1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# HG changeset patch
# User Bob Owen <bobowencode@gmail.com>
# Date 1577387989 0
# Thu Dec 26 19:19:49 2019 +0000
# Node ID 32adf437117bdca54be4959813acbb604f65137f
# Parent 214214029beb6cca606e11ba519d11cc7dbb37af
Bug 1605867: Don't duplicate IPC shared memory when we might fail to launch the process correctly. r=handyman
Differential Revision: https://phabricator.services.mozilla.com/D58271
diff --git a/security/sandbox/chromium/sandbox/win/src/target_process.cc b/security/sandbox/chromium/sandbox/win/src/target_process.cc
--- a/security/sandbox/chromium/sandbox/win/src/target_process.cc
+++ b/security/sandbox/chromium/sandbox/win/src/target_process.cc
@@ -286,45 +286,28 @@ ResultCode TargetProcess::Init(Dispatche
shared_section_.Set(::CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr,
PAGE_READWRITE | SEC_COMMIT, 0,
shared_mem_size, nullptr));
if (!shared_section_.IsValid()) {
*win_error = ::GetLastError();
return SBOX_ERROR_CREATE_FILE_MAPPING;
}
- DWORD access = FILE_MAP_READ | FILE_MAP_WRITE | SECTION_QUERY;
- HANDLE target_shared_section;
- if (!::DuplicateHandle(::GetCurrentProcess(), shared_section_.Get(),
- sandbox_process_info_.process_handle(),
- &target_shared_section, access, false, 0)) {
- *win_error = ::GetLastError();
- return SBOX_ERROR_DUPLICATE_SHARED_SECTION;
- }
-
void* shared_memory = ::MapViewOfFile(
shared_section_.Get(), FILE_MAP_WRITE | FILE_MAP_READ, 0, 0, 0);
if (!shared_memory) {
*win_error = ::GetLastError();
return SBOX_ERROR_MAP_VIEW_OF_SHARED_SECTION;
}
CopyPolicyToTarget(policy, shared_policy_size,
reinterpret_cast<char*>(shared_memory) + shared_IPC_size);
ResultCode ret;
// Set the global variables in the target. These are not used on the broker.
- g_shared_section = target_shared_section;
- ret = TransferVariable("g_shared_section", &g_shared_section,
- sizeof(g_shared_section));
- g_shared_section = nullptr;
- if (SBOX_ALL_OK != ret) {
- *win_error = ::GetLastError();
- return ret;
- }
g_shared_IPC_size = shared_IPC_size;
ret = TransferVariable("g_shared_IPC_size", &g_shared_IPC_size,
sizeof(g_shared_IPC_size));
g_shared_IPC_size = 0;
if (SBOX_ALL_OK != ret) {
*win_error = ::GetLastError();
return ret;
}
@@ -339,16 +322,34 @@ ResultCode TargetProcess::Init(Dispatche
ipc_server_.reset(new SharedMemIPCServer(
sandbox_process_info_.process_handle(),
sandbox_process_info_.process_id(), thread_pool_, ipc_dispatcher));
if (!ipc_server_->Init(shared_memory, shared_IPC_size, kIPCChannelSize))
return SBOX_ERROR_NO_SPACE;
+ DWORD access = FILE_MAP_READ | FILE_MAP_WRITE | SECTION_QUERY;
+ HANDLE target_shared_section;
+ if (!::DuplicateHandle(::GetCurrentProcess(), shared_section_.Get(),
+ sandbox_process_info_.process_handle(),
+ &target_shared_section, access, false, 0)) {
+ *win_error = ::GetLastError();
+ return SBOX_ERROR_DUPLICATE_SHARED_SECTION;
+ }
+
+ g_shared_section = target_shared_section;
+ ret = TransferVariable("g_shared_section", &g_shared_section,
+ sizeof(g_shared_section));
+ g_shared_section = nullptr;
+ if (SBOX_ALL_OK != ret) {
+ *win_error = ::GetLastError();
+ return ret;
+ }
+
// After this point we cannot use this handle anymore.
::CloseHandle(sandbox_process_info_.TakeThreadHandle());
return SBOX_ALL_OK;
}
void TargetProcess::Terminate() {
if (!sandbox_process_info_.IsValid())
|
