diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-03 04:11:54 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-03 04:11:54 +0000 |
| commit | 10cbaf017570ba6454174c55b844647aa6a9b3b4 (patch) | |
| tree | beba11e7fafcfa0479e91570bb221f221659d9b7 /ipc | |
| parent | 3c47f7247a0a92f61cb86661790ac2b386ee1030 (diff) | |
| download | chromium_src-10cbaf017570ba6454174c55b844647aa6a9b3b4.zip chromium_src-10cbaf017570ba6454174c55b844647aa6a9b3b4.tar.gz chromium_src-10cbaf017570ba6454174c55b844647aa6a9b3b4.tar.bz2 | |
Validate that paths don't contain embedded NULLs at deserialization.
BUG=166867
Review URL: https://chromiumcodereview.appspot.com/11743009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@174935 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/ipc_message_utils.cc | 3 | ||||
| -rw-r--r-- | ipc/ipc_message_utils_unittest.cc | 16 |
2 files changed, 19 insertions, 0 deletions
diff --git a/ipc/ipc_message_utils.cc b/ipc/ipc_message_utils.cc index 5e7067e..babecdc 100644 --- a/ipc/ipc_message_utils.cc +++ b/ipc/ipc_message_utils.cc @@ -508,6 +508,9 @@ bool ParamTraits<FilePath>::Read(const Message* m, FilePath::StringType value; if (!ParamTraits<FilePath::StringType>::Read(m, iter, &value)) return false; + // Reject embedded NULs as they can cause security checks to go awry. + if (value.find(FILE_PATH_LITERAL('\0')) != FilePath::StringType::npos) + return false; *r = FilePath(value); return true; } diff --git a/ipc/ipc_message_utils_unittest.cc b/ipc/ipc_message_utils_unittest.cc index 19726a0..fe2c4e3 100644 --- a/ipc/ipc_message_utils_unittest.cc +++ b/ipc/ipc_message_utils_unittest.cc @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "base/file_path.h" #include "ipc/ipc_message.h" #include "ipc/ipc_message_utils.h" #include "testing/gtest/include/gtest/gtest.h" @@ -50,4 +51,19 @@ TEST(IPCMessageUtilsTest, NestedMessages) { &result_content)); } +// Tests that detection of various bad parameters is working correctly. +TEST(IPCMessageUtilsTest, ParameterValidation) { + IPC::Message message; + FilePath::StringType okString(FILE_PATH_LITERAL("hello"), 5); + FilePath::StringType badString(FILE_PATH_LITERAL("hel\0o"), 5); + FilePath okPath(okString); + FilePath badPath(badString); + ParamTraits<FilePath>::Write(&message, okPath); + ParamTraits<FilePath>::Write(&message, badPath); + + PickleIterator iter(message); + ASSERT_TRUE(ParamTraits<FilePath>::Read(&message, &iter, &okPath)); + ASSERT_FALSE(ParamTraits<FilePath>::Read(&message, &iter, &badPath)); +} + } // namespace IPC |