Base: Remove Receive() from ScopedHandle.

In general, the OS API contract doesn't guarantee that output variables are
not modified on failure, so a Reeceive pattern is fundamentally insecure.

BUG=318531
TEST=current tests

tbr'ing owners for the consumers.

TBR=jvoung@chromium.org, thakis@chromium.org, sergeyu@chromium.org, grt@chromium.org, gene@chromium.org, youngki@chromium.org

Review URL: https://codereview.chromium.org/71013004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237459 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 2 deletions

diff --git a/remoting/host/win/wts_session_process_delegate.cc b/remoting/host/win/wts_session_process_delegate.cc
index 8cb7325..0781649 100644
--- a/remoting/host/win/wts_session_process_delegate.cc
+++ b/remoting/host/win/wts_session_process_delegate.cc
@@ -513,11 +513,11 @@ void WtsSessionProcessDelegate::Core::ReportProcessLaunched(
   // query information about the process and duplicate handles.
   DWORD desired_access =
       SYNCHRONIZE | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION;
-  ScopedHandle limited_handle;
+  HANDLE temp_handle;
   if (!DuplicateHandle(GetCurrentProcess(),
                        worker_process_,
                        GetCurrentProcess(),
-                       limited_handle.Receive(),
+                       &temp_handle,
                        desired_access,
                        FALSE,
                        0)) {
@@ -525,6 +525,7 @@ void WtsSessionProcessDelegate::Core::ReportProcessLaunched(
     ReportFatalError();
     return;
   }
+  ScopedHandle limited_handle(temp_handle);
 
   event_handler_->OnProcessLaunched(limited_handle.Pass());
 }