| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/in_process_webkit/indexed_db_dispatcher_host.h" | 5 #include "content/browser/in_process_webkit/indexed_db_dispatcher_host.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 468 const IndexedDBHostMsg_DatabasePut_Params& params) { | 468 const IndexedDBHostMsg_DatabasePut_Params& params) { |
| 469 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT_DEPRECATED)); | 469 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT_DEPRECATED)); |
| 470 | 470 |
| 471 WebIDBDatabase* database = parent_->GetOrTerminateProcess( | 471 WebIDBDatabase* database = parent_->GetOrTerminateProcess( |
| 472 &map_, params.ipc_database_id); | 472 &map_, params.ipc_database_id); |
| 473 if (!database) | 473 if (!database) |
| 474 return; | 474 return; |
| 475 scoped_ptr<WebIDBCallbacks> callbacks( | 475 scoped_ptr<WebIDBCallbacks> callbacks( |
| 476 new IndexedDBCallbacks<WebIDBKey>(parent_, params.ipc_thread_id, | 476 new IndexedDBCallbacks<WebIDBKey>(parent_, params.ipc_thread_id, |
| 477 params.ipc_response_id)); | 477 params.ipc_response_id)); |
| 478 if (params.index_ids.size() != params.index_keys.size()) { |
| 479 callbacks->onError(WebIDBDatabaseError( |
| 480 WebKit::WebIDBDatabaseExceptionUnknownError, |
| 481 "Malformed IPC message: index_ids.size() != index_keys.size()")); |
| 482 return; |
| 483 } |
| 478 | 484 |
| 479 WebVector<unsigned char> value(params.value); | 485 WebVector<unsigned char> value(params.value); |
| 480 int64 host_transaction_id = parent_->HostTransactionId(params.transaction_id); | 486 int64 host_transaction_id = parent_->HostTransactionId(params.transaction_id); |
| 481 database->put(host_transaction_id, | 487 database->put(host_transaction_id, |
| 482 params.object_store_id, | 488 params.object_store_id, |
| 483 &value, params.key, | 489 &value, params.key, |
| 484 params.put_mode, callbacks.release(), | 490 params.put_mode, callbacks.release(), |
| 485 params.index_ids, | 491 params.index_ids, |
| 486 params.index_keys); | 492 params.index_keys); |
| 487 TransactionIDToSizeMap* map = | 493 TransactionIDToSizeMap* map = |
| 488 &parent_->database_dispatcher_host_->transaction_size_map_; | 494 &parent_->database_dispatcher_host_->transaction_size_map_; |
| 489 // Size can't be big enough to overflow because it represents the | 495 // Size can't be big enough to overflow because it represents the |
| 490 // actual bytes passed through IPC. | 496 // actual bytes passed through IPC. |
| 491 (*map)[host_transaction_id] += params.value.size(); | 497 (*map)[host_transaction_id] += params.value.size(); |
| 492 } | 498 } |
| 493 | 499 |
| 494 void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnSetIndexKeys( | 500 void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnSetIndexKeys( |
| 495 const IndexedDBHostMsg_DatabaseSetIndexKeys_Params& params) { | 501 const IndexedDBHostMsg_DatabaseSetIndexKeys_Params& params) { |
| 496 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT_DEPRECATED)); | 502 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT_DEPRECATED)); |
| 497 WebIDBDatabase* database = parent_->GetOrTerminateProcess( | 503 WebIDBDatabase* database = parent_->GetOrTerminateProcess( |
| 498 &map_, params.ipc_database_id); | 504 &map_, params.ipc_database_id); |
| 499 if (!database) | 505 if (!database) |
| 500 return; | 506 return; |
| 501 | 507 |
| 502 database->setIndexKeys(parent_->HostTransactionId(params.transaction_id), | 508 int64 host_transaction_id = parent_->HostTransactionId(params.transaction_id); |
| 509 if (params.index_ids.size() != params.index_keys.size()) { |
| 510 database->abort(host_transaction_id, WebIDBDatabaseError( |
| 511 WebKit::WebIDBDatabaseExceptionUnknownError, |
| 512 "Malformed IPC message: index_ids.size() != index_keys.size()")); |
| 513 return; |
| 514 } |
| 515 |
| 516 database->setIndexKeys(host_transaction_id, |
| 503 params.object_store_id, | 517 params.object_store_id, |
| 504 params.primary_key, params.index_ids, | 518 params.primary_key, params.index_ids, |
| 505 params.index_keys); | 519 params.index_keys); |
| 506 } | 520 } |
| 507 | 521 |
| 508 void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnSetIndexesReady( | 522 void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnSetIndexesReady( |
| 509 int32 ipc_database_id, | 523 int32 ipc_database_id, |
| 510 int64 transaction_id, | 524 int64 transaction_id, |
| 511 int64 object_store_id, | 525 int64 object_store_id, |
| 512 const std::vector<int64>& index_ids) { | 526 const std::vector<int64>& index_ids) { |
| (...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 788 ipc_response_id), ec); | 802 ipc_response_id), ec); |
| 789 DCHECK(!ec); | 803 DCHECK(!ec); |
| 790 } | 804 } |
| 791 | 805 |
| 792 void IndexedDBDispatcherHost::CursorDispatcherHost::OnDestroyed( | 806 void IndexedDBDispatcherHost::CursorDispatcherHost::OnDestroyed( |
| 793 int32 ipc_object_id) { | 807 int32 ipc_object_id) { |
| 794 parent_->DestroyObject(&map_, ipc_object_id); | 808 parent_->DestroyObject(&map_, ipc_object_id); |
| 795 } | 809 } |
| 796 | 810 |
| 797 } // namespace content | 811 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12208119:
Improve IndexedDB IPC message sanitization (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src