-
Robert Sesek authored
An errant or malicious process could send Mach messages with extra descriptors. While the message wouldn't be processed, it would cause the rights to leak in the browser. When handling a request, add additional checks for the msgh_id and msgh_size. If the message does not pass muster, or it is from a process that is not expected, ensure any rights contained within are destroyed. Change-Id: If333372c72cb20d99713c78d5451c04a3321113f Reviewed-on: https://chromium-review.googlesource.com/c/1305394 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by:
Mark Mentovai <mark@chromium.org> Cr-Commit-Position: refs/heads/master@{#603639}
adf255ef
