diff options
| author | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-13 22:06:07 +0000 |
|---|---|---|
| committer | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-13 22:06:07 +0000 |
| commit | 2c56af1a6677c9b1141778173dcb1b3bdb63f14b (patch) | |
| tree | 4f304305f2af8989b051cc139e0dc7a1ca222143 /sandbox/src/process_thread_interception.cc | |
| parent | 2e783a8979a41c25f76d58bacc6329d86936b6e0 (diff) | |
| download | chromium_src-2c56af1a6677c9b1141778173dcb1b3bdb63f14b.zip chromium_src-2c56af1a6677c9b1141778173dcb1b3bdb63f14b.tar.gz chromium_src-2c56af1a6677c9b1141778173dcb1b3bdb63f14b.tar.bz2 | |
Return the right error code when we proxy a call
to the broker.
IIRC we decided to always return access denied because
we did not want to leak the real error code, but this
is bogus for 2 reasons:
1. The broker will return access denied if it's not
allowed in the policy
2. The check to hide the return code is in the renderer,
so it would have been possible for a malicious user to see
it anyway.
I also added a test for it.
BUG:3965
Review URL: http://codereview.chromium.org/10615
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5388 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/src/process_thread_interception.cc')
| -rw-r--r-- | sandbox/src/process_thread_interception.cc | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/sandbox/src/process_thread_interception.cc b/sandbox/src/process_thread_interception.cc index 79809e1..50b36b7 100644 --- a/sandbox/src/process_thread_interception.cc +++ b/sandbox/src/process_thread_interception.cc @@ -74,6 +74,14 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread, break; if (!NT_SUCCESS(answer.nt_status)) + // The nt_status here is most likely STATUS_INVALID_CID because + // in the broker we set the process id in the CID (client ID) param + // to be the current process. If you try to open a thread from another + // process you will get this INVALID_CID error. On the other hand, if you + // try to open a thread in your own process, it should return success. + // We don't want to return STATUS_INVALID_CID here, so we return the + // return of the original open thread status, which is most likely + // STATUS_ACCESS_DENIED. break; __try { @@ -144,7 +152,7 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOpenProcessFunction orig_OpenProcess, break; if (!NT_SUCCESS(answer.nt_status)) - break; + return answer.nt_status; __try { // Write the output parameters. @@ -189,7 +197,7 @@ NTSTATUS WINAPI TargetNtOpenProcessToken( break; if (!NT_SUCCESS(answer.nt_status)) - break; + return answer.nt_status; __try { // Write the output parameters. @@ -234,7 +242,7 @@ NTSTATUS WINAPI TargetNtOpenProcessTokenEx( break; if (!NT_SUCCESS(answer.nt_status)) - break; + return answer.nt_status; __try { // Write the output parameters. @@ -296,8 +304,9 @@ BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW, if (SBOX_ALL_OK != code) break; + ::SetLastError(answer.win32_result); if (ERROR_SUCCESS != answer.win32_result) - break; + return FALSE; return TRUE; } while (false); @@ -376,8 +385,9 @@ BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA, if (SBOX_ALL_OK != code) break; + ::SetLastError(answer.win32_result); if (ERROR_SUCCESS != answer.win32_result) - break; + return FALSE; return TRUE; } while (false); |