Chromium Code Reviews Chromium Code Reviews
Issue 10824316:
Avoid calling GetNamedPipeClientProcessId() which is not available on XP. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/win/worker_process_launcher.h" | 5 #include "remoting/host/win/worker_process_launcher.h" |
| 6 | 6 |
| 7 #include <windows.h> | 7 #include <windows.h> |
| 8 #include <sddl.h> | 8 #include <sddl.h> |
| 9 #include <limits> | 9 #include <limits> |
| 10 | 10 |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 102 | 102 |
| 103 return delegate_->OnMessageReceived(message); | 103 return delegate_->OnMessageReceived(message); |
| 104 } | 104 } |
| 105 | 105 |
| 106 void WorkerProcessLauncher::OnChannelConnected(int32 peer_pid) { | 106 void WorkerProcessLauncher::OnChannelConnected(int32 peer_pid) { |
| 107 DCHECK(main_task_runner_->BelongsToCurrentThread()); | 107 DCHECK(main_task_runner_->BelongsToCurrentThread()); |
| 108 DCHECK(ipc_channel_.get() != NULL); | 108 DCHECK(ipc_channel_.get() != NULL); |
| 109 DCHECK(pipe_.IsValid()); | 109 DCHECK(pipe_.IsValid()); |
| 110 DCHECK(process_exit_event_.IsValid()); | 110 DCHECK(process_exit_event_.IsValid()); |
| 111 | 111 |
| 112 // Get the actual peer's PID (i.e. reported by the OS) instead of the PID | 112 // |peer_pid| is send by the client and cannot be trusted. |
| 113 // reported by the peer itself (|peer_pid|). | 113 // GetNamedPipeClientProcessId() is not available on XP. The pipe's security |
| 114 DWORD actual_peer_pid; | 114 // descriptor is the only protection we currently have against malicious |
| 115 if (!GetNamedPipeClientProcessId(pipe_, &actual_peer_pid)) { | 115 // clients. |
| 116 LOG_GETLASTERROR(ERROR) << "Failed to query the peer's PID"; | 116 // |
| 117 Stop(); | 117 // If we'd like to be able to launch low-privileged workers and let them to |
|
dcaiafa
2012/08/15 20:44:32
nit: "...let them connect..."
alexeypa (please no reviews)
2012/08/15 21:15:07
Done.
| |
| 118 return; | 118 // connect back, the pipe handle should be passed to the worker instead of |
| 119 } | 119 // the pipe name. |
| 120 | 120 delegate_->OnChannelConnected(); |
| 121 delegate_->OnChannelConnected(actual_peer_pid); | |
| 122 } | 121 } |
| 123 | 122 |
| 124 void WorkerProcessLauncher::OnChannelError() { | 123 void WorkerProcessLauncher::OnChannelError() { |
| 125 DCHECK(main_task_runner_->BelongsToCurrentThread()); | 124 DCHECK(main_task_runner_->BelongsToCurrentThread()); |
| 126 DCHECK(ipc_channel_.get() != NULL); | 125 DCHECK(ipc_channel_.get() != NULL); |
| 127 DCHECK(pipe_.IsValid()); | 126 DCHECK(pipe_.IsValid()); |
| 128 DCHECK(process_exit_event_.IsValid()); | 127 DCHECK(process_exit_event_.IsValid()); |
| 129 | 128 |
| 130 Stop(); | 129 Stop(); |
| 131 } | 130 } |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 202 } | 201 } |
| 203 | 202 |
| 204 // N.B. Copied from src/content/common/child_process_host_impl.cc | 203 // N.B. Copied from src/content/common/child_process_host_impl.cc |
| 205 std::string WorkerProcessLauncher::GenerateRandomChannelId() { | 204 std::string WorkerProcessLauncher::GenerateRandomChannelId() { |
| 206 return base::StringPrintf("%d.%p.%d", | 205 return base::StringPrintf("%d.%p.%d", |
| 207 base::GetCurrentProcId(), this, | 206 base::GetCurrentProcId(), this, |
| 208 base::RandInt(0, std::numeric_limits<int>::max())); | 207 base::RandInt(0, std::numeric_limits<int>::max())); |
| 209 } | 208 } |
| 210 | 209 |
| 211 } // namespace remoting | 210 } // namespace remoting |
| OLD | NEW |
