| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/threading/platform_thread.h" | 9 #include "base/threading/platform_thread.h" |
| 10 #include "base/win/scoped_handle.h" | 10 #include "base/win/scoped_handle.h" |
| (...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 290 | 290 |
| 291 // This downcast is safe as long as we control CreatePolicy() | 291 // This downcast is safe as long as we control CreatePolicy() |
| 292 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); | 292 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); |
| 293 | 293 |
| 294 // Construct the tokens and the job object that we are going to associate | 294 // Construct the tokens and the job object that we are going to associate |
| 295 // with the soon to be created target process. | 295 // with the soon to be created target process. |
| 296 HANDLE initial_token_temp; | 296 HANDLE initial_token_temp; |
| 297 HANDLE lockdown_token_temp; | 297 HANDLE lockdown_token_temp; |
| 298 DWORD win_result = policy_base->MakeTokens(&initial_token_temp, | 298 DWORD win_result = policy_base->MakeTokens(&initial_token_temp, |
| 299 &lockdown_token_temp); | 299 &lockdown_token_temp); |
| 300 if (ERROR_SUCCESS != win_result) |
| 301 return SBOX_ERROR_GENERIC; |
| 302 |
| 300 base::win::ScopedHandle initial_token(initial_token_temp); | 303 base::win::ScopedHandle initial_token(initial_token_temp); |
| 301 base::win::ScopedHandle lockdown_token(lockdown_token_temp); | 304 base::win::ScopedHandle lockdown_token(lockdown_token_temp); |
| 302 | 305 |
| 303 if (ERROR_SUCCESS != win_result) | |
| 304 return SBOX_ERROR_GENERIC; | |
| 305 | |
| 306 HANDLE job_temp; | 306 HANDLE job_temp; |
| 307 win_result = policy_base->MakeJobObject(&job_temp); | 307 win_result = policy_base->MakeJobObject(&job_temp); |
| 308 base::win::ScopedHandle job(job_temp); | 308 base::win::ScopedHandle job(job_temp); |
| 309 if (ERROR_SUCCESS != win_result) | 309 if (ERROR_SUCCESS != win_result) |
| 310 return SBOX_ERROR_GENERIC; | 310 return SBOX_ERROR_GENERIC; |
| 311 | 311 |
| 312 if (ERROR_ALREADY_EXISTS == ::GetLastError()) | 312 if (ERROR_ALREADY_EXISTS == ::GetLastError()) |
| 313 return SBOX_ERROR_GENERIC; | 313 return SBOX_ERROR_GENERIC; |
| 314 | 314 |
| 315 // Construct the thread pool here in case it is expensive. | 315 // Construct the thread pool here in case it is expensive. |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 396 peer_map_.erase(peer->id); | 396 peer_map_.erase(peer->id); |
| 397 return SBOX_ERROR_GENERIC; | 397 return SBOX_ERROR_GENERIC; |
| 398 } | 398 } |
| 399 | 399 |
| 400 // Release the pointer since it will be cleaned up by the callback. | 400 // Release the pointer since it will be cleaned up by the callback. |
| 401 peer.release(); | 401 peer.release(); |
| 402 return SBOX_ALL_OK; | 402 return SBOX_ALL_OK; |
| 403 } | 403 } |
| 404 | 404 |
| 405 } // namespace sandbox | 405 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10821018:
Remove use-after-free bug. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src