Index: sandbox/linux/services/broker_process.cc diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc index d2302ea098215c8188eb74b0d36da37506ff302a..7999e77fa34fcef4ad8575fa905d66f645df6986 100644 --- a/sandbox/linux/services/broker_process.cc +++ b/sandbox/linux/services/broker_process.cc @@ -53,7 +53,7 @@ static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC; // async signal safe if |file_to_open| is NULL. // TODO(jln): assert signal safety. bool GetFileNameInWhitelist(const std::vector& allowed_file_names, - const std::string& requested_filename, + const char* requested_filename, const char** file_to_open) { if (file_to_open && *file_to_open) { // Make sure that callers never pass a non-empty string. In case callers @@ -62,13 +62,17 @@ bool GetFileNameInWhitelist(const std::vector& allowed_file_names, RAW_LOG(FATAL, "*file_to_open should be NULL"); return false; } + + // Look for |requested_filename| in |allowed_file_names|. + // We don't use ::find() because it takes a std::string and + // the conversion allocates memory. std::vector::const_iterator it; - it = std::find(allowed_file_names.begin(), allowed_file_names.end(), - requested_filename); - if (it < allowed_file_names.end()) { // requested_filename was found? - if (file_to_open) - *file_to_open = it->c_str(); - return true; + for (it = allowed_file_names.begin(); it != allowed_file_names.end(); it++) { + if (strcmp(requested_filename, it->c_str()) == 0) { + if (file_to_open) + *file_to_open = it->c_str(); + return true; + } } return false; } @@ -393,6 +397,7 @@ void BrokerProcess::AccessFileForIPC(const std::string& requested_filename, const char* file_to_access = NULL; const bool safe_to_access_file = GetFileNameIfAllowedToAccess( requested_filename.c_str(), mode, &file_to_access); + if (safe_to_access_file) { CHECK(file_to_access); int access_ret = access(file_to_access, mode);