diff options
| author | jschuh@google.com <jschuh@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-22 23:13:48 +0000 |
|---|---|---|
| committer | jschuh@google.com <jschuh@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-22 23:13:48 +0000 |
| commit | c5a68a10cc7aaf7fb74b400919b570be080ba1ea (patch) | |
| tree | 78eab5db0ca9714a77fe9137ac361295ff4cb259 /sandbox | |
| parent | ef854e0d4df9e16265ca9fe78e269ed8db955e1c (diff) | |
| download | chromium_src-c5a68a10cc7aaf7fb74b400919b570be080ba1ea.zip chromium_src-c5a68a10cc7aaf7fb74b400919b570be080ba1ea.tar.gz chromium_src-c5a68a10cc7aaf7fb74b400919b570be080ba1ea.tar.bz2 | |
Check the IPC filename length does not exceed the message size.
BUG=49763
TEST=None.
Review URL: http://codereview.chromium.org/2806067
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53415 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/src/sandbox_nt_util.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sandbox/src/sandbox_nt_util.cc b/sandbox/src/sandbox_nt_util.cc index 1452c6b..89da4e0 100644 --- a/sandbox/src/sandbox_nt_util.cc +++ b/sandbox/src/sandbox_nt_util.cc @@ -508,6 +508,11 @@ bool IsSupportedRenameCall(FILE_RENAME_INFORMATION* file_info, DWORD length, if (length < sizeof(FILE_RENAME_INFORMATION)) return false; + // Make sure file name length doesn't exceed the message length + if (length - offsetof(FILE_RENAME_INFORMATION, FileName) < + file_info->FileNameLength) + return false; + // We don't support a root directory. if (file_info->RootDirectory) return false; |