Change pnacl translator filenames and layout.

Layout will no longer have directory structure. Swap back to testing pnacl-in-browser via a CWS extension for now. That uses the old layout. We can swap back once we finish renaming the files / mapping their names to this new scheme from with pnacl_coordinator... or something. BUG=155117 TEST=pnacl_file_host_unittest Review URL: https://chromiumcodereview.appspot.com/11066113 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162621 0039d316-1c4b-4281-b951-d872f2087c98
author: jvoung@chromium.org <jvoung@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-10-18 02:35:21 +0000
committer: jvoung@chromium.org <jvoung@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-10-18 02:35:21 +0000
commit: 0e5eb33d622f5ef7a93299f355b2b5247246d76f (patch)
tree: a40ff0a2753510a0ede49a576ba2619f29b7dc43
parent: 90fe4443b2e1aae4e2daaf7eda0505501f1c3721 (diff)
download: chromium_src-0e5eb33d622f5ef7a93299f355b2b5247246d76f.zip
chromium_src-0e5eb33d622f5ef7a93299f355b2b5247246d76f.tar.gz
chromium_src-0e5eb33d622f5ef7a93299f355b2b5247246d76f.tar.bz2
3 files changed, 55 insertions, 33 deletions
diff --git a/chrome/browser/nacl_host/pnacl_file_host.cc b/chrome/browser/nacl_host/pnacl_file_host.cc
index fa0e5f0..f9454f3 100644
--- a/chrome/browser/nacl_host/pnacl_file_host.cc
+++ b/chrome/browser/nacl_host/pnacl_file_host.cc
@@ -21,6 +21,13 @@ using content::BrowserThread;
 
 namespace {
 
+// Force a prefix to prevent user from opening "magic" files.
+const char* kExpectedFilePrefix = "pnacl_public_";
+
+// Restrict PNaCl file lengths to reduce likelyhood of hitting bugs
+// in file name limit error-handling-code-paths, etc.
+const size_t kMaxFileLength = 40;
+
 void NotifyRendererOfError(
     ChromeRenderMessageFilter* chrome_render_message_filter,
     IPC::Message* reply_msg) {
@@ -134,43 +141,35 @@ void GetReadonlyPnaclFd(
   }
 }
 
+// This function is security sensitive.  Be sure to check with a security
+// person before you modify it.
 bool PnaclCanOpenFile(const std::string& filename,
                       FilePath* file_to_open) {
-  // The file must use only ASCII characters.
-  if (!IsStringASCII(filename)) {
-    return false;
-  }
-
-  // Disallow special shell characters, just in case...
-  if (filename.find('%') != std::string::npos ||
-      filename.find('$') != std::string::npos) {
+  if (filename.length() > kMaxFileLength)
     return false;
-  }
 
-#if defined(OS_WIN)
-  FilePath file_to_find(ASCIIToUTF16(filename));
-#elif defined(OS_POSIX)
-  FilePath file_to_find(filename);
-#endif
-
-  if (file_to_find.empty() || file_util::IsDot(file_to_find)) {
+  if (filename.empty())
     return false;
-  }
 
-  // Disallow peeking outside of the pnacl component directory.
-  if (file_to_find.ReferencesParent() || file_to_find.IsAbsolute()) {
-    return false;
+  // Restrict character set of the file name to something really simple
+  // (a-z, 0-9, and underscores).
+  for (size_t i = 0; i < filename.length(); ++i) {
+    char charAt = filename[i];
+    if (charAt < 'a' || charAt > 'z')
+      if (charAt < '0' || charAt > '9')
+        if (charAt != '_')
+          return false;
   }
 
+  // PNaCl must be installed.
   FilePath pnacl_dir;
-  if (!PathService::Get(chrome::DIR_PNACL_COMPONENT, &pnacl_dir)) {
+  if (!PathService::Get(chrome::DIR_PNACL_COMPONENT, &pnacl_dir) ||
+      pnacl_dir.empty())
     return false;
-  }
-  if (pnacl_dir.empty()) {
-    return false;
-  }
 
-  FilePath full_path = pnacl_dir.Append(file_to_find);
+  // Prepend the prefix to restrict files to a whitelisted set.
+  FilePath full_path = pnacl_dir.AppendASCII(
+      std::string(kExpectedFilePrefix) + filename);
   *file_to_open = full_path;
   return true;
 }
diff --git a/chrome/browser/nacl_host/pnacl_file_host_unittest.cc b/chrome/browser/nacl_host/pnacl_file_host_unittest.cc
index 6fcc956..76eee82 100644
--- a/chrome/browser/nacl_host/pnacl_file_host_unittest.cc
+++ b/chrome/browser/nacl_host/pnacl_file_host_unittest.cc
@@ -21,16 +21,38 @@ TEST(PnaclFileHostTest, TestFilenamesWithPnaclPath) {
                                               kDummyPnaclPath);
   ASSERT_TRUE(PathService::Get(chrome::DIR_PNACL_COMPONENT,
                                &kDummyPnaclPath));
+
+  // Check allowed strings, and check that the expected prefix is added.
   FilePath out_path;
-  EXPECT_TRUE(PnaclCanOpenFile("manifest.json", &out_path));
+  EXPECT_TRUE(PnaclCanOpenFile("pnacl_json", &out_path));
   FilePath expected_path = kDummyPnaclPath.Append(
-      FILE_PATH_LITERAL("manifest.json"));
+      FILE_PATH_LITERAL("pnacl_public_pnacl_json"));
   EXPECT_EQ(out_path, expected_path);
 
-  EXPECT_TRUE(PnaclCanOpenFile("x86-32/llc", &out_path));
-  expected_path = kDummyPnaclPath.Append(FILE_PATH_LITERAL("x86-32/llc"));
+  EXPECT_TRUE(PnaclCanOpenFile("x86_32_llc", &out_path));
+  expected_path = kDummyPnaclPath.Append(
+      FILE_PATH_LITERAL("pnacl_public_x86_32_llc"));
   EXPECT_EQ(out_path, expected_path);
 
+  // Check character ranges.
+  EXPECT_FALSE(PnaclCanOpenFile(".xchars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("/xchars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("x/chars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("\\xchars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("x\\chars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("$xchars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("%xchars", &out_path));
+  EXPECT_FALSE(PnaclCanOpenFile("CAPS", &out_path));
+  const char non_ascii[] = "\xff\xfe";
+  EXPECT_FALSE(PnaclCanOpenFile(non_ascii, &out_path));
+
+  // Check file length restriction.
+  EXPECT_FALSE(PnaclCanOpenFile("thisstringisactuallywaaaaaaaaaaaaaaaaaaaaaaaa"
+                                "toolongwaytoolongwaaaaayyyyytoooooooooooooooo"
+                                "looooooooong",
+                                &out_path));
+
+  // Other bad files.
   EXPECT_FALSE(PnaclCanOpenFile("", &out_path));
   EXPECT_FALSE(PnaclCanOpenFile(".", &out_path));
   EXPECT_FALSE(PnaclCanOpenFile("..", &out_path));
@@ -45,6 +67,4 @@ TEST(PnaclFileHostTest, TestFilenamesWithPnaclPath) {
   EXPECT_FALSE(PnaclCanOpenFile("$HOME/.bashrc", &out_path));
 #endif
 
-  const char non_ascii[] = "\xff\xfe";
-  EXPECT_FALSE(PnaclCanOpenFile(non_ascii, &out_path));
 }
diff --git a/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc b/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc
index 0344e9e..d2535c0 100644
--- a/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc
+++ b/ppapi/native_client/src/trusted/plugin/pnacl_resources.cc
@@ -29,7 +29,10 @@ bool PnaclUrls::UsePnaclExtension(const Plugin* plugin) {
   // --enable-pnacl is used and not use the chrome extension.
   // Some UI work, etc. remains before --enable-pnacl is usable:
   // http://code.google.com/p/nativeclient/issues/detail?id=2813
-  return !(plugin->nacl_interface()->IsPnaclEnabled());
+  // TODO(jvoung): re-enable the non-extension path if we decide
+  // to use that / once we have renamed and remap some of the files.
+  return true;
+  // return !(plugin->nacl_interface()->IsPnaclEnabled());
 }
 
 nacl::string PnaclUrls::GetBaseUrl(bool use_extension) {
author	jvoung@chromium.org <jvoung@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-10-18 02:35:21 +0000
committer	jvoung@chromium.org <jvoung@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-10-18 02:35:21 +0000
commit	0e5eb33d622f5ef7a93299f355b2b5247246d76f (patch)
tree	a40ff0a2753510a0ede49a576ba2619f29b7dc43
parent	90fe4443b2e1aae4e2daaf7eda0505501f1c3721 (diff)
download	chromium_src-0e5eb33d622f5ef7a93299f355b2b5247246d76f.zip chromium_src-0e5eb33d622f5ef7a93299f355b2b5247246d76f.tar.gz chromium_src-0e5eb33d622f5ef7a93299f355b2b5247246d76f.tar.bz2