sandbox/mac/launchd_interception_server.cc - Issue 306123012: Do not double-unref send rights when using POLICY_SUBSTITUE_PORT.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/mac/launchd_interception_server.cc

Issue 306123012: Do not double-unref send rights when using POLICY_SUBSTITUE_PORT. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/mac/launchd_interception_server.cc

diff --git a/sandbox/mac/launchd_interception_server.cc b/sandbox/mac/launchd_interception_server.cc

index 919f207ba84f4f9dd206e3ca0d07114dab42cd7b..3cb1821b3951971d25b64d161ae3c03eceeef765 100644

--- a/sandbox/mac/launchd_interception_server.cc

+++ b/sandbox/mac/launchd_interception_server.cc

@@ -76,6 +76,12 @@ bool LaunchdInterceptionServer::Initialize() {

return false;

}

sandbox_port_.reset(port);

+ if ((kr = mach_port_insert_right(task, sandbox_port_, sandbox_port_,

+ MACH_MSG_TYPE_MAKE_SEND) != KERN_SUCCESS)) {

+ MACH_LOG(ERROR, kr) << "Failed to allocate dummy sandbox port send right.";

+ return false;

+ }

+ sandbox_send_port_.reset(sandbox_port_);

// Set up the dispatch queue to service the bootstrap port.

// TODO(rsesek): Specify DISPATCH_QUEUE_SERIAL, in the 10.7 SDK. NULL means

@@ -216,16 +222,13 @@ void LaunchdInterceptionServer::HandleLookUp(mach_msg_header_t* request,

else

result_port = rule.substitute_port;

- // Grant an additional send right on the result_port so that it can be

- // sent to the sandboxed child process.

- kern_return_t kr = mach_port_insert_right(mach_task_self(),

- result_port, result_port, MACH_MSG_TYPE_MAKE_SEND);

- if (kr != KERN_SUCCESS) {

- MACH_LOG(ERROR, kr) << "Unable to insert right on result_port.";

- }

compat_shim_.look_up2_fill_reply(reply, result_port);

- SendReply(reply);

+ // If the message was sent successfully, clear the result_port out of the

+ // message so that it is not destroyed at the end of ReceiveMessage. The

+ // above-inserted right has been moved out of the process, and destroying

+ // the message will unref yet another right.

+ if (SendReply(reply))

+ compat_shim_.look_up2_fill_reply(reply, MACH_PORT_NULL);

} else {

NOTREACHED();

}

@@ -246,12 +249,12 @@ void LaunchdInterceptionServer::HandleSwapInteger(mach_msg_header_t* request,

}

-void LaunchdInterceptionServer::SendReply(mach_msg_header_t* reply) {

+bool LaunchdInterceptionServer::SendReply(mach_msg_header_t* reply) {

kern_return_t kr = mach_msg(reply, MACH_SEND_MSG, reply->msgh_size, 0,

MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);

- if (kr != KERN_SUCCESS) {

- MACH_LOG(ERROR, kr) << "Unable to send intercepted reply message.";

- }

+ MACH_LOG_IF(ERROR, kr != KERN_SUCCESS, kr)

+ << "Unable to send intercepted reply message.";

+ return kr == KERN_SUCCESS;

}

void LaunchdInterceptionServer::ForwardMessage(mach_msg_header_t* request,

« sandbox/mac/launchd_interception_server.h ('K') | « sandbox/mac/launchd_interception_server.h ('k') | sandbox/mac/os_compatibility.cc » ('j') | no next file with comments »