Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 229fdaf8fc05 from chromium #26193

Merged
merged 5 commits into from Oct 28, 2020
Merged

chore: cherry-pick 229fdaf8fc05 from chromium #26193

merged 5 commits into from Oct 28, 2020

Conversation

nornagon
Copy link
Member

Validate input of MediaStreamDispatcherHost::OpenDevice()

This method forwards to MediaStreamManager::OpenDevice(), which
DCHECKs for the stream type to be device video or audio capture
(i.e., webcam or mic). However, MSDH admits other stream types,
which cause MSM::OpenDevice to hit this DCHECK.

This CL ensures that a message containing an incorrect stream type,
which could be sent by a malicious renderer, results in killing the
renderer process.

Bug: 1135018
Change-Id: I3884dde95d92c41f44966a8ab1dd7bdfd4b23b9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2472397
Auto-Submit: Guido Urdaneta guidou@chromium.org
Commit-Queue: Guido Urdaneta guidou@chromium.org
Reviewed-by: Avi Drissman avi@chromium.org
Cr-Commit-Position: refs/heads/master@{#817151}

Notes: Security: backported fix for 1135018.

@nornagon nornagon requested a review from a team as a code owner October 27, 2020 19:48
@nornagon nornagon added 10-x-y backport-check-skip Skip trop's backport validity checking labels Oct 27, 2020
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Oct 27, 2020
@nornagon nornagon merged commit 6502e4e into 10-x-y Oct 28, 2020
@release-clerk
Copy link

release-clerk bot commented Oct 28, 2020

Release Notes Persisted

Security: backported fix for 1135018.

@nornagon nornagon deleted the cherry-pick/10-x-y/chromium/229fdaf8fc05 branch October 28, 2020 22:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
10-x-y backport-check-skip Skip trop's backport validity checking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nornagon @jkleinsc