Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/content_settings/content_settings_policy_provider.cc

Issue 335103002: Fix a potential use-after-free after JSONReader::Read. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/content_settings/content_settings_policy_provider.h" 5 #include "chrome/browser/content_settings/content_settings_policy_provider.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/json/json_reader.h" 10 #include "base/json/json_reader.h"
(...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after
346 base::JSON_ALLOW_TRAILING_COMMAS)); 346 base::JSON_ALLOW_TRAILING_COMMAS));
347 if (!value || !value->IsType(base::Value::TYPE_DICTIONARY)) { 347 if (!value || !value->IsType(base::Value::TYPE_DICTIONARY)) {
348 VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:" 348 VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:"
349 " Invalid JSON object: " << pattern_filter_json; 349 " Invalid JSON object: " << pattern_filter_json;
350 continue; 350 continue;
351 } 351 }
352 352
353 scoped_ptr<base::DictionaryValue> pattern_filter_pair( 353 scoped_ptr<base::DictionaryValue> pattern_filter_pair(
354 static_cast<base::DictionaryValue*>(value.release())); 354 static_cast<base::DictionaryValue*>(value.release()));
355 std::string pattern_str; 355 std::string pattern_str;
356 bool pattern_read = pattern_filter_pair->GetString("pattern", &pattern_str); 356 bool pattern_read = pattern_filter_pair->GetStringWithoutPathExpansion(
357 scoped_ptr<base::Value> cert_filter; 357 "pattern", &pattern_str);
358 bool filter_read = pattern_filter_pair->Remove("filter", &cert_filter); 358 base::DictionaryValue* cert_filter = NULL;
359 if (!pattern_read || !filter_read || 359 pattern_filter_pair->GetDictionaryWithoutPathExpansion("filter",
360 !cert_filter->IsType(base::Value::TYPE_DICTIONARY)) { 360 &cert_filter);
361 if (!pattern_read || !cert_filter) {
361 VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:" 362 VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:"
362 " Missing pattern or filter."; 363 " Missing pattern or filter.";
363 continue; 364 continue;
364 } 365 }
365 366
366 ContentSettingsPattern pattern = 367 ContentSettingsPattern pattern =
367 ContentSettingsPattern::FromString(pattern_str); 368 ContentSettingsPattern::FromString(pattern_str);
368 // Ignore invalid patterns. 369 // Ignore invalid patterns.
369 if (!pattern.IsValid()) { 370 if (!pattern.IsValid()) {
370 VLOG(1) << "Ignoring invalid certificate auto select setting:" 371 VLOG(1) << "Ignoring invalid certificate auto select setting:"
371 " Invalid content settings pattern: " << pattern; 372 " Invalid content settings pattern: " << pattern;
372 continue; 373 continue;
373 } 374 }
374 375
376 // Don't pass removed values from |value|, because base::Values read with
377 // JSONReader use a shared string buffer. Instead, DeepCopy here.
375 value_map->SetValue(pattern, 378 value_map->SetValue(pattern,
376 ContentSettingsPattern::Wildcard(), 379 ContentSettingsPattern::Wildcard(),
377 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, 380 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
378 std::string(), 381 std::string(),
379 cert_filter.release()); 382 cert_filter->DeepCopy());
380 } 383 }
381 } 384 }
382 385
383 void PolicyProvider::ReadManagedDefaultSettings() { 386 void PolicyProvider::ReadManagedDefaultSettings() {
384 for (size_t type = 0; type < arraysize(kPrefToManageType); ++type) { 387 for (size_t type = 0; type < arraysize(kPrefToManageType); ++type) {
385 if (kPrefToManageType[type] == NULL) { 388 if (kPrefToManageType[type] == NULL) {
386 continue; 389 continue;
387 } 390 }
388 UpdateManagedDefaultSetting(ContentSettingsType(type)); 391 UpdateManagedDefaultSetting(ContentSettingsType(type));
389 } 392 }
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
488 ReadManagedDefaultSettings(); 491 ReadManagedDefaultSettings();
489 } 492 }
490 493
491 NotifyObservers(ContentSettingsPattern(), 494 NotifyObservers(ContentSettingsPattern(),
492 ContentSettingsPattern(), 495 ContentSettingsPattern(),
493 CONTENT_SETTINGS_TYPE_DEFAULT, 496 CONTENT_SETTINGS_TYPE_DEFAULT,
494 std::string()); 497 std::string());
495 } 498 }
496 499
497 } // namespace content_settings 500 } // namespace content_settings
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698