Chromium Code Reviews Chromium Code Reviews
Issue 2629783002:
Upload crash reports when ExtensionFunctions generate bad messages. (Closed)
| Index: extensions/browser/extension_function_dispatcher.cc |
| diff --git a/extensions/browser/extension_function_dispatcher.cc b/extensions/browser/extension_function_dispatcher.cc |
| index 93a8b24c3b660e06693e848ba34715164f215b49..1c20603ef5adbf850a9103d9a3cbb7da83392b09 100644 |
| --- a/extensions/browser/extension_function_dispatcher.cc |
| +++ b/extensions/browser/extension_function_dispatcher.cc |
| @@ -31,6 +31,7 @@ |
| #include "content/public/browser/web_contents_observer.h" |
| #include "content/public/common/result_codes.h" |
| #include "extensions/browser/api_activity_monitor.h" |
| +#include "extensions/browser/bad_message.h" |
| #include "extensions/browser/extension_function_registry.h" |
| #include "extensions/browser/extension_registry.h" |
| #include "extensions/browser/extension_system.h" |
| @@ -79,43 +80,18 @@ struct Static { |
| }; |
| base::LazyInstance<Static> g_global_io_data = LAZY_INSTANCE_INITIALIZER; |
| -// Kills the specified process because it sends us a malformed message. |
| -// Track the specific function's |histogram_value|, as this may indicate a bug |
| -// in that API's implementation on the renderer. |
| -void KillBadMessageSender(const base::Process& process, |
| - functions::HistogramValue histogram_value) { |
| - // The renderer has done validation before sending extension api requests. |
| - // Therefore, we should never receive a request that is invalid in a way |
| - // that JSON validation in the renderer should have caught. It could be an |
| - // attacker trying to exploit the browser, so we crash the renderer instead. |
|
Charlie Reis
2017/01/13 21:22:25
Is there somewhere you can preserve this comment?
lazyboy
2017/01/14 01:04:43
Restored the comment.
|
| - LOG(ERROR) << "Terminating renderer because of malformed extension message."; |
| - if (content::RenderProcessHost::run_renderer_in_process()) { |
| - // In single process mode it is better if we don't suicide but just crash. |
| - CHECK(false); |
| - return; |
| - } |
| - |
| - NOTREACHED(); |
| +void LogBadMessage(functions::HistogramValue histogram_value) { |
| content::RecordAction(base::UserMetricsAction("BadMessageTerminate_EFD")); |
| + // Track the specific function's |histogram_value|, as this may indicate a |
| + // bug in that API's implementation. |
| UMA_HISTOGRAM_ENUMERATION("Extensions.BadMessageFunctionName", |
| histogram_value, functions::ENUM_BOUNDARY); |
| - if (process.IsValid()) |
| - process.Terminate(content::RESULT_CODE_KILLED_BAD_MESSAGE, false); |
| -} |
| - |
| -void KillBadMessageSenderRPH(content::RenderProcessHost* sender_process_host, |
| - functions::HistogramValue histogram_value) { |
| - base::Process peer_process = |
| - content::RenderProcessHost::run_renderer_in_process() |
| - ? base::Process::Current() |
| - : base::Process::DeprecatedGetProcessFromHandle( |
| - sender_process_host->GetHandle()); |
| - KillBadMessageSender(peer_process, histogram_value); |
| } |
| +template <class T> |
| void CommonResponseCallback(IPC::Sender* ipc_sender, |
| int routing_id, |
| - const base::Process& peer_process, |
| + T bad_message_sender, |
|
Devlin
2017/01/13 16:16:17
nitty nit: Let's use T* (so that T is RenderProces
lazyboy
2017/01/14 01:04:43
Done.
|
| int request_id, |
| ExtensionFunction::ResponseType type, |
| const base::ListValue& results, |
| @@ -124,7 +100,9 @@ void CommonResponseCallback(IPC::Sender* ipc_sender, |
| DCHECK(ipc_sender); |
| if (type == ExtensionFunction::BAD_MESSAGE) { |
| - KillBadMessageSender(peer_process, histogram_value); |
| + LogBadMessage(histogram_value); |
| + bad_message::ReceivedBadMessage(bad_message_sender, |
| + bad_message::EFD_BAD_MESSAGE); |
| return; |
| } |
| @@ -144,10 +122,8 @@ void IOThreadResponseCallback( |
| if (!ipc_sender.get()) |
| return; |
| - base::Process peer_process = |
| - base::Process::DeprecatedGetProcessFromHandle(ipc_sender->PeerHandle()); |
| - CommonResponseCallback(ipc_sender.get(), routing_id, peer_process, request_id, |
| - type, results, error, histogram_value); |
| + CommonResponseCallback(ipc_sender.get(), routing_id, ipc_sender.get(), |
| + request_id, type, results, error, histogram_value); |
| } |
| } // namespace |
| @@ -195,15 +171,10 @@ class ExtensionFunctionDispatcher::UIThreadResponseCallbackWrapper |
| const base::ListValue& results, |
| const std::string& error, |
| functions::HistogramValue histogram_value) { |
| - base::Process process = |
| - content::RenderProcessHost::run_renderer_in_process() |
| - ? base::Process::Current() |
| - : base::Process::DeprecatedGetProcessFromHandle( |
| - render_frame_host_->GetProcess()->GetHandle()); |
| CommonResponseCallback(render_frame_host_, |
| render_frame_host_->GetRoutingID(), |
| - process, request_id, type, results, error, |
| - histogram_value); |
| + render_frame_host_->GetProcess(), request_id, type, |
| + results, error, histogram_value); |
| } |
| base::WeakPtr<ExtensionFunctionDispatcher> dispatcher_; |
| @@ -266,7 +237,8 @@ class ExtensionFunctionDispatcher::UIThreadWorkerResponseCallbackWrapper |
| content::RenderProcessHost* sender = |
| content::RenderProcessHost::FromID(render_process_id_); |
| if (type == ExtensionFunction::BAD_MESSAGE) { |
| - KillBadMessageSenderRPH(sender, histogram_value); |
| + LogBadMessage(histogram_value); |
| + bad_message::ReceivedBadMessage(sender, bad_message::EFD_BAD_MESSAGE); |
|
Charlie Reis
2017/01/13 21:22:25
Please use a unique BadMessageReason in each Recei
lazyboy
2017/01/14 01:04:43
Done.
|
| return; |
| } |
| DCHECK(sender); |
