From 3a29f7db26b4dc30eee84aeb958c26172eeae1fc Mon Sep 17 00:00:00 2001 From: "sverrir@chromium.org" Date: Sat, 28 Feb 2009 23:19:23 +0000 Subject: Prevent chrome from launching with a chromehtml: argument unless its preceeded by the switch terminator. This is to prevent chromehtml: urls to supply arguments to Chrome. BUG=5825 Review URL: http://codereview.chromium.org/20469 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@10684 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/app/chrome_dll_main.cc | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc index 265f5f7..57d49b9 100644 --- a/chrome/app/chrome_dll_main.cc +++ b/chrome/app/chrome_dll_main.cc @@ -10,6 +10,7 @@ #include "build/build_config.h" #if defined(OS_WIN) +#include #include #include #include @@ -119,6 +120,38 @@ void ChromeAssert(const std::string& str) { #pragma optimize("", on) +// Early versions of Chrome incorrectly registered a chromehtml: URL handler. +// Later versions fixed the registration but in some cases (e.g. Vista and non- +// admin installs) the fix could not be applied. This prevents Chrome to be +// launched with the incorrect format. +// CORRECT: -- "chromehtml:" +// INVALID: "chromehtml:" +bool IncorrectChromeHtmlArguments(const std::wstring& command_line) { + const wchar_t kChromeHtml[] = L"-- \"chromehtml:"; + const wchar_t kOffset = 5; // Where chromehtml: starts in above + std::wstring command_line_lower = command_line; + + // We are only searching for ASCII characters so this is OK. + StringToLowerASCII(&command_line_lower); + + std::wstring::size_type pos = command_line_lower.find( + kChromeHtml + kOffset); + + if (pos == std::wstring::npos) + return false; + + // The browser is being launched with chromehtml: somewhere on the command + // line. We will not launch unless it's preceded by the -- switch terminator. + if (pos >= kOffset) { + if (equal(kChromeHtml, kChromeHtml + arraysize(kChromeHtml) - 1, + command_line_lower.begin() + pos - kOffset)) { + return false; + } + } + + return true; +} + #endif // OS_WIN // Register the invalid param handler and pure call handler to be able to @@ -227,6 +260,12 @@ int ChromeMain(int argc, const char** argv) { #endif const CommandLine& parsed_command_line = *CommandLine::ForCurrentProcess(); +#if defined(OS_WIN) + // Must do this before any other usage of command line! + if (::IncorrectChromeHtmlArguments(parsed_command_line.command_line_string())) + return 1; +#endif + SetupCRT(parsed_command_line); // Initialize the Chrome path provider. -- cgit v1.1