Check IP address size when deserializing IPEndPoint.

Failure to do so leads to a CHECK() in the browser under the IPC fuzzing tests, which generates a lot of false positives. Instead, we can invert the situation and blame the renderer. BUG=349572 Review URL: https://codereview.chromium.org/183023016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255686 0039d316-1c4b-4281-b951-d872f2087c98

Check IP address size when deserializing IPEndPoint.
Failure to do so leads to a CHECK() in the browser under the IPC fuzzing tests, which generates a lot of false positives. Instead, we can invert the situation and blame the renderer. BUG=349572 Review URL: https://codereview.chromium.org/183023016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255686 0039d316-1c4b-4281-b951-d872f2087c98
83fc639b · tsepez@chromium.org · 14c28807 · 83fc639b
Commit 83fc639b authored Mar 07, 2014 by tsepez@chromium.org
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

content/public/common/common_param_traits.cc content/public/common/common_param_traits.cc +5 -0

No files found.
--- a/content/public/common/common_param_traits.cc
+++ b/content/public/common/common_param_traits.cc
@@ -120,6 +120,11 @@ bool ParamTraits<net::IPEndPoint>::Read(const Message* m, PickleIterator* iter,
  int port;
  if (!ReadParam(m, iter, &address) || !ReadParam(m, iter, &port))
    return false;
+  if (address.size() &&
+      address.size() != net::kIPv4AddressSize &&
+      address.size() != net::kIPv6AddressSize) {
+    return false;
+  }
  *p = net::IPEndPoint(address, port);
  return true;
 }