From a11243e8f12a2d9a8c5c3b4b68c7f2b9cc6baa42 Mon Sep 17 00:00:00 2001 From: Joshua Peraza Date: Thu, 2 May 2019 13:55:08 -0700 Subject: [PATCH] linux: add wrappers for send/recvmsg sendmsg() and recvmsg() are complicated to use. Refactor their usage into functions with a simpler, tested interface and use those instead. This also adds CreateCredentialSocketpair() to create a pair of connected sockets with SO_PASSCRED set. This option should be set before the possibility of any calls to sendmsg() with the socket pair to avoid race conditions in properly setting credentials. Also update the handler to use Strategy::kNoPtrace (which causes the crash dump to fail without breaking the socket connection) if the credentials were invalid, which can happen if SO_PASSCRED was set after the call to sendmsg() or if the sending process does not exist in this namespace. Change-Id: Id09f87125540255687a3c35d5bed7fa01ec07cff Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1584639 Reviewed-by: Mark Mentovai --- client/crashpad_client_linux_test.cc | 14 +- handler/linux/exception_handler_server.cc | 88 ++-------- handler/linux/exception_handler_server.h | 2 +- util/BUILD.gn | 7 + util/linux/exception_handler_client.cc | 35 +--- util/linux/socket.cc | 192 ++++++++++++++++++++++ util/linux/socket.h | 92 +++++++++++ util/linux/socket_test.cc | 139 ++++++++++++++++ util/util.gyp | 3 + util/util_test.gyp | 1 + 10 files changed, 457 insertions(+), 116 deletions(-) create mode 100644 util/linux/socket.cc create mode 100644 util/linux/socket.h create mode 100644 util/linux/socket_test.cc diff --git a/client/crashpad_client_linux_test.cc b/client/crashpad_client_linux_test.cc index 49206e6c..f4934239 100644 --- a/client/crashpad_client_linux_test.cc +++ b/client/crashpad_client_linux_test.cc @@ -16,7 +16,6 @@ #include #include -#include #include #include #include @@ -38,6 +37,7 @@ #include "util/file/filesystem.h" #include "util/linux/exception_handler_client.h" #include "util/linux/exception_information.h" +#include "util/linux/socket.h" #include "util/misc/address_types.h" #include "util/misc/from_pointer_cast.h" #include "util/posix/signals.h" @@ -245,16 +245,8 @@ class StartHandlerForClientTest { bool Initialize(bool sanitize) { sanitize_ = sanitize; - - int socks[2]; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, socks) != 0) { - PLOG(ERROR) << "socketpair"; - return false; - } - client_sock_.reset(socks[0]); - server_sock_.reset(socks[1]); - - return true; + return UnixCredentialSocket::CreateCredentialSocketpair(&client_sock_, + &server_sock_); } bool StartHandlerOnDemand() { diff --git a/handler/linux/exception_handler_server.cc b/handler/linux/exception_handler_server.cc index 04f06ffc..2ee1bc8d 100644 --- a/handler/linux/exception_handler_server.cc +++ b/handler/linux/exception_handler_server.cc @@ -33,6 +33,7 @@ #include "util/file/file_io.h" #include "util/file/filesystem.h" #include "util/linux/proc_task_reader.h" +#include "util/linux/socket.h" #include "util/misc/as_underlying_type.h" namespace crashpad { @@ -154,6 +155,11 @@ class PtraceStrategyDeciderImpl : public PtraceStrategyDecider { Strategy ChooseStrategy(int sock, bool multiple_clients, const ucred& client_credentials) override { + if (client_credentials.pid <= 0) { + LOG(ERROR) << "invalid credentials"; + return Strategy::kNoPtrace; + } + switch (GetPtraceScope()) { case PtraceScope::kClassic: if (getuid() == client_credentials.uid || HaveCapSysPtrace()) { @@ -402,56 +408,18 @@ bool ExceptionHandlerServer::UninstallClientSocket(Event* event) { bool ExceptionHandlerServer::ReceiveClientMessage(Event* event) { ExceptionHandlerProtocol::ClientToServerMessage message; - iovec iov; - iov.iov_base = &message; - iov.iov_len = sizeof(message); - - msghdr msg; - msg.msg_name = nullptr; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - char cmsg_buf[CMSG_SPACE(sizeof(ucred))]; - msg.msg_control = cmsg_buf; - msg.msg_controllen = sizeof(cmsg_buf); - msg.msg_flags = 0; - - int res = HANDLE_EINTR(recvmsg(event->fd.get(), &msg, 0)); - if (res < 0) { - PLOG(ERROR) << "recvmsg"; - return false; - } - if (res == 0) { - // The client had an orderly shutdown. + ucred creds; + if (!UnixCredentialSocket::RecvMsg( + event->fd.get(), &message, sizeof(message), &creds)) { return false; } - if (msg.msg_name != nullptr || msg.msg_namelen != 0) { - LOG(ERROR) << "unexpected msg name"; - return false; - } - - if (msg.msg_iovlen != 1) { - LOG(ERROR) << "unexpected iovlen"; - return false; - } - - if (msg.msg_iov[0].iov_len != - sizeof(ExceptionHandlerProtocol::ClientToServerMessage)) { - LOG(ERROR) << "unexpected message size " << msg.msg_iov[0].iov_len; - return false; - } - auto client_msg = - reinterpret_cast( - msg.msg_iov[0].iov_base); - - switch (client_msg->type) { + switch (message.type) { case ExceptionHandlerProtocol::ClientToServerMessage::kCrashDumpRequest: return HandleCrashDumpRequest( - msg, - client_msg->client_info, - client_msg->requesting_thread_stack_address, + creds, + message.client_info, + message.requesting_thread_stack_address, event->fd.get(), event->type == Event::Type::kSharedSocketMessage); } @@ -462,38 +430,16 @@ bool ExceptionHandlerServer::ReceiveClientMessage(Event* event) { } bool ExceptionHandlerServer::HandleCrashDumpRequest( - const msghdr& msg, + const ucred& creds, const ExceptionHandlerProtocol::ClientInformation& client_info, VMAddress requesting_thread_stack_address, int client_sock, bool multiple_clients) { - cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); - if (cmsg == nullptr) { - LOG(ERROR) << "missing credentials"; - return false; - } - - if (cmsg->cmsg_level != SOL_SOCKET) { - LOG(ERROR) << "unexpected cmsg_level " << cmsg->cmsg_level; - return false; - } - - if (cmsg->cmsg_type != SCM_CREDENTIALS) { - LOG(ERROR) << "unexpected cmsg_type " << cmsg->cmsg_type; - return false; - } - - if (cmsg->cmsg_len != CMSG_LEN(sizeof(ucred))) { - LOG(ERROR) << "unexpected cmsg_len " << cmsg->cmsg_len; - return false; - } - - ucred* client_credentials = reinterpret_cast(CMSG_DATA(cmsg)); - pid_t client_process_id = client_credentials->pid; + pid_t client_process_id = creds.pid; pid_t requesting_thread_id = -1; - switch (strategy_decider_->ChooseStrategy( - client_sock, multiple_clients, *client_credentials)) { + switch ( + strategy_decider_->ChooseStrategy(client_sock, multiple_clients, creds)) { case PtraceStrategyDecider::Strategy::kError: if (multiple_clients) { SendSIGCONT(client_process_id, requesting_thread_id); diff --git a/handler/linux/exception_handler_server.h b/handler/linux/exception_handler_server.h index dfa3e4b5..9752195e 100644 --- a/handler/linux/exception_handler_server.h +++ b/handler/linux/exception_handler_server.h @@ -170,7 +170,7 @@ class ExceptionHandlerServer { bool UninstallClientSocket(Event* event); bool ReceiveClientMessage(Event* event); bool HandleCrashDumpRequest( - const msghdr& msg, + const ucred& creds, const ExceptionHandlerProtocol::ClientInformation& client_info, VMAddress requesting_thread_stack_address, int client_sock, diff --git a/util/BUILD.gn b/util/BUILD.gn index a0023f74..620ae255 100644 --- a/util/BUILD.gn +++ b/util/BUILD.gn @@ -310,6 +310,8 @@ static_library("util") { "linux/scoped_pr_set_ptracer.h", "linux/scoped_ptrace_attach.cc", "linux/scoped_ptrace_attach.h", + "linux/socket.cc", + "linux/socket.h", "linux/thread_info.cc", "linux/thread_info.h", "linux/traits.h", @@ -472,6 +474,10 @@ static_library("util") { if (crashpad_is_fuchsia) { public_deps += [ "../third_party/fuchsia" ] } + + if (crashpad_is_android || crashpad_is_linux) { + deps += [ "../third_party/lss" ] + } } if (crashpad_use_boringssl_for_http_transport_socket) { @@ -626,6 +632,7 @@ source_set("util_test") { "linux/ptrace_broker_test.cc", "linux/ptracer_test.cc", "linux/scoped_ptrace_attach_test.cc", + "linux/socket_test.cc", "misc/capture_context_test_util_linux.cc", ] } diff --git a/util/linux/exception_handler_client.cc b/util/linux/exception_handler_client.cc index ca9f2df0..0d01ca31 100644 --- a/util/linux/exception_handler_client.cc +++ b/util/linux/exception_handler_client.cc @@ -17,7 +17,6 @@ #include #include #include -#include #include #include @@ -26,6 +25,7 @@ #include "build/build_config.h" #include "util/file/file_io.h" #include "util/linux/ptrace_broker.h" +#include "util/linux/socket.h" #include "util/misc/from_pointer_cast.h" #include "util/posix/signals.h" @@ -142,38 +142,7 @@ int ExceptionHandlerClient::SendCrashDumpRequest( ExceptionHandlerProtocol::ClientToServerMessage::kCrashDumpRequest; message.requesting_thread_stack_address = stack_pointer; message.client_info = info; - - iovec iov; - iov.iov_base = &message; - iov.iov_len = sizeof(message); - - msghdr msg; - msg.msg_name = nullptr; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - ucred creds; - creds.pid = getpid(); - creds.uid = geteuid(); - creds.gid = getegid(); - - char cmsg_buf[CMSG_SPACE(sizeof(creds))]; - msg.msg_control = cmsg_buf; - msg.msg_controllen = sizeof(cmsg_buf); - - cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_CREDENTIALS; - cmsg->cmsg_len = CMSG_LEN(sizeof(creds)); - *reinterpret_cast(CMSG_DATA(cmsg)) = creds; - - if (HANDLE_EINTR(sendmsg(server_sock_, &msg, MSG_NOSIGNAL)) < 0) { - PLOG(ERROR) << "sendmsg"; - return errno; - } - - return 0; + return UnixCredentialSocket::SendMsg(server_sock_, &message, sizeof(message)); } int ExceptionHandlerClient::WaitForCrashDumpComplete() { diff --git a/util/linux/socket.cc b/util/linux/socket.cc new file mode 100644 index 00000000..68efd570 --- /dev/null +++ b/util/linux/socket.cc @@ -0,0 +1,192 @@ +// Copyright 2019 The Crashpad Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "util/linux/socket.h" + +#include + +#include "base/logging.h" +#include "base/posix/eintr_wrapper.h" +#include "third_party/lss/lss.h" + +namespace crashpad { + +// static +bool UnixCredentialSocket::CreateCredentialSocketpair(ScopedFileHandle* sock1, + ScopedFileHandle* sock2) { + int socks[2]; + if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socks) != 0) { + PLOG(ERROR) << "socketpair"; + return false; + } + ScopedFileHandle local_sock1(socks[0]); + ScopedFileHandle local_sock2(socks[1]); + + int optval = 1; + socklen_t optlen = sizeof(optval); + if (setsockopt(local_sock1.get(), SOL_SOCKET, SO_PASSCRED, &optval, optlen) != + 0 || + setsockopt(local_sock2.get(), SOL_SOCKET, SO_PASSCRED, &optval, optlen) != + 0) { + PLOG(ERROR) << "setsockopt"; + return false; + } + + sock1->swap(local_sock1); + sock2->swap(local_sock2); + return true; +} + +constexpr size_t UnixCredentialSocket::kMaxSendRecvMsgFDs = 4; + +// static +int UnixCredentialSocket::SendMsg(int fd, + const void* buf, + size_t buf_size, + const int* fds, + size_t fd_count) { + // This function is intended to be used after a crash. fds is an integer + // array instead of a vector to avoid forcing callers to provide a vector, + // which they would have to create prior to the crash. + if (fds && fd_count > kMaxSendRecvMsgFDs) { + DLOG(ERROR) << "too many fds " << fd_count; + return EINVAL; + } + + iovec iov; + iov.iov_base = const_cast(buf); + iov.iov_len = buf_size; + + msghdr msg = {}; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + + char cmsg_buf[CMSG_SPACE(sizeof(int) * kMaxSendRecvMsgFDs)]; + if (fds) { + msg.msg_control = cmsg_buf; + msg.msg_controllen = CMSG_SPACE(sizeof(int) * fd_count); + + cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); + DCHECK(cmsg); + + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_RIGHTS; + cmsg->cmsg_len = CMSG_LEN(sizeof(int) * fd_count); + memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * fd_count); + } + + // TODO(jperaza): Use sys_sendmsg when lss has macros for maniuplating control + // messages. https://crbug.com/crashpad/265 + if (HANDLE_EINTR(sendmsg(fd, &msg, MSG_NOSIGNAL)) < 0) { + DPLOG(ERROR) << "sendmsg"; + return errno; + } + return 0; +} + +// static +bool UnixCredentialSocket::RecvMsg(int fd, + void* buf, + size_t buf_size, + ucred* creds, + std::vector* fds) { + iovec iov; + iov.iov_base = buf; + iov.iov_len = buf_size; + + msghdr msg = {}; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + + char cmsg_buf[CMSG_SPACE(sizeof(ucred)) + + CMSG_SPACE(sizeof(int) * kMaxSendRecvMsgFDs)]; + msg.msg_control = cmsg_buf; + msg.msg_controllen = sizeof(cmsg_buf); + + int res = HANDLE_EINTR(recvmsg(fd, &msg, 0)); + if (res < 0) { + PLOG(ERROR) << "recvmsg"; + return false; + } + + ucred* local_creds = nullptr; + std::vector local_fds; + bool unhandled_cmsgs = false; + + for (cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); + cmsg; + cmsg = CMSG_NXTHDR(&msg, cmsg)) { + if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { + int* fdp = reinterpret_cast(CMSG_DATA(cmsg)); + size_t fd_count = (reinterpret_cast(cmsg) + cmsg->cmsg_len - + reinterpret_cast(fdp)) / + sizeof(int); + DCHECK_LE(fd_count, kMaxSendRecvMsgFDs); + for (size_t index = 0; index < fd_count; ++index) { + if (fds) { + local_fds.emplace_back(fdp[index]); + } else if (IGNORE_EINTR(close(fdp[index])) != 0) { + PLOG(ERROR) << "close"; + } + } + continue; + } + + if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_CREDENTIALS) { + DCHECK(!local_creds); + local_creds = reinterpret_cast(CMSG_DATA(cmsg)); + continue; + } + + LOG(ERROR) << "unhandled cmsg " << cmsg->cmsg_level << ", " + << cmsg->cmsg_type; + unhandled_cmsgs = true; + } + + if (unhandled_cmsgs) { + return false; + } + + if (msg.msg_name != nullptr || msg.msg_namelen != 0) { + LOG(ERROR) << "unexpected msg name"; + return false; + } + + if (msg.msg_flags & MSG_TRUNC || msg.msg_flags & MSG_CTRUNC) { + LOG(ERROR) << "truncated msg"; + return false; + } + + if (!local_creds) { + LOG(ERROR) << "missing credentials"; + return false; + } + + // res == 0 may also indicate that the sending socket disconnected, but in + // that case, the message will also have missing or invalid credentials. + if (static_cast(res) != buf_size) { + if (res != 0 || (local_creds && local_creds->pid != 0)) { + LOG(ERROR) << "incorrect payload size " << res; + } + return false; + } + + *creds = *local_creds; + if (fds) { + fds->swap(local_fds); + } + return true; +} + +} // namespace crashpad diff --git a/util/linux/socket.h b/util/linux/socket.h new file mode 100644 index 00000000..c02a6c30 --- /dev/null +++ b/util/linux/socket.h @@ -0,0 +1,92 @@ +// Copyright 2019 The Crashpad Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef CRASHPAD_UTIL_LINUX_SOCKET_H_ +#define CRASHPAD_UTIL_LINUX_SOCKET_H_ + +#include +#include + +#include + +#include "base/macros.h" +#include "util/file/file_io.h" + +namespace crashpad { + +//! \brief Utilities for communicating over `SO_PASSCRED` enabled `AF_UNIX` +//! sockets. +class UnixCredentialSocket { + public: + //! \brief Creates an `AF_UNIX` family socket pair with `SO_PASSCRED` set on + //! each socket. + //! + //! \param[out] s1 One end of the connected pair. + //! \param[out] s2 The other end of the connected pair. + //! \return `true` on success. Otherwise, `false` with a message logged. + static bool CreateCredentialSocketpair(ScopedFileHandle* s1, + ScopedFileHandle* s2); + + //! \brief The maximum number of file descriptors that may be sent/received + //! with `SendMsg()` or `RecvMsg()`. + static const size_t kMaxSendRecvMsgFDs; + + //! \brief Wraps `sendmsg()` to send a message with file descriptors. + //! + //! This function is intended for use with `AF_UNIX` family sockets and + //! passes file descriptors with `SCM_RIGHTS`. + //! + //! This function may be used in a compromised context. + //! + //! \param[in] fd The file descriptor to write the message to. + //! \param[in] buf The buffer containing the message. + //! \param[in] buf_size The size of the message. + //! \param[in] fds An array of at most `kMaxSendRecvMsgFDs` file descriptors. + //! Optional. + //! \param[in] fd_count The number of file descriptors in \a fds. Required + //! only if \a fds was set. + //! \return 0 on success or an error code on failure. + static int SendMsg(int fd, + const void* buf, + size_t buf_size, + const int* fds = nullptr, + size_t fd_count = 0); + + //! \brief Wraps `recvmsg()` to receive a message with file descriptors and + //! credentials. + //! + //! This function is intended to be used with `AF_UNIX` family sockets. Up to + //! `kMaxSendRecvMsgFDs` file descriptors may be received (via `SCM_RIGHTS`). + //! The socket must have `SO_PASSCRED` set. + //! + //! \param[in] fd The file descriptor to receive the message on. + //! \param[out] buf The buffer to fill with the message. + //! \param[in] buf_size The size of the message. + //! \param[out] creds The credentials of the sender. + //! \param[out] fds The recieved file descriptors. Optional. If `nullptr`, all + //! received file descriptors will be closed. + //! \return `true` on success. Otherwise, `false`, with a message logged. + static bool RecvMsg(int fd, + void* buf, + size_t buf_size, + ucred* creds, + std::vector* fds = nullptr); + + private: + DISALLOW_IMPLICIT_CONSTRUCTORS(UnixCredentialSocket); +}; + +} // namespace crashpad + +#endif // CRASHPAD_UTIL_LINUX_SOCKET_H_ diff --git a/util/linux/socket_test.cc b/util/linux/socket_test.cc new file mode 100644 index 00000000..4e583aed --- /dev/null +++ b/util/linux/socket_test.cc @@ -0,0 +1,139 @@ +// Copyright 2019 The Crashpad Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "util/linux/socket.h" + +#include "base/logging.h" +#include "base/macros.h" +#include "base/posix/eintr_wrapper.h" +#include "gtest/gtest.h" +#include "util/linux/socket.h" + +namespace crashpad { +namespace test { +namespace { + +TEST(Socket, Credentials) { + ScopedFileHandle send_sock, recv_sock; + ASSERT_TRUE( + UnixCredentialSocket::CreateCredentialSocketpair(&send_sock, &recv_sock)); + + char msg = 42; + ASSERT_EQ(UnixCredentialSocket::SendMsg(send_sock.get(), &msg, sizeof(msg)), + 0); + + char recv_msg = 0; + ucred creds; + ASSERT_TRUE(UnixCredentialSocket::RecvMsg( + recv_sock.get(), &recv_msg, sizeof(recv_msg), &creds)); + EXPECT_EQ(recv_msg, msg); + EXPECT_EQ(creds.pid, getpid()); + EXPECT_EQ(creds.uid, geteuid()); + EXPECT_EQ(creds.gid, getegid()); +} + +TEST(Socket, EmptyMessages) { + ScopedFileHandle send_sock, recv_sock; + ASSERT_TRUE( + UnixCredentialSocket::CreateCredentialSocketpair(&send_sock, &recv_sock)); + + ASSERT_EQ(UnixCredentialSocket::SendMsg(send_sock.get(), nullptr, 0), 0); + + ucred creds; + ASSERT_TRUE( + UnixCredentialSocket::RecvMsg(recv_sock.get(), nullptr, 0, &creds)); + EXPECT_EQ(creds.pid, getpid()); + EXPECT_EQ(creds.uid, geteuid()); + EXPECT_EQ(creds.gid, getegid()); +} + +TEST(Socket, Hangup) { + ScopedFileHandle send_sock, recv_sock; + ASSERT_TRUE( + UnixCredentialSocket::CreateCredentialSocketpair(&send_sock, &recv_sock)); + + send_sock.reset(); + + char recv_msg = 0; + ucred creds; + EXPECT_FALSE(UnixCredentialSocket::RecvMsg( + recv_sock.get(), &recv_msg, sizeof(recv_msg), &creds)); +} + +TEST(Socket, FileDescriptors) { + ScopedFileHandle send_sock, recv_sock; + ASSERT_TRUE( + UnixCredentialSocket::CreateCredentialSocketpair(&send_sock, &recv_sock)); + + ScopedFileHandle test_fd1, test_fd2; + ASSERT_TRUE( + UnixCredentialSocket::CreateCredentialSocketpair(&test_fd1, &test_fd2)); + + char msg = 42; + ASSERT_EQ(UnixCredentialSocket::SendMsg( + send_sock.get(), &msg, sizeof(msg), &test_fd1.get(), 1), + 0); + + char recv_msg = 0; + ucred creds; + std::vector fds; + ASSERT_TRUE(UnixCredentialSocket::RecvMsg( + recv_sock.get(), &recv_msg, sizeof(recv_msg), &creds, &fds)); + ASSERT_EQ(fds.size(), 1u); +} + +TEST(Socket, RecvClosesFileDescriptors) { + ScopedFileHandle send_sock, recv_sock; + ASSERT_TRUE( + UnixCredentialSocket::CreateCredentialSocketpair(&send_sock, &recv_sock)); + + ScopedFileHandle send_fds[UnixCredentialSocket::kMaxSendRecvMsgFDs]; + ScopedFileHandle recv_fds[UnixCredentialSocket::kMaxSendRecvMsgFDs]; + int raw_recv_fds[UnixCredentialSocket::kMaxSendRecvMsgFDs]; + for (size_t index = 0; index < UnixCredentialSocket::kMaxSendRecvMsgFDs; + ++index) { + ASSERT_TRUE(UnixCredentialSocket::CreateCredentialSocketpair( + &send_fds[index], &recv_fds[index])); + raw_recv_fds[index] = recv_fds[index].get(); + } + + char msg = 42; + ASSERT_EQ( + UnixCredentialSocket::SendMsg(send_sock.get(), + &msg, + sizeof(msg), + raw_recv_fds, + UnixCredentialSocket::kMaxSendRecvMsgFDs), + 0); + + char recv_msg = 0; + ucred creds; + ASSERT_TRUE(UnixCredentialSocket::RecvMsg( + recv_sock.get(), &recv_msg, sizeof(recv_msg), &creds)); + EXPECT_EQ(creds.pid, getpid()); + + for (size_t index = 0; index < UnixCredentialSocket::kMaxSendRecvMsgFDs; + ++index) { + recv_fds[index].reset(); + char c; + EXPECT_EQ( + HANDLE_EINTR(send(send_fds[index].get(), &c, sizeof(c), MSG_NOSIGNAL)), + -1); + EXPECT_EQ(errno, EPIPE); + } +} + +} // namespace +} // namespace test +} // namespace crashpad diff --git a/util/util.gyp b/util/util.gyp index f75e96a2..7efec7dc 100644 --- a/util/util.gyp +++ b/util/util.gyp @@ -24,6 +24,7 @@ '../compat/compat.gyp:crashpad_compat', '../third_party/mini_chromium/mini_chromium.gyp:base', '../third_party/zlib/zlib.gyp:zlib', + '../third_party/lss/lss.gyp:lss', ], 'include_dirs': [ '..', @@ -82,6 +83,8 @@ 'linux/scoped_pr_set_ptracer.h', 'linux/scoped_ptrace_attach.cc', 'linux/scoped_ptrace_attach.h', + 'linux/socket.cc', + 'linux/socket.h', 'linux/thread_info.cc', 'linux/thread_info.h', 'linux/traits.h', diff --git a/util/util_test.gyp b/util/util_test.gyp index 619d40f1..573162e6 100644 --- a/util/util_test.gyp +++ b/util/util_test.gyp @@ -49,6 +49,7 @@ 'linux/ptrace_broker_test.cc', 'linux/ptracer_test.cc', 'linux/scoped_ptrace_attach_test.cc', + 'linux/socket_test.cc', 'mac/launchd_test.mm', 'mac/mac_util_test.mm', 'mac/service_management_test.mm',