blob: 9d28ecc0b80adfc1906ea3983adf87a189e7d0bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "mojo/public/cpp/bindings/lib/message_header_validator.h"
#include "mojo/public/cpp/bindings/lib/bindings_serialization.h"
#include "mojo/public/cpp/bindings/lib/bounds_checker.h"
#include "mojo/public/cpp/bindings/lib/validation_errors.h"
namespace mojo {
namespace internal {
namespace {
bool IsValidMessageHeader(const MessageHeader* header) {
// NOTE: Our goal is to preserve support for future extension of the message
// header. If we encounter fields we do not understand, we must ignore them.
// Extra validation of the struct header:
if (header->num_fields == 2) {
if (header->num_bytes != sizeof(MessageHeader)) {
ReportValidationError(VALIDATION_ERROR_UNEXPECTED_STRUCT_HEADER);
return false;
}
} else if (header->num_fields == 3) {
if (header->num_bytes != sizeof(MessageHeaderWithRequestID)) {
ReportValidationError(VALIDATION_ERROR_UNEXPECTED_STRUCT_HEADER);
return false;
}
} else if (header->num_fields > 3) {
if (header->num_bytes < sizeof(MessageHeaderWithRequestID)) {
ReportValidationError(VALIDATION_ERROR_UNEXPECTED_STRUCT_HEADER);
return false;
}
}
// Validate flags (allow unknown bits):
// These flags require a RequestID.
if (header->num_fields < 3 && ((header->flags & kMessageExpectsResponse) ||
(header->flags & kMessageIsResponse))) {
ReportValidationError(VALIDATION_ERROR_MESSAGE_HEADER_MISSING_REQUEST_ID);
return false;
}
// These flags are mutually exclusive.
if ((header->flags & kMessageExpectsResponse) &&
(header->flags & kMessageIsResponse)) {
ReportValidationError(
VALIDATION_ERROR_MESSAGE_HEADER_INVALID_FLAG_COMBINATION);
return false;
}
return true;
}
} // namespace
MessageHeaderValidator::MessageHeaderValidator(MessageReceiver* sink)
: MessageFilter(sink) {
}
bool MessageHeaderValidator::Accept(Message* message) {
// Pass 0 as number of handles because we don't expect any in the header, even
// if |message| contains handles.
BoundsChecker bounds_checker(message->data(), message->data_num_bytes(), 0);
if (!ValidateStructHeader(
message->data(), sizeof(MessageHeader), 2, &bounds_checker)) {
return false;
}
if (!IsValidMessageHeader(message->header()))
return false;
return sink_->Accept(message);
}
} // namespace internal
} // namespace mojo
|
