Change UnixDomainSocket::RecvMsg to return ScopedVector<base::ScopedFD>

sandbox/linux/services/broker_process.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/services/broker_process.h"
 
 #include <fcntl.h>
 #include <signal.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
+#include "base/memory/scoped_vector.h"
 #include "base/pickle.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/process/process_metrics.h"
 #include "base/third_party/valgrind/valgrind.h"
 #include "build/build_config.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 #if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC)
 #define MSG_CMSG_CLOEXEC 0x40000000
@@ skipping 278 matching lines @@
     NOTREACHED();
     return -ENOMEM;
   }
 }
 
 // Handle a request on the IPC channel ipc_socketpair_.
 // A request should have a file descriptor attached on which we will reply and
 // that we will then close.
 // A request should start with an int that will be used as the command type.
 bool BrokerProcess::HandleRequest() const {
-
-  std::vector<int> fds;
+  ScopedVector<base::ScopedFD> fds;
   char buf[kMaxMessageLength];
   errno = 0;
   const ssize_t msg_len = UnixDomainSocket::RecvMsg(ipc_socketpair_, buf,
                                                     sizeof(buf), &fds);
 
   if (msg_len == 0 || (msg_len == -1 && errno == ECONNRESET)) {
     // EOF from our parent, or our parent died, we should die.
     _exit(0);
   }
 
   // The parent should send exactly one file descriptor, on which we
   // will write the reply.
-  if (msg_len < 0 || fds.size() != 1 || fds.at(0) < 0) {
+  // TODO(mdempsky): ScopedVector doesn't have 'at()', only 'operator[]'.
+  if (msg_len < 0 || fds.size() != 1 || fds[0]->get() < 0) {
     PLOG(ERROR) << "Error reading message from the client";
-    // The client could try to DoS us by sending more file descriptors, so
-    // make sure we close them.
-    for (std::vector<int>::iterator it = fds.begin(); it != fds.end(); ++it) {
-      PCHECK(0 == IGNORE_EINTR(close(*it)));
-    }
     return false;
   }
 
-  base::ScopedFD temporary_ipc(fds.at(0));
+  base::ScopedFD temporary_ipc(fds[0]->Pass());
 
   Pickle pickle(buf, msg_len);
   PickleIterator iter(pickle);
   int command_type;
   if (pickle.ReadInt(&iter, &command_type)) {
     bool r = false;
     // Go through all the possible IPC messages.
     switch (command_type) {
       case kCommandAccess:
       case kCommandOpen:
@@ skipping 182 matching lines @@
           GetFileNameInWhitelist(allowed_w_files_, requested_filename,
                                  file_to_open);
       return allowed_for_read_and_write;
     }
     default:
       return false;
   }
 }
 
 }  // namespace sandbox.