Base: Remove Receive() from ScopedHandle.

In general, the OS API contract doesn't guarantee that output variables are not modified on failure, so a Reeceive pattern is fundamentally insecure. BUG=318531 TEST=current tests tbr'ing owners for the consumers. TBR=jvoung@chromium.org, thakis@chromium.org, sergeyu@chromium.org, grt@chromium.org, gene@chromium.org, youngki@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=237459 Review URL: https://codereview.chromium.org/71013004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237675 0039d316-1c4b-4281-b951-d872f2087c98
author: rvargas@chromium.org <rvargas@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-11-28 05:16:59 +0000
committer: rvargas@chromium.org <rvargas@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-11-28 05:16:59 +0000
commit: 5be06e403789b537097560fef594000626a61997 (patch)
tree: 7921ffcc481aa118a901086229fda96519973757 /base/process/launch_win.cc
parent: 96798670fd3a04b7bf820eb39c7fdbde25414e53 (diff)
download: chromium_src-5be06e403789b537097560fef594000626a61997.zip
chromium_src-5be06e403789b537097560fef594000626a61997.tar.gz
chromium_src-5be06e403789b537097560fef594000626a61997.tar.bz2
1 files changed, 17 insertions, 9 deletions
diff --git a/base/process/launch_win.cc b/base/process/launch_win.cc
index da913ef..34f84c3 100644
--- a/base/process/launch_win.cc
+++ b/base/process/launch_win.cc
@@ -103,7 +103,7 @@ void RouteStdioToConsole() {
 
 bool LaunchProcess(const string16& cmdline,
                    const LaunchOptions& options,
-                   ProcessHandle* process_handle) {
+                   win::ScopedHandle* process_handle) {
   STARTUPINFO startup_info = {};
   startup_info.cb = sizeof(startup_info);
   if (options.empty_desktop_name)
@@ -136,7 +136,7 @@ bool LaunchProcess(const string16& cmdline,
   if (options.force_breakaway_from_job_)
     flags |= CREATE_BREAKAWAY_FROM_JOB;
 
-  base::win::ScopedProcessInformation process_info;
+  PROCESS_INFORMATION temp_process_info = {};
 
   if (options.as_user) {
     flags |= CREATE_UNICODE_ENVIRONMENT;
@@ -152,7 +152,7 @@ bool LaunchProcess(const string16& cmdline,
                             const_cast<wchar_t*>(cmdline.c_str()),
                             NULL, NULL, options.inherit_handles, flags,
                             enviroment_block, NULL, &startup_info,
-                            process_info.Receive());
+                            &temp_process_info);
     DestroyEnvironmentBlock(enviroment_block);
     if (!launched) {
       DPLOG(ERROR);
@@ -162,11 +162,12 @@ bool LaunchProcess(const string16& cmdline,
     if (!CreateProcess(NULL,
                        const_cast<wchar_t*>(cmdline.c_str()), NULL, NULL,
                        options.inherit_handles, flags, NULL, NULL,
-                       &startup_info, process_info.Receive())) {
+                       &startup_info, &temp_process_info)) {
       DPLOG(ERROR);
       return false;
     }
   }
+  base::win::ScopedProcessInformation process_info(temp_process_info);
 
   if (options.job_handle) {
     if (0 == AssignProcessToJobObject(options.job_handle,
@@ -184,7 +185,7 @@ bool LaunchProcess(const string16& cmdline,
 
   // If the caller wants the process handle, we won't close it.
   if (process_handle)
-    *process_handle = process_info.TakeProcessHandle();
+    process_handle->Set(process_info.TakeProcessHandle());
 
   return true;
 }
@@ -192,7 +193,13 @@ bool LaunchProcess(const string16& cmdline,
 bool LaunchProcess(const CommandLine& cmdline,
                    const LaunchOptions& options,
                    ProcessHandle* process_handle) {
-  return LaunchProcess(cmdline.GetCommandLineString(), options, process_handle);
+  if (!process_handle)
+    return LaunchProcess(cmdline.GetCommandLineString(), options, NULL);
+
+  win::ScopedHandle process;
+  bool rv = LaunchProcess(cmdline.GetCommandLineString(), options, &process);
+  *process_handle = process.Take();
+  return rv;
 }
 
 bool SetJobObjectLimitFlags(HANDLE job_object, DWORD limit_flags) {
@@ -233,8 +240,7 @@ bool GetAppOutput(const CommandLine& cl, std::string* output) {
 
   FilePath::StringType writable_command_line_string(cl.GetCommandLineString());
 
-  base::win::ScopedProcessInformation proc_info;
-  STARTUPINFO start_info = { 0 };
+  STARTUPINFO start_info = {};
 
   start_info.cb = sizeof(STARTUPINFO);
   start_info.hStdOutput = out_write;
@@ -244,14 +250,16 @@ bool GetAppOutput(const CommandLine& cl, std::string* output) {
   start_info.dwFlags |= STARTF_USESTDHANDLES;
 
   // Create the child process.
+  PROCESS_INFORMATION temp_process_info = {};
   if (!CreateProcess(NULL,
                      &writable_command_line_string[0],
                      NULL, NULL,
                      TRUE,  // Handles are inherited.
-                     0, NULL, NULL, &start_info, proc_info.Receive())) {
+                     0, NULL, NULL, &start_info, &temp_process_info)) {
     NOTREACHED() << "Failed to start process";
     return false;
   }
+  base::win::ScopedProcessInformation proc_info(temp_process_info);
 
   // Close our writing end of pipe now. Otherwise later read would not be able
   // to detect end of child's output.
author	rvargas@chromium.org <rvargas@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-11-28 05:16:59 +0000
committer	rvargas@chromium.org <rvargas@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-11-28 05:16:59 +0000
commit	5be06e403789b537097560fef594000626a61997 (patch)
tree	7921ffcc481aa118a901086229fda96519973757 /base/process/launch_win.cc
parent	96798670fd3a04b7bf820eb39c7fdbde25414e53 (diff)
download	chromium_src-5be06e403789b537097560fef594000626a61997.zip chromium_src-5be06e403789b537097560fef594000626a61997.tar.gz chromium_src-5be06e403789b537097560fef594000626a61997.tar.bz2