diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-16 03:39:27 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-16 03:39:27 +0000 |
| commit | a8e51a025c3a69863af57260ecb275f7d37d82e6 (patch) | |
| tree | 5f2b56e162ddb8d27245bfe964747c38d1225066 /content | |
| parent | 92ba7b01c7ddfc91117a1bec671cea1a5817e92a (diff) | |
| download | chromium_src-a8e51a025c3a69863af57260ecb275f7d37d82e6.zip chromium_src-a8e51a025c3a69863af57260ecb275f7d37d82e6.tar.gz chromium_src-a8e51a025c3a69863af57260ecb275f7d37d82e6.tar.bz2 | |
Change DuplicateHandle hook to current DLL.
Review URL: https://chromiumcodereview.appspot.com/10332162
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137346 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/common/sandbox_policy.cc | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc index bdd50db..4c4287e 100644 --- a/content/common/sandbox_policy.cc +++ b/content/common/sandbox_policy.cc @@ -453,9 +453,9 @@ bool AddPolicyForPepperPlugin(sandbox::TargetPolicy* policy) { return result == sandbox::SBOX_ALL_OK; } -// This code is debug only, and attempts to catch unsafe uses of +// This code is test only, and attempts to catch unsafe uses of // DuplicateHandle() that copy privileged handles into sandboxed processes. -#ifndef NDEBUG +#ifndef OFFICIAL_BUILD base::win::IATPatchFunction g_iat_patch_duplicate_handle; BOOL (WINAPI *g_iat_orig_duplicate_handle)(HANDLE source_process_handle, @@ -563,14 +563,22 @@ bool InitBrokerServices(sandbox::BrokerServices* broker_services) { sandbox::ResultCode result = broker_services->Init(); g_broker_services = broker_services; -// In the debug build we want to warn about dangerous uses of DuplicateHandle. -#if !defined(NDEBUG) && !defined(NACL_WIN64) +// In non-official builds warn about dangerous uses of DuplicateHandle. +#ifndef OFFICIAL_BUILD if (!g_iat_patch_duplicate_handle.is_patched()) { - ResolveNTFunctionPtr("NtQueryObject", &g_QueryObject); - g_iat_orig_duplicate_handle = ::DuplicateHandle; - g_iat_patch_duplicate_handle.Patch( - L"chrome.dll", "kernel32.dll", "DuplicateHandle", - DuplicateHandlePatch); + HMODULE module = NULL; + wchar_t module_name[MAX_PATH]; + CHECK(::GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, + reinterpret_cast<LPCWSTR>(InitBrokerServices), + &module)); + DWORD result = ::GetModuleFileNameW(module, module_name, MAX_PATH); + if (result && (result != MAX_PATH)) { + ResolveNTFunctionPtr("NtQueryObject", &g_QueryObject); + g_iat_orig_duplicate_handle = ::DuplicateHandle; + g_iat_patch_duplicate_handle.Patch( + module_name, "kernel32.dll", "DuplicateHandle", + DuplicateHandlePatch); + } } #endif |