diff options
| author | wfh <wfh@chromium.org> | 2015-01-12 11:12:50 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-01-12 19:13:42 +0000 |
| commit | 43aa4044b86faeab356265252b0fe9cac36e6568 (patch) | |
| tree | 723c2242eed468c659e21876a41b0a0650dcf3c0 /sandbox | |
| parent | 996cd30f9f538baf66cb126323b41cc036e18538 (diff) | |
| download | chromium_src-43aa4044b86faeab356265252b0fe9cac36e6568.zip chromium_src-43aa4044b86faeab356265252b0fe9cac36e6568.tar.gz chromium_src-43aa4044b86faeab356265252b0fe9cac36e6568.tar.bz2 | |
Fix some sandbox memory leaks
The memory allocated by AllocAndCopyName was not being freed under certain conditions.
Credit to yunli.sharing@gmail.com for spotting these.
BUG=414039
Review URL: https://codereview.chromium.org/849553002
Cr-Commit-Position: refs/heads/master@{#311079}
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/win/src/filesystem_interception.cc | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc index 179cad5..043e1fa 100644 --- a/sandbox/win/src/filesystem_interception.cc +++ b/sandbox/win/src/filesystem_interception.cc @@ -74,14 +74,15 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, if (SBOX_ALL_OK != code) break; + status = answer.nt_status; + if (!NT_SUCCESS(answer.nt_status)) - return answer.nt_status; + break; __try { *file = answer.handle; io_status->Status = answer.nt_status; io_status->Information = answer.extended[0].ulong_ptr; - status = io_status->Status; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } @@ -145,14 +146,15 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, if (SBOX_ALL_OK != code) break; + status = answer.nt_status; + if (!NT_SUCCESS(answer.nt_status)) - return answer.nt_status; + break; __try { *file = answer.handle; io_status->Status = answer.nt_status; io_status->Information = answer.extended[0].ulong_ptr; - status = io_status->Status; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } @@ -208,12 +210,10 @@ NTSTATUS WINAPI TargetNtQueryAttributesFile( ResultCode code = CrossCall(ipc, IPC_NTQUERYATTRIBUTESFILE_TAG, name, attributes, file_info, &answer); - operator delete(name, NT_ALLOC); - if (SBOX_ALL_OK != code) break; - return answer.nt_status; + status = answer.nt_status; } while (false); @@ -269,12 +269,10 @@ NTSTATUS WINAPI TargetNtQueryFullAttributesFile( ResultCode code = CrossCall(ipc, IPC_NTQUERYFULLATTRIBUTESFILE_TAG, name, attributes, file_info, &answer); - operator delete(name, NT_ALLOC); - if (SBOX_ALL_OK != code) break; - return answer.nt_status; + status = answer.nt_status; } while (false); if (name) |