Add DACL and fix test for anonymous read-only memory

BUG=338538 R=rvargas@chromium.org,brettw@chromium.org TBR=brettw@chromium.org Review URL: https://codereview.chromium.org/444323005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288152 0039d316-1c4b-4281-b951-d872f2087c98

Add DACL and fix test for anonymous read-only memory
BUG=338538 R=rvargas@chromium.org,brettw@chromium.org TBR=brettw@chromium.org Review URL: https://codereview.chromium.org/444323005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288152 0039d316-1c4b-4281-b951-d872f2087c98
6d6797eb · jschuh@chromium.org · 555a7f11 · 6d6797eb · 6d6797eb
Commit 6d6797eb authored Aug 07, 2014 by jschuh@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 2 deletions

base/memory/shared_memory_unittest.cc base/memory/shared_memory_unittest.cc +12 -1

base/memory/shared_memory_win.cc base/memory/shared_memory_win.cc +17 -1

No files found.
--- a/base/memory/shared_memory_unittest.cc
+++ b/base/memory/shared_memory_unittest.cc
@@ -434,7 +434,7 @@ TEST(SharedMemoryTest, ShareReadOnly) {
  HANDLE temp_handle;
  BOOL rv = ::DuplicateHandle(GetCurrentProcess(),
                              handle,
-                              GetCurrentProcess,
+                              GetCurrentProcess(),
                              &temp_handle,
                              FILE_MAP_ALL_ACCESS,
                              false,
@@ -443,6 +443,17 @@ TEST(SharedMemoryTest, ShareReadOnly) {
      << "Shouldn't be able to duplicate the handle into a writable one.";
  if (rv)
    base::win::ScopedHandle writable_handle(temp_handle);
+  rv = ::DuplicateHandle(GetCurrentProcess(),
+                         handle,
+                         GetCurrentProcess(),
+                         &temp_handle,
+                         FILE_MAP_READ,
+                         false,
+                         0);
+  EXPECT_EQ(TRUE, rv)
+      << "Should be able to duplicate the handle into a readable one.";
+  if (rv)
+    base::win::ScopedHandle writable_handle(temp_handle);
 #else
 #error Unexpected platform; write a test that tries to make 'handle' writable.
 #endif  // defined(OS_POSIX) || defined(OS_WIN)

--- a/base/memory/shared_memory_win.cc
+++ b/base/memory/shared_memory_win.cc
@@ -4,7 +4,10 @@

 #include "base/memory/shared_memory.h"

+#include <aclapi.h>
+
 #include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/rand_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
@@ -117,7 +120,20 @@ bool SharedMemory::Create(const SharedMemoryCreateOptions& options) {
  size_t rounded_size = (options.size + kSectionMask) & ~kSectionMask;
  name_ = ASCIIToWide(options.name_deprecated == NULL ? "" :
                      *options.name_deprecated);
+  SECURITY_ATTRIBUTES sa = { sizeof(sa), NULL, FALSE };
+  SECURITY_DESCRIPTOR sd;
+  ACL dacl;
+
  if (options.share_read_only && name_.empty()) {
+    // Add an empty DACL to enforce anonymous read-only sections.
+    sa.lpSecurityDescriptor = &sd;
+    if (!InitializeAcl(&dacl, sizeof(dacl), ACL_REVISION))
+      return false;
+    if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
+      return false;
+    if (!SetSecurityDescriptorDacl(&sd, TRUE, &dacl, FALSE))
+      return false;
+
    // Windows ignores DACLs on certain unnamed objects (like shared sections).
    // So, we generate a random name when we need to enforce read-only.
    uint64_t rand_values[4];
@@ -126,7 +142,7 @@ bool SharedMemory::Create(const SharedMemoryCreateOptions& options) {
                               rand_values[0], rand_values[1],
                               rand_values[2], rand_values[3]);
  }
-  mapped_file_ = CreateFileMapping(INVALID_HANDLE_VALUE, NULL,
+  mapped_file_ = CreateFileMapping(INVALID_HANDLE_VALUE, &sa,
      PAGE_READWRITE, 0, static_cast<DWORD>(rounded_size), name_.c_str());
  if (!mapped_file_)
    return false;