From bfba36542e138194af9305cef85a00ffb9f4c548 Mon Sep 17 00:00:00 2001
From: "bauerb@chromium.org"
<bauerb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 10 Dec 2010 14:43:00 +0000
Subject: [PATCH] Explicitly whitelist the test server port.
BUG=65859
TEST=yes please
Review URL: http://codereview.chromium.org/5519015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68853 0039d316-1c4b-4281-b951-d872f2087c98
---
chrome/test/live_sync/live_sync_test.cc | 2 ++
chrome/test/live_sync/live_sync_test.h | 3 +++
net/base/net_util.cc | 23 +++++++++++++++--------
net/base/net_util.h | 13 ++++++++++++-
net/test/test_server.cc | 4 ++++
net/test/test_server.h | 3 +++
6 files changed, 39 insertions(+), 9 deletions(-)
diff --git a/chrome/test/live_sync/live_sync_test.cc b/chrome/test/live_sync/live_sync_test.cc
index 6adba5c26ca46..9c287d23c32f6 100644
--- a/chrome/test/live_sync/live_sync_test.cc
+++ b/chrome/test/live_sync/live_sync_test.cc
@@ -335,6 +335,7 @@ bool LiveSyncTest::SetUpLocalPythonTestServer() {
net::HostPortPair xmpp_host_port_pair(sync_server_.host_port_pair());
xmpp_host_port_pair.set_port(xmpp_port);
+ xmpp_port_.reset(new net::ScopedPortException(xmpp_port));
if (!cl->HasSwitch(switches::kSyncNotificationHost)) {
cl->AppendSwitchASCII(switches::kSyncNotificationHost,
@@ -379,6 +380,7 @@ bool LiveSyncTest::TearDownLocalPythonTestServer() {
LOG(ERROR) << "Could not stop local python test server.";
return false;
}
+ xmpp_port_.reset();
return true;
}
diff --git a/chrome/test/live_sync/live_sync_test.h b/chrome/test/live_sync/live_sync_test.h
index 1759d938b32ab..e1621f84d8544 100644
--- a/chrome/test/live_sync/live_sync_test.h
+++ b/chrome/test/live_sync/live_sync_test.h
@@ -174,6 +174,9 @@ class LiveSyncTest : public InProcessBrowserTest {
// Test server of type sync, started on demand.
net::TestServer sync_server_;
+ // Helper class to whitelist the notification port.
+ scoped_ptr<net::ScopedPortException> xmpp_port_;
+
// Used to differentiate between single-client, two-client, multi-client and
// many-client tests.
TestType test_type_;
diff --git a/net/base/net_util.cc b/net/base/net_util.cc
index 5426b6820511a..4f6e3613e2d23 100644
--- a/net/base/net_util.cc
+++ b/net/base/net_util.cc
@@ -1052,7 +1052,7 @@ const FormatUrlType kFormatUrlOmitAll = kFormatUrlOmitUsernamePassword |
kFormatUrlOmitHTTP | kFormatUrlOmitTrailingSlashOnBareHostname;
// TODO(viettrungluu): We don't want non-POD globals; change this.
-std::set<int> explicitly_allowed_ports;
+std::multiset<int> explicitly_allowed_ports;
GURL FilePathToFileURL(const FilePath& path) {
// Produce a URL like "file:///C:/foo" for a regular file, or
@@ -1496,12 +1496,7 @@ bool IsPortAllowedByOverride(int port) {
if (explicitly_allowed_ports.empty())
return false;
- std::set<int>::const_iterator it =
- std::find(explicitly_allowed_ports.begin(),
- explicitly_allowed_ports.end(),
- port);
-
- return it != explicitly_allowed_ports.end();
+ return explicitly_allowed_ports.count(port) > 0;
}
int SetNonBlocking(int fd) {
@@ -1726,7 +1721,7 @@ void SetExplicitlyAllowedPorts(const std::string& allowed_ports) {
if (allowed_ports.empty())
return;
- std::set<int> ports;
+ std::multiset<int> ports;
size_t last = 0;
size_t size = allowed_ports.size();
// The comma delimiter.
@@ -1752,6 +1747,18 @@ void SetExplicitlyAllowedPorts(const std::string& allowed_ports) {
explicitly_allowed_ports = ports;
}
+ScopedPortException::ScopedPortException(int port) : port_(port) {
+ explicitly_allowed_ports.insert(port);
+}
+
+ScopedPortException::~ScopedPortException() {
+ std::multiset<int>::iterator it = explicitly_allowed_ports.find(port_);
+ if (it != explicitly_allowed_ports.end())
+ explicitly_allowed_ports.erase(it);
+ else
+ NOTREACHED();
+}
+
enum IPv6SupportStatus {
IPV6_CANNOT_CREATE_SOCKETS,
IPV6_CAN_CREATE_SOCKETS,
diff --git a/net/base/net_util.h b/net/base/net_util.h
index ad5795cdb3df8..bb145e0df0a3b 100644
--- a/net/base/net_util.h
+++ b/net/base/net_util.h
@@ -71,7 +71,7 @@ extern const FormatUrlType kFormatUrlOmitTrailingSlashOnBareHostname;
extern const FormatUrlType kFormatUrlOmitAll;
// Holds a list of ports that should be accepted despite bans.
-extern std::set<int> explicitly_allowed_ports;
+extern std::multiset<int> explicitly_allowed_ports;
// Given the full path to a file name, creates a file: URL. The returned URL
// may not be valid if the input is malformed.
@@ -338,6 +338,17 @@ GURL SimplifyUrlForRequest(const GURL& url);
void SetExplicitlyAllowedPorts(const std::string& allowed_ports);
+class ScopedPortException {
+ public:
+ ScopedPortException(int port);
+ ~ScopedPortException();
+
+ private:
+ int port_;
+
+ DISALLOW_COPY_AND_ASSIGN(ScopedPortException);
+};
+
// Perform a simplistic test to see if IPv6 is supported by trying to create an
// IPv6 socket.
// TODO(jar): Make test more in-depth as needed.
diff --git a/net/test/test_server.cc b/net/test/test_server.cc
index d2d3fdee6a44d..a6e5a82972df3 100644
--- a/net/test/test_server.cc
+++ b/net/test/test_server.cc
@@ -159,6 +159,8 @@ bool TestServer::Start() {
return false;
}
+ allowed_port_.reset(new ScopedPortException(host_port_pair_.port()));
+
started_ = true;
return true;
}
@@ -181,6 +183,8 @@ bool TestServer::Stop() {
VLOG(1) << "Kill failed?";
}
+ allowed_port_.reset();
+
return ret;
}
diff --git a/net/test/test_server.h b/net/test/test_server.h
index 1ae0a50867b5d..4154302b6cd0e 100644
--- a/net/test/test_server.h
+++ b/net/test/test_server.h
@@ -17,6 +17,7 @@
#include "base/file_util.h"
#include "base/process_util.h"
#include "net/base/host_port_pair.h"
+#include "net/base/net_util.h"
#if defined(OS_WIN)
#include "base/scoped_handle_win.h"
@@ -180,6 +181,8 @@ class TestServer {
// Handle of the Python process running the test server.
base::ProcessHandle process_handle_;
+ scoped_ptr<net::ScopedPortException> allowed_port_;
+
#if defined(OS_WIN)
// JobObject used to clean up orphaned child processes.
ScopedHandle job_handle_;
--
GitLab