diff options
Diffstat (limited to 'chromium/content/browser/plugin_service_impl.cc')
-rw-r--r-- | chromium/content/browser/plugin_service_impl.cc | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/chromium/content/browser/plugin_service_impl.cc b/chromium/content/browser/plugin_service_impl.cc index 130f4d8e92e..dcdae19642b 100644 --- a/chromium/content/browser/plugin_service_impl.cc +++ b/chromium/content/browser/plugin_service_impl.cc @@ -124,16 +124,31 @@ void PluginServiceImpl::Init() { PpapiPluginProcessHost* PluginServiceImpl::FindPpapiPluginProcess( const base::FilePath& plugin_path, - const base::FilePath& profile_data_directory) { + const base::FilePath& profile_data_directory, + const base::Optional<url::Origin>& origin_lock) { for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) { if (iter->plugin_path() == plugin_path && - iter->profile_data_directory() == profile_data_directory) { + iter->profile_data_directory() == profile_data_directory && + (!iter->origin_lock() || iter->origin_lock() == origin_lock)) { return *iter; } } return nullptr; } +int PluginServiceImpl::CountPpapiPluginProcessesForProfile( + const base::FilePath& plugin_path, + const base::FilePath& profile_data_directory) { + int count = 0; + for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) { + if (iter->plugin_path() == plugin_path && + iter->profile_data_directory() == profile_data_directory) { + ++count; + } + } + return count; +} + PpapiPluginProcessHost* PluginServiceImpl::FindPpapiBrokerProcess( const base::FilePath& broker_path) { for (PpapiBrokerProcessHostIterator iter; !iter.Done(); ++iter) { @@ -147,7 +162,8 @@ PpapiPluginProcessHost* PluginServiceImpl::FindPpapiBrokerProcess( PpapiPluginProcessHost* PluginServiceImpl::FindOrStartPpapiPluginProcess( int render_process_id, const base::FilePath& plugin_path, - const base::FilePath& profile_data_directory) { + const base::FilePath& profile_data_directory, + const base::Optional<url::Origin>& origin_lock) { DCHECK_CURRENTLY_ON(BrowserThread::IO); if (filter_ && !filter_->CanLoadPlugin(render_process_id, plugin_path)) { @@ -155,11 +171,6 @@ PpapiPluginProcessHost* PluginServiceImpl::FindOrStartPpapiPluginProcess( return nullptr; } - PpapiPluginProcessHost* plugin_host = - FindPpapiPluginProcess(plugin_path, profile_data_directory); - if (plugin_host) - return plugin_host; - // Validate that the plugin is actually registered. PepperPluginInfo* info = GetRegisteredPpapiPluginInfo(plugin_path); if (!info) { @@ -168,6 +179,11 @@ PpapiPluginProcessHost* PluginServiceImpl::FindOrStartPpapiPluginProcess( return nullptr; } + PpapiPluginProcessHost* plugin_host = + FindPpapiPluginProcess(plugin_path, profile_data_directory, origin_lock); + if (plugin_host) + return plugin_host; + // Record when PPAPI Flash process is started for the first time. static bool counted = false; if (!counted && info->name == kFlashPluginName) { @@ -177,9 +193,16 @@ PpapiPluginProcessHost* PluginServiceImpl::FindOrStartPpapiPluginProcess( FLASH_USAGE_ENUM_COUNT); } + // Avoid fork bomb. + if (origin_lock.has_value() && CountPpapiPluginProcessesForProfile( + plugin_path, profile_data_directory) >= + max_ppapi_processes_per_profile_) { + return nullptr; + } + // This plugin isn't loaded by any plugin process, so create a new process. plugin_host = PpapiPluginProcessHost::CreatePluginHost( - *info, profile_data_directory); + *info, profile_data_directory, origin_lock); if (!plugin_host) { VLOG(1) << "Unable to create ppapi plugin process for: " << plugin_path.MaybeAsASCII(); @@ -216,9 +239,10 @@ void PluginServiceImpl::OpenChannelToPpapiPlugin( int render_process_id, const base::FilePath& plugin_path, const base::FilePath& profile_data_directory, + const base::Optional<url::Origin>& origin_lock, PpapiPluginProcessHost::PluginClient* client) { PpapiPluginProcessHost* plugin_host = FindOrStartPpapiPluginProcess( - render_process_id, plugin_path, profile_data_directory); + render_process_id, plugin_path, profile_data_directory, origin_lock); if (plugin_host) { plugin_host->OpenChannelToPlugin(client); } else { |