Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 6a8a2098f9fa from chromium #31230

Merged
merged 5 commits into from
Oct 10, 2021
Merged

chore: cherry-pick 6a8a2098f9fa from chromium #31230

merged 5 commits into from
Oct 10, 2021

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Oct 1, 2021
edited

[Merge to M94] Prevents non-browser processes from requesting memory dumps.

This CL makes several changes:

(1) Causes the browser to reset non-browser
mojo::PendingReceiver. This means that non-browser
processes will never be able to use the Coordinator interface.

(2) Add CHECKs to existing code to prevent non-browser processes from
attempting to use the Coordinator interface.

A code audit shows that all Coordinator usages should already only be
from the browser process.

Note that (2) is important since attempting to use an unbound interface
will trigger a nullptr dereference, which is undefined behavior.

(cherry picked from commit d9cc471e122e9a2391a68fa7cd72ea50587d8d97)

Bug: 1251787
Change-Id: Ifbe9610cc0e373edaaa60fad46b447e8bdb3ec04
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3174305
Reviewed-by: Kinuko Yasuda kinuko@chromium.org
Reviewed-by: ssid ssid@chromium.org
Auto-Submit: Erik Chen erikchen@chromium.org
Commit-Queue: Erik Chen erikchen@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#923693}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3194811
Reviewed-by: Avi Drissman avi@chromium.org
Reviewed-by: Krishna Govind govind@chromium.org
Commit-Queue: Krishna Govind govind@chromium.org
Owners-Override: Krishna Govind govind@chromium.org
Cr-Commit-Position: refs/branch-heads/4606@{#1253}
Cr-Branched-From: 35b0d5a9dc8362adfd44e2614f0d5b7402ef63d0-refs/heads/master@{#911515}

Notes: Security: backported fix for CVE-2021-37976.

@ppontes ppontes requested a review from a team as a code owner October 1, 2021 10:44
@ppontes ppontes added 14-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes labels Oct 1, 2021
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Oct 1, 2021
@ppontes ppontes force-pushed the cherry-pick/14-x-y/chromium/6a8a2098f9fa branch from 95c51c5 to db665e2 Compare October 7, 2021 15:37
@ppontes ppontes removed the wip ⚒ label Oct 7, 2021
@ppontes ppontes force-pushed the cherry-pick/14-x-y/chromium/6a8a2098f9fa branch from 6ddd953 to fbd32e2 Compare October 8, 2021 17:10
@deepak1556 deepak1556 closed this Oct 10, 2021
@deepak1556 deepak1556 reopened this Oct 10, 2021
@deepak1556
Copy link
Member

Failing tests are unrelated, merging.

@deepak1556 deepak1556 merged commit 042f00d into 14-x-y Oct 10, 2021
@deepak1556 deepak1556 deleted the cherry-pick/14-x-y/chromium/6a8a2098f9fa branch October 10, 2021 12:41
@release-clerk
Copy link

release-clerk bot commented Oct 10, 2021

Release Notes Persisted

Security: backported fix for CVE-2021-37976.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deepak1556 deepak1556 deepak1556 approved these changes

Assignees
No one assigned
Labels
14-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ppontes @deepak1556 @electron-bot