3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2025-01-16 12:12:47 +08:00
Code Issues Projects Releases Wiki Activity
crashpad/util/linux/socket.cc
Joshua Peraza a11243e8f1 linux: add wrappers for send/recvmsg 
sendmsg() and recvmsg() are complicated to use. Refactor their usage
into functions with a simpler, tested interface and use those instead.
This also adds CreateCredentialSocketpair() to create a pair of
connected sockets with SO_PASSCRED set. This option should be set
before the possibility of any calls to sendmsg() with the socket pair
to avoid race conditions in properly setting credentials.

Also update the handler to use Strategy::kNoPtrace (which causes the
crash dump to fail without breaking the socket connection) if the
credentials were invalid, which can happen if SO_PASSCRED was set after
the call to sendmsg() or if the sending process does not exist in this
namespace.

Change-Id: Id09f87125540255687a3c35d5bed7fa01ec07cff
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1584639
Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-05-02 20:56:08 +00:00

193 lines
5.6 KiB
C++
Raw Blame History

// Copyright 2019 The Crashpad Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "util/linux/socket.h"
#include <unistd.h>
#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
#include "third_party/lss/lss.h"
namespace crashpad {
// static
bool UnixCredentialSocket::CreateCredentialSocketpair(ScopedFileHandle* sock1,
ScopedFileHandle* sock2) {
int socks[2];
if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socks) != 0) {
PLOG(ERROR) << "socketpair";
return false;
}
ScopedFileHandle local_sock1(socks[0]);
ScopedFileHandle local_sock2(socks[1]);
int optval = 1;
socklen_t optlen = sizeof(optval);
if (setsockopt(local_sock1.get(), SOL_SOCKET, SO_PASSCRED, &optval, optlen) !=
0 ||
setsockopt(local_sock2.get(), SOL_SOCKET, SO_PASSCRED, &optval, optlen) !=
0) {
PLOG(ERROR) << "setsockopt";
return false;
}
sock1->swap(local_sock1);
sock2->swap(local_sock2);
return true;
}
constexpr size_t UnixCredentialSocket::kMaxSendRecvMsgFDs = 4;
// static
int UnixCredentialSocket::SendMsg(int fd,
const void* buf,
size_t buf_size,
const int* fds,
size_t fd_count) {
// This function is intended to be used after a crash. fds is an integer
// array instead of a vector to avoid forcing callers to provide a vector,
// which they would have to create prior to the crash.
if (fds && fd_count > kMaxSendRecvMsgFDs) {
DLOG(ERROR) << "too many fds " << fd_count;
return EINVAL;
}
iovec iov;
iov.iov_base = const_cast<void*>(buf);
iov.iov_len = buf_size;
msghdr msg = {};
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
char cmsg_buf[CMSG_SPACE(sizeof(int) * kMaxSendRecvMsgFDs)];
if (fds) {
msg.msg_control = cmsg_buf;
msg.msg_controllen = CMSG_SPACE(sizeof(int) * fd_count);
cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
DCHECK(cmsg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int) * fd_count);
memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * fd_count);
}
// TODO(jperaza): Use sys_sendmsg when lss has macros for maniuplating control
// messages. https://crbug.com/crashpad/265
if (HANDLE_EINTR(sendmsg(fd, &msg, MSG_NOSIGNAL)) < 0) {
DPLOG(ERROR) << "sendmsg";
return errno;
}
return 0;
}
// static
bool UnixCredentialSocket::RecvMsg(int fd,
void* buf,
size_t buf_size,
ucred* creds,
std::vector<ScopedFileHandle>* fds) {
iovec iov;
iov.iov_base = buf;
iov.iov_len = buf_size;
msghdr msg = {};
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
char cmsg_buf[CMSG_SPACE(sizeof(ucred)) +
CMSG_SPACE(sizeof(int) * kMaxSendRecvMsgFDs)];
msg.msg_control = cmsg_buf;
msg.msg_controllen = sizeof(cmsg_buf);
int res = HANDLE_EINTR(recvmsg(fd, &msg, 0));
if (res < 0) {
PLOG(ERROR) << "recvmsg";
return false;
}
ucred* local_creds = nullptr;
std::vector<ScopedFileHandle> local_fds;
bool unhandled_cmsgs = false;
for (cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
cmsg;
cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
int* fdp = reinterpret_cast<int*>(CMSG_DATA(cmsg));
size_t fd_count = (reinterpret_cast<char*>(cmsg) + cmsg->cmsg_len -
reinterpret_cast<char*>(fdp)) /
sizeof(int);
DCHECK_LE(fd_count, kMaxSendRecvMsgFDs);
for (size_t index = 0; index < fd_count; ++index) {
if (fds) {
local_fds.emplace_back(fdp[index]);
} else if (IGNORE_EINTR(close(fdp[index])) != 0) {
PLOG(ERROR) << "close";
}
}
continue;
}
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_CREDENTIALS) {
DCHECK(!local_creds);
local_creds = reinterpret_cast<ucred*>(CMSG_DATA(cmsg));
continue;
}
LOG(ERROR) << "unhandled cmsg " << cmsg->cmsg_level << ", "
<< cmsg->cmsg_type;
unhandled_cmsgs = true;
}
if (unhandled_cmsgs) {
return false;
}
if (msg.msg_name != nullptr || msg.msg_namelen != 0) {
LOG(ERROR) << "unexpected msg name";
return false;
}
if (msg.msg_flags & MSG_TRUNC || msg.msg_flags & MSG_CTRUNC) {
LOG(ERROR) << "truncated msg";
return false;
}
if (!local_creds) {
LOG(ERROR) << "missing credentials";
return false;
}
// res == 0 may also indicate that the sending socket disconnected, but in
// that case, the message will also have missing or invalid credentials.
if (static_cast<size_t>(res) != buf_size) {
if (res != 0 || (local_creds && local_creds->pid != 0)) {
LOG(ERROR) << "incorrect payload size " << res;
}
return false;
}
*creds = *local_creds;
if (fds) {
fds->swap(local_fds);
}
return true;
}
} // namespace crashpad
Reference in New Issue View Git Blame Copy Permalink