Skip to content

GitLab

T
tangled
Commit 907fcb65 authored by nasko's avatar nasko Committed by Commit bot
Browse files
Options

Add helper method to check for invalid message source. 

This CL refactors the check for invalid render_frame_message_source_ to a common method and uses it in all of the relevant IPC handlers. Ideally it will all be removed once RenderViewHost disappears or all of its IPC handling is removed.

BUG=451932, 449777

Review URL: https://codereview.chromium.org/877203002

Cr-Commit-Position: refs/heads/master@{#313445}
parent 335f3d63
Hide whitespace changes
Inline Side-by-side
Showing with 34 additions and 10 deletions
content/browser/web_contents/web_contents_impl.cc
View file @ 907fcb65
...@@ -568,6 +568,17 @@ bool WebContentsImpl::OnMessageReceived(RenderViewHost* render_view_host, ...@@ -568,6 +568,17 @@ bool WebContentsImpl::OnMessageReceived(RenderViewHost* render_view_host,
return handled; return handled;
} }
bool WebContentsImpl::HasValidFrameSource() {
if (!render_frame_message_source_) {
DCHECK(render_view_message_source_);
RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
GetRenderProcessHost()->ReceivedBadMessage();
return false;
}
return true;
}
void WebContentsImpl::RunFileChooser( void WebContentsImpl::RunFileChooser(
RenderViewHost* render_view_host, RenderViewHost* render_view_host,
const FileChooserParams& params) { const FileChooserParams& params) {
...@@ -2764,11 +2775,8 @@ void WebContentsImpl::OnDidRunInsecureContent( ...@@ -2764,11 +2775,8 @@ void WebContentsImpl::OnDidRunInsecureContent(
} }
void WebContentsImpl::OnDocumentLoadedInFrame() { void WebContentsImpl::OnDocumentLoadedInFrame() {
if (!render_frame_message_source_) { if (!HasValidFrameSource())
RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
GetRenderProcessHost()->ReceivedBadMessage();
return; return;
}
RenderFrameHostImpl* rfh = RenderFrameHostImpl* rfh =
static_cast<RenderFrameHostImpl*>(render_frame_message_source_); static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
...@@ -2777,11 +2785,8 @@ void WebContentsImpl::OnDocumentLoadedInFrame() { ...@@ -2777,11 +2785,8 @@ void WebContentsImpl::OnDocumentLoadedInFrame() {
} }
void WebContentsImpl::OnDidFinishLoad(const GURL& url) { void WebContentsImpl::OnDidFinishLoad(const GURL& url) {
if (!render_frame_message_source_) { if (!HasValidFrameSource())
RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
GetRenderProcessHost()->ReceivedBadMessage();
return; return;
}
GURL validated_url(url); GURL validated_url(url);
RenderProcessHost* render_process_host = RenderProcessHost* render_process_host =
...@@ -2795,6 +2800,9 @@ void WebContentsImpl::OnDidFinishLoad(const GURL& url) { ...@@ -2795,6 +2800,9 @@ void WebContentsImpl::OnDidFinishLoad(const GURL& url) {
} }
void WebContentsImpl::OnDidStartLoading(bool to_different_document) { void WebContentsImpl::OnDidStartLoading(bool to_different_document) {
if (!HasValidFrameSource())
return;
RenderFrameHostImpl* rfh = RenderFrameHostImpl* rfh =
static_cast<RenderFrameHostImpl*>(render_frame_message_source_); static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id(); int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
...@@ -2837,6 +2845,9 @@ void WebContentsImpl::OnDidStartLoading(bool to_different_document) { ...@@ -2837,6 +2845,9 @@ void WebContentsImpl::OnDidStartLoading(bool to_different_document) {
} }
void WebContentsImpl::OnDidStopLoading() { void WebContentsImpl::OnDidStopLoading() {
if (!HasValidFrameSource())
return;
RenderFrameHostImpl* rfh = RenderFrameHostImpl* rfh =
static_cast<RenderFrameHostImpl*>(render_frame_message_source_); static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id(); int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
...@@ -2865,6 +2876,9 @@ void WebContentsImpl::OnDidStopLoading() { ...@@ -2865,6 +2876,9 @@ void WebContentsImpl::OnDidStopLoading() {
} }
void WebContentsImpl::OnDidChangeLoadProgress(double load_progress) { void WebContentsImpl::OnDidChangeLoadProgress(double load_progress) {
if (!HasValidFrameSource())
return;
RenderFrameHostImpl* rfh = RenderFrameHostImpl* rfh =
static_cast<RenderFrameHostImpl*>(render_frame_message_source_); static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id(); int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
...@@ -3001,9 +3015,9 @@ void WebContentsImpl::OnOpenColorChooser( ...@@ -3001,9 +3015,9 @@ void WebContentsImpl::OnOpenColorChooser(
int color_chooser_id, int color_chooser_id,
SkColor color, SkColor color,
const std::vector<ColorSuggestion>& suggestions) { const std::vector<ColorSuggestion>& suggestions) {
// Protect against malicious renderer. See http://crbug.com/449777 if (!HasValidFrameSource())
if (!render_frame_message_source_)
return; return;
ColorChooser* new_color_chooser = delegate_ ? ColorChooser* new_color_chooser = delegate_ ?
delegate_->OpenColorChooser(this, color, suggestions) : delegate_->OpenColorChooser(this, color, suggestions) :
NULL; NULL;
...@@ -4412,6 +4426,9 @@ void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) { ...@@ -4412,6 +4426,9 @@ void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) {
void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie, void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie,
ActiveMediaPlayerMap* player_map) { ActiveMediaPlayerMap* player_map) {
if (!HasValidFrameSource())
return;
const uintptr_t key = const uintptr_t key =
reinterpret_cast<uintptr_t>(render_frame_message_source_); reinterpret_cast<uintptr_t>(render_frame_message_source_);
DCHECK(std::find((*player_map)[key].begin(), DCHECK(std::find((*player_map)[key].begin(),
...@@ -4422,6 +4439,9 @@ void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie, ...@@ -4422,6 +4439,9 @@ void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie,
void WebContentsImpl::RemoveMediaPlayerEntry(int64 player_cookie, void WebContentsImpl::RemoveMediaPlayerEntry(int64 player_cookie,
ActiveMediaPlayerMap* player_map) { ActiveMediaPlayerMap* player_map) {
if (!HasValidFrameSource())
return;
const uintptr_t key = const uintptr_t key =
reinterpret_cast<uintptr_t>(render_frame_message_source_); reinterpret_cast<uintptr_t>(render_frame_message_source_);
ActiveMediaPlayerMap::iterator it = player_map->find(key); ActiveMediaPlayerMap::iterator it = player_map->find(key);
......
content/browser/web_contents/web_contents_impl.h
View file @ 907fcb65
...@@ -752,6 +752,10 @@ class CONTENT_EXPORT WebContentsImpl ...@@ -752,6 +752,10 @@ class CONTENT_EXPORT WebContentsImpl
RenderFrameHost* render_frame_host, RenderFrameHost* render_frame_host,
const IPC::Message& message); const IPC::Message& message);
// Checks whether render_frame_message_source_ is set to non-null value,
// otherwise it terminates the main frame renderer process.
bool HasValidFrameSource();
// IPC message handlers. // IPC message handlers.
void OnThemeColorChanged(SkColor theme_color); void OnThemeColorChanged(SkColor theme_color);
void OnDidLoadResourceFromMemoryCache(const GURL& url, void OnDidLoadResourceFromMemoryCache(const GURL& url,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment