Change UnixDomainSocket::RecvMsg to return ScopedVector<base::ScopedFD>

This is slightly suboptimal because ScopedVector forces each ScopedFD
to be individually heap allocated, but it's the simplest solution
until C++11 is available.

BUG=360274
NOTRY=true

Review URL: https://codereview.chromium.org/258543006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267350 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 8 insertions, 12 deletions

diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc
index e91df52..ef916f2 100644
--- a/sandbox/linux/services/broker_process.cc
+++ b/sandbox/linux/services/broker_process.cc
@@ -22,6 +22,7 @@
 #include "base/compiler_specific.h"
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
+#include "base/memory/scoped_vector.h"
 #include "base/pickle.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/unix_domain_socket_linux.h"
@@ -320,8 +321,7 @@ int BrokerProcess::PathAndFlagsSyscall(enum IPCCommands syscall_type,
 // that we will then close.
 // A request should start with an int that will be used as the command type.
 bool BrokerProcess::HandleRequest() const {
-
-  std::vector<int> fds;
+  ScopedVector<base::ScopedFD> fds;
   char buf[kMaxMessageLength];
   errno = 0;
   const ssize_t msg_len = UnixDomainSocket::RecvMsg(ipc_socketpair_, buf,
@@ -334,17 +334,13 @@ bool BrokerProcess::HandleRequest() const {
 
   // The parent should send exactly one file descriptor, on which we
   // will write the reply.
-  if (msg_len < 0 || fds.size() != 1 || fds.at(0) < 0) {
+  // TODO(mdempsky): ScopedVector doesn't have 'at()', only 'operator[]'.
+  if (msg_len < 0 || fds.size() != 1 || fds[0]->get() < 0) {
     PLOG(ERROR) << "Error reading message from the client";
-    // The client could try to DoS us by sending more file descriptors, so
-    // make sure we close them.
-    for (std::vector<int>::iterator it = fds.begin(); it != fds.end(); ++it) {
-      PCHECK(0 == IGNORE_EINTR(close(*it)));
-    }
     return false;
   }
 
-  base::ScopedFD temporary_ipc(fds.at(0));
+  base::ScopedFD temporary_ipc(fds[0]->Pass());
 
   Pickle pickle(buf, msg_len);
   PickleIterator iter(pickle);
diff --git a/sandbox/linux/services/unix_domain_socket_unittest.cc b/sandbox/linux/services/unix_domain_socket_unittest.cc
index ed9c401..17208a8 100644
--- a/sandbox/linux/services/unix_domain_socket_unittest.cc
+++ b/sandbox/linux/services/unix_domain_socket_unittest.cc
@@ -14,6 +14,7 @@
 
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
+#include "base/memory/scoped_vector.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/process/process_handle.h"
@@ -94,15 +95,14 @@ void RecvHello(int fd,
   // Extra receiving buffer space to make sure we really received only
   // sizeof(kHello) bytes and it wasn't just truncated to fit the buffer.
   char buf[sizeof(kHello) + 1];
-  std::vector<int> message_fds;
+  ScopedVector<base::ScopedFD> message_fds;
   ssize_t n = UnixDomainSocket::RecvMsgWithPid(
       fd, buf, sizeof(buf), &message_fds, sender_pid);
   CHECK_EQ(sizeof(kHello), static_cast<size_t>(n));
   CHECK_EQ(0, memcmp(buf, kHello, sizeof(kHello)));
   CHECK_EQ(1U, message_fds.size());
-  base::ScopedFD message_fd(message_fds[0]);
   if (write_pipe)
-    write_pipe->swap(message_fd);
+    write_pipe->swap(*message_fds[0]);
 }
 
 // Check that receiving PIDs works across a fork().