Bug 1987977 - Add extra fd validation to ChannelPosix, r=ipc-reviewers,jld (629f8c06) · Commits · The Tor Project / Applications / Mullvad Browser

ipc/chromium/src/chrome/common/ipc_channel_posix.cc

+6 −4

Original line number	Diff line number	Diff line
		@@ -419,8 +419,9 @@ bool Channel::ChannelImpl::ProcessIncomingMessages() {
		error = "Message needs unreceived descriptors";
		}

		if (m.header()->num_handles >
		IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) {
		size_t maxHandles = std::min<size_t>(
		m.size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE);
		if (m.header()->num_handles > maxHandles) {
		// There are too many descriptors in this message
		error = "Message requires an excessive number of descriptors";
		}
		@@ -536,8 +537,9 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() {
		}
		#endif

		if (msg->attached_handles_.Length() >
		IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) {
		size_t maxHandles = std::min<size_t>(
		msg->size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE);
		if (msg->attached_handles_.Length() > maxHandles) {
		MOZ_DIAGNOSTIC_CRASH("Too many file descriptors!");
		CHROMIUM_LOG(FATAL) << "Too many file descriptors!";
		// This should not be reached.