canmove, Confirmed users
1,220
edits
Security/Sandbox/IPCguide: Difference between revisions
Jump to navigation
Jump to search
→All data coming from a content process is untrusted
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) |
||
| Line 42: | Line 42: | ||
As you know by now, when an attacker '''compromised the content process''' (or any non chrome process for that matter), the attacker is able to do whatever they want as long as it is not restricted by the sandbox. This also means an attacker can send IPC messages that contain unexpected values as compared to normal usage. Let’s look at an example of an IPC message to illustrate what is meant: | As you know by now, when an attacker '''compromised the content process''' (or any non chrome process for that matter), the attacker is able to do whatever they want as long as it is not restricted by the sandbox. This also means an attacker can send IPC messages that contain unexpected values as compared to normal usage. Let’s look at an example of an IPC message to illustrate what is meant: | ||
<pre> | |||
Int mValue[10]; | Int mValue[10]; | ||
... | ... | ||
static bool Read(const Message* aMsg, void** aIter, paramType* aResult) { | static bool Read(const Message* aMsg, void** aIter, paramType* aResult) { | ||
... | ... | ||
ReadParam(aMsg, aIter, &(aResult->mLength)); | |||
for (uint16_t i = 0; i < aResult->mLength; i++) { | |||
if (!ReadParam(aMsg, aIter, &(aResult->mValue[i]))) { | |||
for (uint16_t i = 0; i | return false; | ||
if (!ReadParam(aMsg, aIter, & | } | ||
return false; | } | ||
} | |||
} | |||
... | ... | ||
} | } | ||
</pre> | |||