diff options
| author | vitalybuka@chromium.org <vitalybuka@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-01 23:25:31 +0000 |
|---|---|---|
| committer | vitalybuka@chromium.org <vitalybuka@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-01 23:25:31 +0000 |
| commit | 03dd9425d9c99beedfb5dbd650b8d779dcb86a25 (patch) | |
| tree | aa62e1a71ee40039bcb1de10124b018b4889c5ac /net/dns | |
| parent | 421d65ece1477138d7a6816d052d7bd44683c0e5 (diff) | |
| download | chromium_src-03dd9425d9c99beedfb5dbd650b8d779dcb86a25.zip chromium_src-03dd9425d9c99beedfb5dbd650b8d779dcb86a25.tar.gz chromium_src-03dd9425d9c99beedfb5dbd650b8d779dcb86a25.tar.bz2 | |
Listen for mDns traffic in setuid sandboxed Utility process.
Local discovery listens for mDns traffic inside Utility process with enabled setuid sandbox (seccomp-BPF is not enabled). Setuid sandbox fails ::socket calls. To overcome this we use LocalDiscoveryMsg_SetSockets IPC message to pass two new UDP sockets created in browser process. These sockets will be provided for net::MDnsClient using net::PlatformSocketFactory.
Added check to make sure that only Local Discovery Utility process handles LocalDiscovery* IPC messages.
This code, as well as Windows version, is not executed without --enable-device-discovery switch.
BUG=277654
Review URL: https://chromiumcodereview.appspot.com/23482003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@220760 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/dns')
| -rw-r--r-- | net/dns/mdns_client_impl.cc | 16 | ||||
| -rw-r--r-- | net/dns/mdns_client_impl.h | 4 |
2 files changed, 10 insertions, 10 deletions
diff --git a/net/dns/mdns_client_impl.cc b/net/dns/mdns_client_impl.cc index a90ac64..d8e5e9b 100644 --- a/net/dns/mdns_client_impl.cc +++ b/net/dns/mdns_client_impl.cc @@ -41,11 +41,6 @@ MDnsConnection::SocketHandler::~SocketHandler() { } int MDnsConnection::SocketHandler::Start() { - int rv = BindSocket(); - if (rv != OK) { - return rv; - } - return DoLoop(0); } @@ -87,7 +82,7 @@ void MDnsConnection::SocketHandler::SendDone(int rv) { // TODO(noamsml): Retry logic. } -int MDnsConnection::SocketHandler::BindSocket() { +int MDnsConnection::SocketHandler::Bind() { IPAddressNumber address_any(multicast_addr_.address().size()); IPEndPoint bind_endpoint(address_any, multicast_addr_.port()); @@ -117,8 +112,13 @@ MDnsConnection::~MDnsConnection() { } int MDnsConnection::Init() { - int rv; - + int rv = socket_handler_ipv4_.Bind(); + if (rv != OK) return rv; + rv = socket_handler_ipv6_.Bind(); + if (rv != OK) return rv; + // All unbound sockets need to be bound before processing untrusted input. + // This is done for security reasons, so that an attacker can't get an unbound + // socket. rv = socket_handler_ipv4_.Start(); if (rv != OK) return rv; rv = socket_handler_ipv6_.Start(); diff --git a/net/dns/mdns_client_impl.h b/net/dns/mdns_client_impl.h index 9fe3f99..86a7ba9 100644 --- a/net/dns/mdns_client_impl.h +++ b/net/dns/mdns_client_impl.h @@ -58,13 +58,13 @@ class NET_EXPORT_PRIVATE MDnsConnection { const IPEndPoint& multicast_addr, SocketFactory* socket_factory); ~SocketHandler(); - int DoLoop(int rv); + int Bind(); int Start(); int Send(IOBuffer* buffer, unsigned size); private: - int BindSocket(); + int DoLoop(int rv); void OnDatagramReceived(int rv); // Callback for when sending a query has finished. |