Bug 1629361 - Disable the launcher process when a content process fails to start. r=mhowell

If a third-party application modifies IAT of ntdll.dll in the browser process after process launch, the browser process fails to launch a sandbox process, resulting in a situation where a window is opened without any functionality. This patch is to mitigate that situation by disabling the launcher process when the browser process fails to launch a sandbox process. Differential Revision: https://phabricator.services.mozilla.com/D70873 --HG-- extra : moz-landing-system : lando
2020-04-14 16:14:22 +00:00 · 2020-04-14 16:14:22 +00:00 · 80dfd02627
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@ -32,6 +32,10 @@
 #include "sandbox/win/src/security_level.h"
 #include "WinUtils.h"

+#if defined(MOZ_LAUNCHER_PROCESS)
+#  include "mozilla/LauncherRegistryInfo.h"
+#endif  // defined(MOZ_LAUNCHER_PROCESS)
+
 namespace mozilla {

 sandbox::BrokerServices* SandboxBroker::sBrokerService = nullptr;
@ -300,6 +304,16 @@ bool SandboxBroker::LaunchApp(const wchar_t* aPath, const wchar_t* aArguments,
      TerminateProcess(targetInfo.hProcess, 1);
      CloseHandle(targetInfo.hThread);
      CloseHandle(targetInfo.hProcess);
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+      // The launcher process had started the browser process successfully, but
+      // the browser process failed start to a content process.  We're entering
+      // into a situation where the browser is opened without content processes.
+      // To stop it next time, we disable the launcher process.
+      LauncherRegistryInfo regInfo;
+      Unused << regInfo.DisableDueToFailure();
+#endif  // defined(MOZ_LAUNCHER_PROCESS)
+
      return false;
    }
  } else {