; // Simulate an unhappy receiver.

+ return next_->Accept(message);

+bool MessageHeaderValidator::AcceptWithResponder(Message* message,

+ MessageReceiver* responder) {

+ assert(false); // Not reached!

+ return false;

+} // namespace internal

+} // namespace mojo