diff options
| author | bauerb@chromium.org <bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-10 14:43:00 +0000 |
|---|---|---|
| committer | bauerb@chromium.org <bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-10 14:43:00 +0000 |
| commit | bfba36542e138194af9305cef85a00ffb9f4c548 (patch) | |
| tree | 49714cf8afbdaeb12ac463a2328bdcd79601be0b /net | |
| parent | 735844ac9b440410b101127907090c17d3672852 (diff) | |
| download | chromium_src-bfba36542e138194af9305cef85a00ffb9f4c548.zip chromium_src-bfba36542e138194af9305cef85a00ffb9f4c548.tar.gz chromium_src-bfba36542e138194af9305cef85a00ffb9f4c548.tar.bz2 | |
Explicitly whitelist the test server port.
BUG=65859
TEST=yes please
Review URL: http://codereview.chromium.org/5519015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68853 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/net_util.cc | 23 | ||||
| -rw-r--r-- | net/base/net_util.h | 13 | ||||
| -rw-r--r-- | net/test/test_server.cc | 4 | ||||
| -rw-r--r-- | net/test/test_server.h | 3 |
4 files changed, 34 insertions, 9 deletions
diff --git a/net/base/net_util.cc b/net/base/net_util.cc index 5426b68..4f6e361 100644 --- a/net/base/net_util.cc +++ b/net/base/net_util.cc @@ -1052,7 +1052,7 @@ const FormatUrlType kFormatUrlOmitAll = kFormatUrlOmitUsernamePassword | kFormatUrlOmitHTTP | kFormatUrlOmitTrailingSlashOnBareHostname; // TODO(viettrungluu): We don't want non-POD globals; change this. -std::set<int> explicitly_allowed_ports; +std::multiset<int> explicitly_allowed_ports; GURL FilePathToFileURL(const FilePath& path) { // Produce a URL like "file:///C:/foo" for a regular file, or @@ -1496,12 +1496,7 @@ bool IsPortAllowedByOverride(int port) { if (explicitly_allowed_ports.empty()) return false; - std::set<int>::const_iterator it = - std::find(explicitly_allowed_ports.begin(), - explicitly_allowed_ports.end(), - port); - - return it != explicitly_allowed_ports.end(); + return explicitly_allowed_ports.count(port) > 0; } int SetNonBlocking(int fd) { @@ -1726,7 +1721,7 @@ void SetExplicitlyAllowedPorts(const std::string& allowed_ports) { if (allowed_ports.empty()) return; - std::set<int> ports; + std::multiset<int> ports; size_t last = 0; size_t size = allowed_ports.size(); // The comma delimiter. @@ -1752,6 +1747,18 @@ void SetExplicitlyAllowedPorts(const std::string& allowed_ports) { explicitly_allowed_ports = ports; } +ScopedPortException::ScopedPortException(int port) : port_(port) { + explicitly_allowed_ports.insert(port); +} + +ScopedPortException::~ScopedPortException() { + std::multiset<int>::iterator it = explicitly_allowed_ports.find(port_); + if (it != explicitly_allowed_ports.end()) + explicitly_allowed_ports.erase(it); + else + NOTREACHED(); +} + enum IPv6SupportStatus { IPV6_CANNOT_CREATE_SOCKETS, IPV6_CAN_CREATE_SOCKETS, diff --git a/net/base/net_util.h b/net/base/net_util.h index ad5795c..bb145e0 100644 --- a/net/base/net_util.h +++ b/net/base/net_util.h @@ -71,7 +71,7 @@ extern const FormatUrlType kFormatUrlOmitTrailingSlashOnBareHostname; extern const FormatUrlType kFormatUrlOmitAll; // Holds a list of ports that should be accepted despite bans. -extern std::set<int> explicitly_allowed_ports; +extern std::multiset<int> explicitly_allowed_ports; // Given the full path to a file name, creates a file: URL. The returned URL // may not be valid if the input is malformed. @@ -338,6 +338,17 @@ GURL SimplifyUrlForRequest(const GURL& url); void SetExplicitlyAllowedPorts(const std::string& allowed_ports); +class ScopedPortException { + public: + ScopedPortException(int port); + ~ScopedPortException(); + + private: + int port_; + + DISALLOW_COPY_AND_ASSIGN(ScopedPortException); +}; + // Perform a simplistic test to see if IPv6 is supported by trying to create an // IPv6 socket. // TODO(jar): Make test more in-depth as needed. diff --git a/net/test/test_server.cc b/net/test/test_server.cc index d2d3fde..a6e5a82 100644 --- a/net/test/test_server.cc +++ b/net/test/test_server.cc @@ -159,6 +159,8 @@ bool TestServer::Start() { return false; } + allowed_port_.reset(new ScopedPortException(host_port_pair_.port())); + started_ = true; return true; } @@ -181,6 +183,8 @@ bool TestServer::Stop() { VLOG(1) << "Kill failed?"; } + allowed_port_.reset(); + return ret; } diff --git a/net/test/test_server.h b/net/test/test_server.h index 1ae0a50..4154302 100644 --- a/net/test/test_server.h +++ b/net/test/test_server.h @@ -17,6 +17,7 @@ #include "base/file_util.h" #include "base/process_util.h" #include "net/base/host_port_pair.h" +#include "net/base/net_util.h" #if defined(OS_WIN) #include "base/scoped_handle_win.h" @@ -180,6 +181,8 @@ class TestServer { // Handle of the Python process running the test server. base::ProcessHandle process_handle_; + scoped_ptr<net::ScopedPortException> allowed_port_; + #if defined(OS_WIN) // JobObject used to clean up orphaned child processes. ScopedHandle job_handle_; |