| ... |
... |
@@ -27,6 +27,34 @@ |
|
27
|
27
|
|
|
28
|
28
|
using namespace mozilla::ipc;
|
|
29
|
29
|
|
|
|
30
|
+namespace {
|
|
|
31
|
+
|
|
|
32
|
+// This logic is borrowed from Chromium's `base/win/win_util.h`. It allows us
|
|
|
33
|
+// to distinguish pseudo-handle values, such as returned by GetCurrentProcess()
|
|
|
34
|
+// (-1), GetCurrentThread() (-2), and potentially more. The code there claims
|
|
|
35
|
+// that fuzzers have found issues up until -12 with DuplicateHandle.
|
|
|
36
|
+//
|
|
|
37
|
+// https://source.chromium.org/chromium/chromium/src/+/36dbbf38697dd1e23ef8944bb9e57f6e0b3d41ec:base/win/win_util.h
|
|
|
38
|
+inline bool IsPseudoHandle(HANDLE handle) {
|
|
|
39
|
+ auto handleValue = static_cast<int32_t>(reinterpret_cast<uintptr_t>(handle));
|
|
|
40
|
+ return -12 <= handleValue && handleValue < 0;
|
|
|
41
|
+}
|
|
|
42
|
+
|
|
|
43
|
+// A real handle is a handle that is not a pseudo-handle. Always preferably use
|
|
|
44
|
+// this variant over ::DuplicateHandle. Only use stock ::DuplicateHandle if you
|
|
|
45
|
+// explicitly need the ability to duplicate a pseudo-handle.
|
|
|
46
|
+inline bool DuplicateRealHandle(HANDLE source_process, HANDLE source_handle,
|
|
|
47
|
+ HANDLE target_process, LPHANDLE target_handle,
|
|
|
48
|
+ DWORD desired_access, BOOL inherit_handle,
|
|
|
49
|
+ DWORD options) {
|
|
|
50
|
+ MOZ_RELEASE_ASSERT(!IsPseudoHandle(source_handle));
|
|
|
51
|
+ return static_cast<bool>(::DuplicateHandle(
|
|
|
52
|
+ source_process, source_handle, target_process, target_handle,
|
|
|
53
|
+ desired_access, inherit_handle, options));
|
|
|
54
|
+}
|
|
|
55
|
+
|
|
|
56
|
+} // namespace
|
|
|
57
|
+
|
|
30
|
58
|
namespace IPC {
|
|
31
|
59
|
//------------------------------------------------------------------------------
|
|
32
|
60
|
|
| ... |
... |
@@ -732,9 +760,9 @@ bool Channel::ChannelImpl::AcceptHandles(Message& msg) { |
|
732
|
760
|
CHROMIUM_LOG(ERROR) << "other_process_ is invalid in AcceptHandles";
|
|
733
|
761
|
return false;
|
|
734
|
762
|
}
|
|
735
|
|
- if (!::DuplicateHandle(other_process_, handle, GetCurrentProcess(),
|
|
736
|
|
- &handle, 0, FALSE,
|
|
737
|
|
- DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE)) {
|
|
|
763
|
+ if (!::DuplicateRealHandle(
|
|
|
764
|
+ other_process_, handle, GetCurrentProcess(), &handle, 0, FALSE,
|
|
|
765
|
+ DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE)) {
|
|
738
|
766
|
CHROMIUM_LOG(ERROR) << "DuplicateHandle failed for handle " << handle
|
|
739
|
767
|
<< " in AcceptHandles";
|
|
740
|
768
|
return false;
|
| ... |
... |
@@ -787,9 +815,9 @@ bool Channel::ChannelImpl::TransferHandles(Message& msg) { |
|
787
|
815
|
CHROMIUM_LOG(ERROR) << "other_process_ is invalid in TransferHandles";
|
|
788
|
816
|
return false;
|
|
789
|
817
|
}
|
|
790
|
|
- if (!::DuplicateHandle(GetCurrentProcess(), handle, other_process_,
|
|
791
|
|
- &handle, 0, FALSE,
|
|
792
|
|
- DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE)) {
|
|
|
818
|
+ if (!::DuplicateRealHandle(
|
|
|
819
|
+ GetCurrentProcess(), handle, other_process_, &handle, 0, FALSE,
|
|
|
820
|
+ DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE)) {
|
|
793
|
821
|
CHROMIUM_LOG(ERROR) << "DuplicateHandle failed for handle " << handle
|
|
794
|
822
|
<< " in TransferHandles";
|
|
795
|
823
|
return false;
|