Make TransportData (and thus MessageInTransit) be able to simply carry platform handles.

mojo/edk/system/transport_data.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/edk/system/transport_data.h"
 
 #include <string.h>
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
@@ skipping 173 matching lines @@
     current_offset = MessageInTransit::RoundUpMessageAlignment(current_offset);
   }
 
   // There's no aligned realloc, so it's no good way to release unused space (if
   // we overshot our estimated space requirements).
   buffer_size_ = current_offset;
 
   // |dispatchers_| will be destroyed as it goes out of scope.
 }
 
-#if defined(OS_POSIX)
 TransportData::TransportData(
     embedder::ScopedPlatformHandleVectorPtr platform_handles)
     : buffer_size_(sizeof(Header)), platform_handles_(platform_handles.Pass()) {
   buffer_.reset(static_cast<char*>(
       base::AlignedAlloc(buffer_size_, MessageInTransit::kMessageAlignment)));
   memset(buffer_.get(), 0, buffer_size_);
+
+  Header* header = reinterpret_cast<Header*>(buffer_.get());
+  header->num_platform_handles =
+      static_cast<uint32_t>(platform_handles_->size());
 }
-#endif  // defined(OS_POSIX)
 
 TransportData::~TransportData() {
 }
 
 // static
 const char* TransportData::ValidateBuffer(
     size_t serialized_platform_handle_size,
     const void* buffer,
     size_t buffer_size) {
   DCHECK(buffer);
   DCHECK_GT(buffer_size, 0u);
 
   // Always make sure that the buffer size is sane; if it's not, someone's
   // messing with us.
   if (buffer_size < sizeof(Header) || buffer_size > GetMaxBufferSize() ||
       buffer_size % MessageInTransit::kMessageAlignment != 0)
     return "Invalid message secondary buffer size";
 
   const Header* header = static_cast<const Header*>(buffer);
   const size_t num_handles = header->num_handles;
 
-#if !defined(OS_POSIX)
-  // On POSIX, we send control messages with platform handles (but no handles)
-  // attached (see the comments for
-  // |TransportData(embedder::ScopedPlatformHandleVectorPtr)|. (This check isn't
-  // important security-wise anyway.)
-  if (num_handles == 0)
-    return "Message has no handles attached, but secondary buffer present";
-#endif
-
   // Sanity-check |num_handles| (before multiplying it against anything).
   if (num_handles > GetConfiguration().max_message_num_handles)
     return "Message handle payload too large";
 
   if (buffer_size < sizeof(Header) + num_handles * sizeof(HandleTableEntry))
     return "Message secondary buffer too small";
 
   if (header->num_platform_handles == 0) {
     // Then |platform_handle_table_offset| should also be zero.
     if (header->platform_handle_table_offset != 0) {
       return "Message has no handles attached, but platform handle table "
              "present";
     }
   } else {
-    // |num_handles| has already been validated, so the multiplication is okay.
     if (header->num_platform_handles >
-        num_handles * kMaxSerializedDispatcherPlatformHandles)
+        GetConfiguration().max_message_num_handles *
+            kMaxSerializedDispatcherPlatformHandles)
       return "Message has too many platform handles attached";
 
     static const char kInvalidPlatformHandleTableOffset[] =
         "Message has invalid platform handle table offset";
     // This doesn't check that the platform handle table doesn't alias other
     // stuff, but it doesn't matter, since it's all read-only.
     if (header->platform_handle_table_offset %
             MessageInTransit::kMessageAlignment !=
         0)
       return kInvalidPlatformHandleTableOffset;
@@ skipping 75 matching lines @@
     const void* source = static_cast<const char*>(buffer) + offset;
     (*dispatchers)[i] = Dispatcher::TransportDataAccess::Deserialize(
         channel, handle_table[i].type, source, size, platform_handles.get());
   }
 
   return dispatchers.Pass();
 }
 
 }  // namespace system
 }  // namespace mojo