summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-13 20:49:46 +0000
committerrvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-13 20:49:46 +0000
commit0af7b151111d085a4b1be4fd31485297f8d41bf2 (patch)
tree2cb571c2864d7b010634e50e1bb1d7630ef81c94
parentfdd072ff1b52f405ed3c2b1cfb86c6e92e5018c1 (diff)
downloadchromium_src-0af7b151111d085a4b1be4fd31485297f8d41bf2.zip
chromium_src-0af7b151111d085a4b1be4fd31485297f8d41bf2.tar.gz
chromium_src-0af7b151111d085a4b1be4fd31485297f8d41bf2.tar.bz2
Disk Cache: Perform extra validations to data comming from
disk to detect obvious corruption going undetected. BUG=77841 TEST=net_unittests Review URL: http://codereview.chromium.org/6821064 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81472 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--net/disk_cache/addr.cc16
-rw-r--r--net/disk_cache/addr.h5
-rw-r--r--net/disk_cache/addr_unittest.cc22
-rw-r--r--net/disk_cache/entry_impl.cc46
-rw-r--r--net/disk_cache/rankings.cc8
5 files changed, 89 insertions, 8 deletions
diff --git a/net/disk_cache/addr.cc b/net/disk_cache/addr.cc
index aa84c01..c4b95ef 100644
--- a/net/disk_cache/addr.cc
+++ b/net/disk_cache/addr.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -26,4 +26,18 @@ bool Addr::SetFileNumber(int file_number) {
return true;
}
+bool Addr::SanityCheck() const {
+ if (!is_initialized())
+ return !value_;
+
+ if (((value_ & kFileTypeMask) >> kFileTypeOffset) > 4)
+ return false;
+
+ if (is_separate_file())
+ return true;
+
+ const uint32 kReservedBitsMask = 0x0c000000;
+ return !(value_ & kReservedBitsMask);
+}
+
} // namespace disk_cache
diff --git a/net/disk_cache/addr.h b/net/disk_cache/addr.h
index c10dcc3..d754ec5 100644
--- a/net/disk_cache/addr.h
+++ b/net/disk_cache/addr.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -119,6 +119,9 @@ class Addr {
return EXTERNAL;
}
+ // Returns true if this address looks like a valid one.
+ bool SanityCheck() const;
+
private:
static const uint32 kInitializedMask = 0x80000000;
static const uint32 kFileTypeMask = 0x70000000;
diff --git a/net/disk_cache/addr_unittest.cc b/net/disk_cache/addr_unittest.cc
index 551310e..09088c4 100644
--- a/net/disk_cache/addr_unittest.cc
+++ b/net/disk_cache/addr_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -34,4 +34,24 @@ TEST_F(DiskCacheTest, CacheAddr_InvalidValues) {
EXPECT_EQ(4096, addr3.BlockSize());
}
+TEST_F(DiskCacheTest, CacheAddr_SanityCheck) {
+ // First a few valid values.
+ EXPECT_TRUE(Addr(0).SanityCheck());
+ EXPECT_TRUE(Addr(0x80001000).SanityCheck());
+ EXPECT_TRUE(Addr(0xC3FFFFFF).SanityCheck());
+ EXPECT_TRUE(Addr(0xC0FFFFFF).SanityCheck());
+
+ // Not initialized.
+ EXPECT_FALSE(Addr(0x20).SanityCheck());
+ EXPECT_FALSE(Addr(0x10001000).SanityCheck());
+
+ // Invalid file type.
+ EXPECT_FALSE(Addr(0xD0001000).SanityCheck());
+ EXPECT_FALSE(Addr(0xF0000000).SanityCheck());
+
+ // Reserved bits.
+ EXPECT_FALSE(Addr(0x14000000).SanityCheck());
+ EXPECT_FALSE(Addr(0x18000000).SanityCheck());
+}
+
} // namespace disk_cache
diff --git a/net/disk_cache/entry_impl.cc b/net/disk_cache/entry_impl.cc
index 2db4988..73c67df 100644
--- a/net/disk_cache/entry_impl.cc
+++ b/net/disk_cache/entry_impl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -12,6 +12,7 @@
#include "net/disk_cache/backend_impl.h"
#include "net/disk_cache/bitmap.h"
#include "net/disk_cache/cache_util.h"
+#include "net/disk_cache/hash.h"
#include "net/disk_cache/histogram_macros.h"
#include "net/disk_cache/net_log_parameters.h"
#include "net/disk_cache/sparse_control.h"
@@ -559,19 +560,56 @@ void EntryImpl::SetPointerForInvalidEntry(int32 new_id) {
}
bool EntryImpl::SanityCheck() {
- if (!entry_.Data()->rankings_node || !entry_.Data()->key_len)
+ EntryStore* stored = entry_.Data();
+ if (!stored->rankings_node || stored->key_len <= 0)
return false;
- Addr rankings_addr(entry_.Data()->rankings_node);
+ if (stored->reuse_count < 0 || stored->refetch_count < 0)
+ return false;
+
+ Addr rankings_addr(stored->rankings_node);
if (!rankings_addr.is_initialized() || rankings_addr.is_separate_file() ||
rankings_addr.file_type() != RANKINGS)
return false;
- Addr next_addr(entry_.Data()->next);
+ Addr next_addr(stored->next);
if (next_addr.is_initialized() &&
(next_addr.is_separate_file() || next_addr.file_type() != BLOCK_256))
return false;
+ if (!rankings_addr.SanityCheck() || !next_addr.SanityCheck())
+ return false;
+
+ if (stored->state > ENTRY_DOOMED || stored->state < ENTRY_NORMAL)
+ return false;
+
+ Addr key_addr(stored->long_key);
+ if (stored->key_len <= kMaxInternalKeyLength && key_addr.is_initialized())
+ return false;
+
+ if (!key_addr.SanityCheck())
+ return false;
+
+ if (stored->hash != Hash(GetKey()))
+ return false;
+
+ for (int i = 0; i < kNumStreams; i++) {
+ Addr data_addr(stored->data_addr[i]);
+ int data_size = stored->data_size[i];
+ if (data_size < 0)
+ return false;
+ if (!data_size && data_addr.is_initialized())
+ return false;
+ if (!data_addr.SanityCheck())
+ return false;
+ if (!data_size)
+ continue;
+ if (data_size <= kMaxBlockSize && data_addr.is_separate_file())
+ return false;
+ if (data_size > kMaxBlockSize && data_addr.is_block_file())
+ return false;
+ }
+
return true;
}
diff --git a/net/disk_cache/rankings.cc b/net/disk_cache/rankings.cc
index 3644932..e8bf50d 100644
--- a/net/disk_cache/rankings.cc
+++ b/net/disk_cache/rankings.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -508,6 +508,12 @@ bool Rankings::SanityCheck(CacheRankingsBlock* node, bool from_list) {
if ((node->address().value() == data->next) && !IsTail(data->next, &list))
return false;
+ Addr next_addr(data->next);
+ Addr prev_addr(data->prev);
+ if (!next_addr.SanityCheck() || next_addr.file_type() != RANKINGS ||
+ !prev_addr.SanityCheck() || prev_addr.file_type() != RANKINGS)
+ return false;
+
return true;
}