1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-marshal-header.c Managing marshaling/demarshaling of message headers
4 * Copyright (C) 2005 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "dbus/dbus-shared.h"
26 #include "dbus-marshal-header.h"
27 #include "dbus-marshal-recursive.h"
28 #include "dbus-marshal-byteswap.h"
30 #include "dbus-protocol-gvariant.h"
31 #include "dbus-marshal-gvariant.h"
34 * @addtogroup DBusMarshal
40 /* Not thread locked, but strictly const/read-only so should be OK
42 /** Static #DBusString containing the signature of a message header */
43 _DBUS_STRING_DEFINE_STATIC(_dbus_header_signature_str, DBUS_HEADER_SIGNATURE);
44 /** Static #DBusString containing the local interface */
45 _DBUS_STRING_DEFINE_STATIC(_dbus_local_interface_str, DBUS_INTERFACE_LOCAL);
46 /** Static #DBusString containing the local path */
47 _DBUS_STRING_DEFINE_STATIC(_dbus_local_path_str, DBUS_PATH_LOCAL);
49 /** Offset from start of _dbus_header_signature_str to the signature of the fields array */
50 #define FIELDS_ARRAY_SIGNATURE_OFFSET 6
51 /** Offset from start of _dbus_header_signature_str to the signature of an element of the fields array */
52 #define FIELDS_ARRAY_ELEMENT_SIGNATURE_OFFSET 7
55 /** Offset to byte order from start of header */
56 #define BYTE_ORDER_OFFSET 0
57 /** Offset to type from start of header */
59 /** Offset to flags from start of header */
60 #define FLAGS_OFFSET 2
61 /** Offset to version from start of header */
62 #define VERSION_OFFSET 3
63 /** Offset to body length from start of header */
64 #define BODY_LENGTH_OFFSET 4
65 /** Offset to client serial from start of header */
66 #define SERIAL_OFFSET 8
67 /** Offset to fields array length from start of header */
68 #define FIELDS_ARRAY_LENGTH_OFFSET 12
69 /** Offset to first field in header */
70 #define FIRST_FIELD_OFFSET 16
74 unsigned char code; /**< the field code */
75 unsigned char type; /**< the value type */
78 static const HeaderFieldType
79 _dbus_header_field_types[DBUS_HEADER_FIELD_LAST+1] = {
80 { DBUS_HEADER_FIELD_INVALID, DBUS_TYPE_INVALID },
81 { DBUS_HEADER_FIELD_PATH, DBUS_TYPE_OBJECT_PATH },
82 { DBUS_HEADER_FIELD_INTERFACE, DBUS_TYPE_STRING },
83 { DBUS_HEADER_FIELD_MEMBER, DBUS_TYPE_STRING },
84 { DBUS_HEADER_FIELD_ERROR_NAME, DBUS_TYPE_STRING },
85 { DBUS_HEADER_FIELD_REPLY_SERIAL, DBUS_TYPE_UINT32 },
86 { DBUS_HEADER_FIELD_DESTINATION, DBUS_TYPE_STRING },
87 { DBUS_HEADER_FIELD_SENDER, DBUS_TYPE_STRING },
88 { DBUS_HEADER_FIELD_SIGNATURE, DBUS_TYPE_SIGNATURE },
89 { DBUS_HEADER_FIELD_UNIX_FDS, DBUS_TYPE_UINT32 }
92 /** Macro to look up the correct type for a field */
93 #define EXPECTED_TYPE_OF_FIELD(field) (_dbus_header_field_types[field].type)
95 /** The most padding we could ever need for a header */
96 #define MAX_POSSIBLE_HEADER_PADDING 7
98 reserve_header_padding (DBusHeader *header)
100 _dbus_assert (header->padding <= MAX_POSSIBLE_HEADER_PADDING);
102 if (!_dbus_string_lengthen (&header->data,
103 MAX_POSSIBLE_HEADER_PADDING - header->padding))
105 header->padding = MAX_POSSIBLE_HEADER_PADDING;
110 correct_header_padding (DBusHeader *header)
114 _dbus_assert (header->padding == 7);
116 _dbus_string_shorten (&header->data, header->padding);
117 unpadded_len = _dbus_string_get_length (&header->data);
119 if (!_dbus_string_align_length (&header->data, 8))
120 _dbus_assert_not_reached ("couldn't pad header though enough padding was preallocated");
122 header->padding = _dbus_string_get_length (&header->data) - unpadded_len;
125 /** Compute the end of the header, ignoring padding */
126 #define HEADER_END_BEFORE_PADDING(header) \
127 (_dbus_string_get_length (&(header)->data) - (header)->padding)
130 _dbus_header_is_gvariant (const DBusHeader *header)
132 return (header->protocol_version == DBUS_PROTOCOL_VERSION_GVARIANT);
136 * Invalidates all fields in the cache. This may be used when the
137 * cache is totally uninitialized (contains junk) so should not
138 * look at what's in there now.
140 * @param header the header
143 _dbus_header_cache_invalidate_all (DBusHeader *header)
148 while (i <= DBUS_HEADER_FIELD_LAST)
150 header->fields[i].value_pos = _DBUS_HEADER_FIELD_VALUE_UNKNOWN;
158 * @param header the header
159 * @param field_code the field
160 * @param variant_reader the reader for the variant in the field
163 _dbus_header_cache_one (DBusHeader *header,
165 DBusTypeReader *variant_reader)
167 header->fields[field_code].value_pos =
168 _dbus_type_reader_get_value_pos (variant_reader);
171 _dbus_verbose ("cached value_pos %d for field %d\n",
172 header->fields[field_code].value_pos, field_code)
177 * Returns the header's byte order.
179 * @param header the header
180 * @returns the byte order
183 _dbus_header_get_byte_order (const DBusHeader *header)
185 _dbus_assert (_dbus_string_get_length (&header->data) > BYTE_ORDER_OFFSET);
187 return (char) _dbus_string_get_byte (&header->data, BYTE_ORDER_OFFSET);
191 * Revalidates the fields cache
193 * @param header the header
196 _dbus_header_cache_revalidate (DBusHeader *header)
198 DBusTypeReader array;
199 DBusTypeReader reader;
203 while (i <= DBUS_HEADER_FIELD_LAST)
205 header->fields[i].value_pos = _DBUS_HEADER_FIELD_VALUE_NONEXISTENT;
209 _dbus_type_reader_init (&reader,
210 _dbus_header_get_byte_order (header),
211 &_dbus_header_signature_str,
212 FIELDS_ARRAY_SIGNATURE_OFFSET,
214 FIELDS_ARRAY_LENGTH_OFFSET);
216 _dbus_type_reader_recurse (&reader, &array);
218 while (_dbus_type_reader_get_current_type (&array) != DBUS_TYPE_INVALID)
221 DBusTypeReader variant;
222 unsigned char field_code;
224 _dbus_type_reader_recurse (&array, &sub);
226 _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_BYTE);
227 _dbus_type_reader_read_basic (&sub, &field_code);
229 /* Unknown fields should be ignored */
230 if (field_code > DBUS_HEADER_FIELD_LAST)
233 _dbus_type_reader_next (&sub);
235 _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_VARIANT);
236 _dbus_type_reader_recurse (&sub, &variant);
238 _dbus_header_cache_one (header, field_code, &variant);
241 _dbus_type_reader_next (&array);
246 * Checks for a field, updating the cache if required.
248 * @param header the header
249 * @param field the field to check
250 * @returns #FALSE if the field doesn't exist
253 _dbus_header_cache_check (DBusHeader *header,
256 _dbus_assert (field <= DBUS_HEADER_FIELD_LAST);
258 if (header->fields[field].value_pos == _DBUS_HEADER_FIELD_VALUE_UNKNOWN)
259 _dbus_header_cache_revalidate (header);
261 if (header->fields[field].value_pos == _DBUS_HEADER_FIELD_VALUE_NONEXISTENT)
268 * Checks whether a field is known not to exist. It may exist
269 * even if it's not known to exist.
271 * @param header the header
272 * @param field the field to check
273 * @returns #FALSE if the field definitely doesn't exist
276 _dbus_header_cache_known_nonexistent (DBusHeader *header,
279 _dbus_assert (field <= DBUS_HEADER_FIELD_LAST);
281 return (header->fields[field].value_pos == _DBUS_HEADER_FIELD_VALUE_NONEXISTENT);
285 * Writes a struct of { byte, variant } with the given basic type.
287 * @param writer the writer (should be ready to write a struct)
288 * @param field the header field
289 * @param type the type of the value
290 * @param value the value as for _dbus_marshal_set_basic()
291 * @returns #FALSE if no memory
294 write_basic_field (DBusTypeWriter *writer,
300 DBusTypeWriter variant;
303 unsigned char field_byte;
304 DBusString contained_type;
307 start = writer->value_pos;
308 padding = _dbus_string_get_length (writer->value_str) - start;
310 if (!_dbus_type_writer_recurse (writer, DBUS_TYPE_STRUCT,
315 if (!_dbus_type_writer_write_basic (&sub, DBUS_TYPE_BYTE,
321 _dbus_string_init_const_len (&contained_type, buf, 1);
323 if (!_dbus_type_writer_recurse (&sub, DBUS_TYPE_VARIANT,
324 &contained_type, 0, &variant))
327 if (!_dbus_type_writer_write_basic (&variant, type, value))
330 if (!_dbus_type_writer_unrecurse (&sub, &variant))
333 if (!_dbus_type_writer_unrecurse (writer, &sub))
339 _dbus_string_delete (writer->value_str,
341 _dbus_string_get_length (writer->value_str) - start - padding);
346 * Sets a struct of { byte, variant } with the given basic type.
348 * @param reader the reader (should be iterating over the array pointing at the field to set)
349 * @param field the header field
350 * @param type the type of the value
351 * @param value the value as for _dbus_marshal_set_basic()
352 * @param realign_root where to realign from
353 * @returns #FALSE if no memory
356 set_basic_field (DBusTypeReader *reader,
360 const DBusTypeReader *realign_root)
363 DBusTypeReader variant;
365 _dbus_type_reader_recurse (reader, &sub);
367 _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_BYTE);
368 #ifndef DBUS_DISABLE_ASSERT
370 unsigned char v_BYTE;
371 _dbus_type_reader_read_basic (&sub, &v_BYTE);
372 _dbus_assert (((int) v_BYTE) == field);
376 if (!_dbus_type_reader_next (&sub))
377 _dbus_assert_not_reached ("no variant field?");
379 _dbus_type_reader_recurse (&sub, &variant);
380 _dbus_assert (_dbus_type_reader_get_current_type (&variant) == type);
382 if (!_dbus_type_reader_set_basic (&variant, value, realign_root))
389 * Gets the type of the message.
391 * @param header the header
395 _dbus_header_get_message_type (DBusHeader *header)
399 type = _dbus_string_get_byte (&header->data, TYPE_OFFSET);
400 _dbus_assert (type != DBUS_MESSAGE_TYPE_INVALID);
406 * Sets the serial number of a header. This can only be done once on
409 * @param header the header
410 * @param serial the serial
413 _dbus_header_set_serial (DBusHeader *header,
414 dbus_uint32_t serial)
416 /* we use this function to set the serial on outgoing
417 * messages, and to reset the serial in dbus_message_copy;
418 * this assertion should catch a double-set on outgoing.
420 _dbus_assert (_dbus_header_get_serial (header) == 0 ||
423 _dbus_marshal_set_uint32 (&header->data,
426 _dbus_header_get_byte_order (header));
427 if (_dbus_header_is_gvariant (header))
428 _dbus_marshal_set_uint32 (&header->data,
431 _dbus_header_get_byte_order (header));
435 * See dbus_message_get_serial()
437 * @param header the header
438 * @returns the client serial
441 _dbus_header_get_serial (DBusHeader *header)
443 return _dbus_marshal_read_uint32 (&header->data,
445 _dbus_header_get_byte_order (header),
450 * Re-initializes a header that was previously initialized and never
451 * freed. After this, to make the header valid you have to call
452 * _dbus_header_create().
454 * @param header header to re-initialize
457 _dbus_header_reinit (DBusHeader *header)
459 _dbus_string_set_length (&header->data, 0);
463 _dbus_header_cache_invalidate_all (header);
467 * Initializes a header, but doesn't prepare it for use;
468 * to make the header valid, you have to call _dbus_header_create().
470 * @param header header to initialize
471 * @returns #FALSE if not enough memory
474 _dbus_header_init (DBusHeader *header)
476 if (!_dbus_string_init_preallocated (&header->data, 32))
479 _dbus_header_reinit (header);
487 * @param header the header
490 _dbus_header_free (DBusHeader *header)
492 _dbus_string_free (&header->data);
496 * Initializes dest with a copy of the given header.
497 * Resets the message serial to 0 on the copy.
499 * @param header header to copy
500 * @param dest destination for copy
501 * @returns #FALSE if not enough memory
504 _dbus_header_copy (const DBusHeader *header,
509 if (!_dbus_string_init_preallocated (&dest->data,
510 _dbus_string_get_length (&header->data)))
513 if (!_dbus_string_copy (&header->data, 0, &dest->data, 0))
515 _dbus_string_free (&dest->data);
519 /* Reset the serial */
520 _dbus_header_set_serial (dest, 0);
526 * Fills in the primary fields of the header, so the header is ready
527 * for use. #NULL may be specified for some or all of the fields to
528 * avoid adding those fields. Some combinations of fields don't make
529 * sense, and passing them in will trigger an assertion failure.
530 * This is used only for dbus1 messages. GVariant uses _dbus_header_gvariant_create.
532 * @param header the header
533 * @param byte_order byte order of the header
534 * @param message_type the message type
535 * @param destination destination field or #NULL
536 * @param path path field or #NULL
537 * @param interface interface field or #NULL
538 * @param member member field or #NULL
539 * @param error_name error name or #NULL
540 * @returns #FALSE if not enough memory
543 _dbus_header_create (DBusHeader *header,
546 const char *destination,
548 const char *interface,
550 const char *error_name)
552 unsigned char v_BYTE;
553 dbus_uint32_t v_UINT32;
554 DBusTypeWriter writer;
555 DBusTypeWriter array;
557 _dbus_assert (byte_order == DBUS_LITTLE_ENDIAN ||
558 byte_order == DBUS_BIG_ENDIAN);
559 _dbus_assert (((interface || message_type != DBUS_MESSAGE_TYPE_SIGNAL) && member) ||
561 !(interface || member || error_name));
562 _dbus_assert (_dbus_string_get_length (&header->data) == 0);
564 if (!reserve_header_padding (header))
567 _dbus_type_writer_init_values_only (&writer, byte_order,
568 &_dbus_header_signature_str, 0,
570 HEADER_END_BEFORE_PADDING (header));
573 if (!_dbus_type_writer_write_basic (&writer, DBUS_TYPE_BYTE,
577 v_BYTE = message_type;
578 if (!_dbus_type_writer_write_basic (&writer, DBUS_TYPE_BYTE,
582 v_BYTE = 0; /* flags */
583 if (!_dbus_type_writer_write_basic (&writer, DBUS_TYPE_BYTE,
587 v_BYTE = DBUS_MAJOR_PROTOCOL_VERSION;
588 if (!_dbus_type_writer_write_basic (&writer, DBUS_TYPE_BYTE,
592 v_UINT32 = 0; /* body length */
593 if (!_dbus_type_writer_write_basic (&writer, DBUS_TYPE_UINT32,
597 v_UINT32 = 0; /* serial */
598 if (!_dbus_type_writer_write_basic (&writer, DBUS_TYPE_UINT32,
602 if (!_dbus_type_writer_recurse (&writer, DBUS_TYPE_ARRAY,
603 &_dbus_header_signature_str,
604 FIELDS_ARRAY_SIGNATURE_OFFSET,
608 /* Marshal all the fields (Marshall Fields?) */
612 if (!write_basic_field (&array,
613 DBUS_HEADER_FIELD_PATH,
614 DBUS_TYPE_OBJECT_PATH,
619 if (destination != NULL)
621 if (!write_basic_field (&array,
622 DBUS_HEADER_FIELD_DESTINATION,
628 if (interface != NULL)
630 if (!write_basic_field (&array,
631 DBUS_HEADER_FIELD_INTERFACE,
639 if (!write_basic_field (&array,
640 DBUS_HEADER_FIELD_MEMBER,
646 if (error_name != NULL)
648 if (!write_basic_field (&array,
649 DBUS_HEADER_FIELD_ERROR_NAME,
655 if (!_dbus_type_writer_unrecurse (&writer, &array))
658 correct_header_padding (header);
663 _dbus_string_delete (&header->data, 0,
664 _dbus_string_get_length (&header->data) - header->padding);
665 correct_header_padding (header);
671 * Given data long enough to contain the length of the message body
672 * and the fields array, check whether the data is long enough to
673 * contain the entire message (assuming the claimed lengths are
674 * accurate). Also checks that the lengths are in sanity parameters.
676 * @param max_message_length maximum length of a valid message
677 * @param validity return location for why the data is invalid if it is
678 * @param byte_order return location for byte order
679 * @param fields_array_len return location for claimed fields array length
680 * @param header_len return location for claimed header length
681 * @param body_len return location for claimed body length
682 * @param str the data
683 * @param start start of data, 8-aligned
684 * @param len length of data
685 * @returns #TRUE if the data is long enough for the claimed length, and the lengths were valid
688 _dbus_header_have_message_untrusted (int max_message_length,
689 DBusValidity *validity,
691 int *fields_array_len,
694 const DBusString *str,
697 dbus_bool_t *is_gvariant)
700 dbus_uint32_t header_len_unsigned;
701 dbus_uint32_t fields_array_len_unsigned;
702 dbus_uint32_t body_len_unsigned;
704 dbus_uint32_t protocol_version;
706 _dbus_assert (start >= 0);
707 _dbus_assert (start < _DBUS_INT32_MAX / 2);
708 _dbus_assert (len >= 0);
710 _dbus_assert (start == (int) _DBUS_ALIGN_VALUE (start, 8));
712 *byte_order = _dbus_string_get_byte (str, start + BYTE_ORDER_OFFSET);
714 if (*byte_order != DBUS_LITTLE_ENDIAN && *byte_order != DBUS_BIG_ENDIAN)
716 *validity = DBUS_INVALID_BAD_BYTE_ORDER;
720 protocol_version = _dbus_string_get_byte (str, start + VERSION_OFFSET);
721 if (DBUS_MAJOR_PROTOCOL_VERSION == protocol_version)
723 _dbus_assert (FIELDS_ARRAY_LENGTH_OFFSET + 4 <= len);
724 fields_array_len_unsigned = _dbus_marshal_read_uint32 (str, start + FIELDS_ARRAY_LENGTH_OFFSET,
727 _dbus_assert (BODY_LENGTH_OFFSET + 4 < len);
728 body_len_unsigned = _dbus_marshal_read_uint32 (str, start + BODY_LENGTH_OFFSET,
731 *is_gvariant = FALSE;
733 else if (DBUS_PROTOCOL_VERSION_GVARIANT == protocol_version)
735 if (!_dbus_gvariant_raw_get_lengths (str, &fields_array_len_unsigned, &body_len_unsigned, validity))
743 *validity = DBUS_INVALID_BAD_PROTOCOL_VERSION;
747 if (fields_array_len_unsigned > (unsigned) max_message_length)
749 *validity = DBUS_INVALID_INSANE_FIELDS_ARRAY_LENGTH;
753 if (body_len_unsigned > (unsigned) max_message_length)
755 *validity = DBUS_INVALID_INSANE_BODY_LENGTH;
759 header_len_unsigned = FIRST_FIELD_OFFSET + fields_array_len_unsigned;
760 header_len_unsigned = _DBUS_ALIGN_VALUE (header_len_unsigned, 8);
762 /* overflow should be impossible since the lengths aren't allowed to
765 _dbus_assert (max_message_length < _DBUS_INT32_MAX / 2);
766 if (body_len_unsigned + header_len_unsigned > (unsigned) max_message_length)
768 *validity = DBUS_INVALID_MESSAGE_TOO_LONG;
772 _dbus_assert (body_len_unsigned < (unsigned) _DBUS_INT32_MAX);
773 _dbus_assert (fields_array_len_unsigned < (unsigned) _DBUS_INT32_MAX);
774 _dbus_assert (header_len_unsigned < (unsigned) _DBUS_INT32_MAX);
776 *body_len = body_len_unsigned;
777 *fields_array_len = fields_array_len_unsigned;
778 *header_len = header_len_unsigned;
780 *validity = DBUS_VALID;
782 _dbus_verbose ("have %d bytes, need body %u + header %u = %u\n",
783 len, body_len_unsigned, header_len_unsigned,
784 body_len_unsigned + header_len_unsigned);
786 return (body_len_unsigned + header_len_unsigned) <= (unsigned) len;
790 check_mandatory_fields (DBusHeader *header)
792 #define REQUIRE_FIELD(name) do { if (header->fields[DBUS_HEADER_FIELD_##name].value_pos < 0) return DBUS_INVALID_MISSING_##name; } while (0)
794 switch (_dbus_header_get_message_type (header))
796 case DBUS_MESSAGE_TYPE_SIGNAL:
797 REQUIRE_FIELD (INTERFACE);
798 /* FALL THRU - signals also require the path and member */
799 case DBUS_MESSAGE_TYPE_METHOD_CALL:
800 REQUIRE_FIELD (PATH);
801 REQUIRE_FIELD (MEMBER);
803 case DBUS_MESSAGE_TYPE_ERROR:
804 REQUIRE_FIELD (ERROR_NAME);
805 REQUIRE_FIELD (REPLY_SERIAL);
807 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
808 REQUIRE_FIELD (REPLY_SERIAL);
811 /* other message types allowed but ignored */
819 load_and_validate_field (DBusHeader *header,
821 DBusTypeReader *variant_reader)
825 const DBusString *value_str;
828 dbus_uint32_t v_UINT32;
830 dbus_bool_t (* string_validation_func) (const DBusString *str,
833 /* Supposed to have been checked already */
834 _dbus_assert (field <= DBUS_HEADER_FIELD_LAST);
835 _dbus_assert (field != DBUS_HEADER_FIELD_INVALID);
837 /* Before we can cache a field, we need to know it has the right type */
838 type = _dbus_type_reader_get_current_type (variant_reader);
840 _dbus_assert (_dbus_header_field_types[field].code == field);
842 expected_type = EXPECTED_TYPE_OF_FIELD (field);
843 if (type != expected_type)
845 _dbus_verbose ("Field %d should have type %d but has %d\n",
846 field, expected_type, type);
847 return DBUS_INVALID_HEADER_FIELD_HAS_WRONG_TYPE;
850 /* If the field was provided twice, we aren't happy */
851 if (header->fields[field].value_pos >= 0)
853 _dbus_verbose ("Header field %d seen a second time\n", field);
854 return DBUS_INVALID_HEADER_FIELD_APPEARS_TWICE;
857 /* Now we can cache and look at the field content */
858 _dbus_verbose ("initially caching field %d\n", field);
859 _dbus_header_cache_one (header, field, variant_reader);
861 string_validation_func = NULL;
863 /* make compiler happy that all this is initialized */
868 bad_string_code = DBUS_VALID;
870 if (expected_type == DBUS_TYPE_UINT32)
872 _dbus_header_get_field_basic (header, field, expected_type,
875 else if (expected_type == DBUS_TYPE_STRING ||
876 expected_type == DBUS_TYPE_OBJECT_PATH ||
877 expected_type == DBUS_TYPE_SIGNATURE)
879 _dbus_header_get_field_raw (header, field,
880 &value_str, &value_pos);
881 str_data_pos = _DBUS_ALIGN_VALUE (value_pos, 4) + 4;
885 _dbus_assert_not_reached ("none of the known fields should have this type");
890 case DBUS_HEADER_FIELD_DESTINATION:
891 string_validation_func = _dbus_validate_bus_name;
892 bad_string_code = DBUS_INVALID_BAD_DESTINATION;
894 case DBUS_HEADER_FIELD_INTERFACE:
895 string_validation_func = _dbus_validate_interface;
896 bad_string_code = DBUS_INVALID_BAD_INTERFACE;
898 if (_dbus_string_equal_substring (&_dbus_local_interface_str,
900 _dbus_string_get_length (&_dbus_local_interface_str),
901 value_str, str_data_pos))
903 _dbus_verbose ("Message is on the local interface\n");
904 return DBUS_INVALID_USES_LOCAL_INTERFACE;
908 case DBUS_HEADER_FIELD_MEMBER:
909 string_validation_func = _dbus_validate_member;
910 bad_string_code = DBUS_INVALID_BAD_MEMBER;
913 case DBUS_HEADER_FIELD_ERROR_NAME:
914 string_validation_func = _dbus_validate_error_name;
915 bad_string_code = DBUS_INVALID_BAD_ERROR_NAME;
918 case DBUS_HEADER_FIELD_SENDER:
919 string_validation_func = _dbus_validate_bus_name;
920 bad_string_code = DBUS_INVALID_BAD_SENDER;
923 case DBUS_HEADER_FIELD_PATH:
924 /* OBJECT_PATH was validated generically due to its type */
925 string_validation_func = NULL;
927 if (_dbus_string_equal_substring (&_dbus_local_path_str,
929 _dbus_string_get_length (&_dbus_local_path_str),
930 value_str, str_data_pos))
932 _dbus_verbose ("Message is from the local path\n");
933 return DBUS_INVALID_USES_LOCAL_PATH;
937 case DBUS_HEADER_FIELD_REPLY_SERIAL:
941 return DBUS_INVALID_BAD_SERIAL;
945 case DBUS_HEADER_FIELD_UNIX_FDS:
946 /* Every value makes sense */
949 case DBUS_HEADER_FIELD_SIGNATURE:
950 /* SIGNATURE validated generically due to its type */
951 string_validation_func = NULL;
955 _dbus_assert_not_reached ("unknown field shouldn't be seen here");
959 if (string_validation_func)
963 _dbus_assert (bad_string_code != DBUS_VALID);
965 len = _dbus_marshal_read_uint32 (value_str, value_pos,
966 _dbus_header_get_byte_order (header),
970 _dbus_verbose ("Validating string header field; code %d if fails\n",
973 if (!(*string_validation_func) (value_str, str_data_pos, len))
974 return bad_string_code;
981 _dbus_header_load_dbus1 (DBusHeader *header,
982 DBusTypeReader *reader,
983 DBusValidity *validity,
986 dbus_uint32_t v_uint32;
987 dbus_uint32_t serial;
988 DBusTypeReader array_reader;
991 _dbus_assert (_dbus_type_reader_get_current_type (reader) == DBUS_TYPE_UINT32);
992 _dbus_assert (_dbus_type_reader_get_value_pos (reader) == BODY_LENGTH_OFFSET);
993 _dbus_type_reader_read_basic (reader, &v_uint32);
994 _dbus_type_reader_next (reader);
996 _dbus_assert (body_len == (signed) v_uint32);
999 _dbus_assert (_dbus_type_reader_get_current_type (reader) == DBUS_TYPE_UINT32);
1000 _dbus_assert (_dbus_type_reader_get_value_pos (reader) == SERIAL_OFFSET);
1001 _dbus_type_reader_read_basic (reader, &serial);
1002 _dbus_type_reader_next (reader);
1006 *validity = DBUS_INVALID_BAD_SERIAL;
1010 _dbus_assert (_dbus_type_reader_get_current_type (reader) == DBUS_TYPE_ARRAY);
1011 _dbus_assert (_dbus_type_reader_get_value_pos (reader) == FIELDS_ARRAY_LENGTH_OFFSET);
1013 _dbus_type_reader_recurse (reader, &array_reader);
1014 while (_dbus_type_reader_get_current_type (&array_reader) != DBUS_TYPE_INVALID)
1016 DBusTypeReader struct_reader;
1017 DBusTypeReader variant_reader;
1018 unsigned char field_code;
1021 _dbus_assert (_dbus_type_reader_get_current_type (&array_reader) == DBUS_TYPE_STRUCT);
1023 _dbus_type_reader_recurse (&array_reader, &struct_reader);
1025 _dbus_assert (_dbus_type_reader_get_current_type (&struct_reader) == DBUS_TYPE_BYTE);
1026 _dbus_type_reader_read_basic (&struct_reader, &field_code);
1027 _dbus_type_reader_next (&struct_reader);
1029 if (field_code == DBUS_HEADER_FIELD_INVALID)
1031 _dbus_verbose ("invalid header field code\n");
1032 *validity = DBUS_INVALID_HEADER_FIELD_CODE;
1036 if (field_code > DBUS_HEADER_FIELD_LAST)
1038 _dbus_verbose ("unknown header field code %d, skipping\n",
1043 _dbus_assert (_dbus_type_reader_get_current_type (&struct_reader) == DBUS_TYPE_VARIANT);
1044 _dbus_type_reader_recurse (&struct_reader, &variant_reader);
1046 v = load_and_validate_field (header, field_code, &variant_reader);
1047 if (v != DBUS_VALID)
1049 _dbus_verbose ("Field %d was invalid\n", field_code);
1055 _dbus_type_reader_next (&array_reader);
1061 * Creates a message header from potentially-untrusted data. The
1062 * return value is #TRUE if there was enough memory and the data was
1063 * valid. If it returns #TRUE, the header will be created. If it
1064 * returns #FALSE and *validity == #DBUS_VALIDITY_UNKNOWN_OOM_ERROR,
1065 * then there wasn't enough memory. If it returns #FALSE
1066 * and *validity != #DBUS_VALIDITY_UNKNOWN_OOM_ERROR then the data was
1069 * The byte_order, fields_array_len, and body_len args should be from
1070 * _dbus_header_have_message_untrusted(). Validation performed in
1071 * _dbus_header_have_message_untrusted() is assumed to have been
1074 * @param header the header (must be initialized)
1075 * @param mode whether to do validation
1076 * @param validity return location for invalidity reason
1077 * @param byte_order byte order from header
1078 * @param fields_array_len claimed length of fields array
1079 * @param body_len claimed length of body
1080 * @param header_len claimed length of header
1081 * @param str a string
1082 * @param start start of header, 8-aligned
1083 * @param len length of string to look at
1084 * @returns #FALSE if no memory or data was invalid, #TRUE otherwise
1087 _dbus_header_load (DBusHeader *header,
1088 DBusValidationMode mode,
1089 DBusValidity *validity,
1091 int fields_array_len,
1094 const DBusString *str,
1100 DBusTypeReader reader;
1101 unsigned char v_byte;
1105 const DBusString *signature;
1107 _dbus_assert (start == (int) _DBUS_ALIGN_VALUE (start, 8));
1108 _dbus_assert (header_len <= len);
1109 _dbus_assert (_dbus_string_get_length (&header->data) == 0);
1111 if (!_dbus_string_copy_len (str, start, header_len, &header->data, 0))
1113 _dbus_verbose ("Failed to copy buffer into new header\n");
1114 *validity = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
1117 if (_dbus_header_is_gvariant (header))
1119 signature = _dbus_get_gvariant_header_signature_str();
1123 signature = &_dbus_header_signature_str;
1126 if (mode == DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
1128 leftover = len - header_len - body_len - start;
1132 if (!_dbus_header_is_gvariant (header))
1134 v = _dbus_validate_body_with_reason (signature, 0,
1141 v = _dbus_validate_gvariant_body_with_reason (signature, 0,
1147 if (v != DBUS_VALID)
1154 _dbus_assert (leftover < len);
1156 padding_len = header_len - (FIRST_FIELD_OFFSET + fields_array_len);
1157 padding_start = start + FIRST_FIELD_OFFSET + fields_array_len;
1158 _dbus_assert (start + header_len == (int) _DBUS_ALIGN_VALUE (padding_start, 8));
1159 _dbus_assert (start + header_len == padding_start + padding_len);
1161 if (mode != DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
1163 if (!_dbus_string_validate_nul (str, padding_start, padding_len))
1165 *validity = DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
1170 header->padding = padding_len;
1172 if (mode == DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
1174 *validity = DBUS_VALID;
1178 /* We now know the data is well-formed, but we have to check that
1182 _dbus_type_reader_init (&reader,
1188 _dbus_assert (_dbus_type_reader_get_current_type (&reader) == DBUS_TYPE_BYTE);
1189 _dbus_assert (_dbus_type_reader_get_value_pos (&reader) == BYTE_ORDER_OFFSET);
1190 _dbus_type_reader_read_basic (&reader, &v_byte);
1191 _dbus_type_reader_next (&reader);
1193 _dbus_assert (v_byte == byte_order);
1196 _dbus_assert (_dbus_type_reader_get_current_type (&reader) == DBUS_TYPE_BYTE);
1197 _dbus_assert (_dbus_type_reader_get_value_pos (&reader) == TYPE_OFFSET);
1198 _dbus_type_reader_read_basic (&reader, &v_byte);
1199 _dbus_type_reader_next (&reader);
1201 /* unknown message types are supposed to be ignored, so only validation here is
1202 * that it isn't invalid
1204 if (v_byte == DBUS_MESSAGE_TYPE_INVALID)
1206 *validity = DBUS_INVALID_BAD_MESSAGE_TYPE;
1211 _dbus_assert (_dbus_type_reader_get_current_type (&reader) == DBUS_TYPE_BYTE);
1212 _dbus_assert (_dbus_type_reader_get_value_pos (&reader) == FLAGS_OFFSET);
1213 _dbus_type_reader_read_basic (&reader, &v_byte);
1214 _dbus_type_reader_next (&reader);
1216 /* unknown flags should be ignored */
1218 /* PROTOCOL VERSION */
1219 _dbus_assert (_dbus_type_reader_get_current_type (&reader) == DBUS_TYPE_BYTE);
1220 _dbus_assert (_dbus_type_reader_get_value_pos (&reader) == VERSION_OFFSET);
1221 _dbus_type_reader_read_basic (&reader, &v_byte);
1222 _dbus_type_reader_next (&reader);
1224 if (v_byte != DBUS_MAJOR_PROTOCOL_VERSION)
1226 if (v_byte == DBUS_PROTOCOL_VERSION_GVARIANT)
1228 reader.gvariant = TRUE;
1232 *validity = DBUS_INVALID_BAD_PROTOCOL_VERSION;
1236 if (reader.gvariant)
1238 if (!_dbus_header_load_gvariant (header, validity))
1243 if (!_dbus_header_load_dbus1 (header, &reader, validity, body_len))
1247 /* Anything we didn't fill in is now known not to exist */
1249 while (i <= DBUS_HEADER_FIELD_LAST)
1251 if (header->fields[i].value_pos == _DBUS_HEADER_FIELD_VALUE_UNKNOWN)
1252 header->fields[i].value_pos = _DBUS_HEADER_FIELD_VALUE_NONEXISTENT;
1256 v = check_mandatory_fields (header);
1257 if (v != DBUS_VALID)
1259 _dbus_verbose ("Mandatory fields were missing, code %d\n", v);
1264 *validity = DBUS_VALID;
1268 _dbus_string_set_length (&header->data, 0);
1273 * Fills in the correct body length.
1275 * @param header the header
1276 * @param body_len the length of the body
1279 _dbus_header_update_lengths (DBusHeader *header,
1282 _dbus_marshal_set_uint32 (&header->data,
1285 _dbus_header_get_byte_order (header));
1289 * Try to find the given field.
1291 * @param header the header
1292 * @param field the field code
1293 * @param reader a type reader; on success this is left pointing at the struct
1294 * (uv) for the field, while on failure it is left pointing into empty space
1295 * at the end of the header fields
1296 * @param realign_root another type reader; on success or failure it is left
1297 * pointing to the beginning of the array of fields (i.e. the thing that might
1299 * @returns #TRUE on success
1302 find_field_for_modification (DBusHeader *header,
1304 DBusTypeReader *reader,
1305 DBusTypeReader *realign_root)
1311 _dbus_type_reader_init (realign_root,
1312 _dbus_header_get_byte_order (header),
1313 &_dbus_header_signature_str,
1314 FIELDS_ARRAY_SIGNATURE_OFFSET,
1316 FIELDS_ARRAY_LENGTH_OFFSET);
1318 _dbus_type_reader_recurse (realign_root, reader);
1320 while (_dbus_type_reader_get_current_type (reader) != DBUS_TYPE_INVALID)
1323 unsigned char field_code;
1325 _dbus_type_reader_recurse (reader, &sub);
1327 _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_BYTE);
1328 _dbus_type_reader_read_basic (&sub, &field_code);
1330 if (field_code == (unsigned) field)
1332 _dbus_assert (_dbus_type_reader_get_current_type (reader) == DBUS_TYPE_STRUCT);
1337 _dbus_type_reader_next (reader);
1345 _dbus_header_set_field_basic_dbus1 (DBusHeader *header,
1350 _dbus_assert (field <= DBUS_HEADER_FIELD_LAST);
1352 if (!reserve_header_padding (header))
1355 /* If the field exists we set, otherwise we append */
1356 if (_dbus_header_cache_check (header, field))
1358 DBusTypeReader reader;
1359 DBusTypeReader realign_root;
1361 if (!find_field_for_modification (header, field,
1362 &reader, &realign_root))
1363 _dbus_assert_not_reached ("field was marked present in cache but wasn't found");
1365 if (!set_basic_field (&reader, field, type, value, &realign_root))
1370 DBusTypeWriter writer;
1371 DBusTypeWriter array;
1373 _dbus_type_writer_init_values_only (&writer,
1374 _dbus_header_get_byte_order (header),
1375 &_dbus_header_signature_str,
1376 FIELDS_ARRAY_SIGNATURE_OFFSET,
1378 FIELDS_ARRAY_LENGTH_OFFSET);
1380 /* recurse into array without creating a new length, and jump to
1383 if (!_dbus_type_writer_append_array (&writer,
1384 &_dbus_header_signature_str,
1385 FIELDS_ARRAY_ELEMENT_SIGNATURE_OFFSET,
1387 _dbus_assert_not_reached ("recurse into ARRAY should not have used memory");
1389 _dbus_assert (array.u.array.len_pos == FIELDS_ARRAY_LENGTH_OFFSET);
1390 _dbus_assert (array.u.array.start_pos == FIRST_FIELD_OFFSET);
1391 _dbus_assert (array.value_pos == HEADER_END_BEFORE_PADDING (header));
1393 if (!write_basic_field (&array,
1394 field, type, value))
1397 if (!_dbus_type_writer_unrecurse (&writer, &array))
1398 _dbus_assert_not_reached ("unrecurse from ARRAY should not have used memory");
1401 correct_header_padding (header);
1403 /* We could be smarter about this (only invalidate fields after the
1404 * one we modified, or even only if the one we modified changed
1405 * length). But this hack is a start.
1407 _dbus_header_cache_invalidate_all (header);
1413 * Sets the value of a field with basic type. If the value is a string
1414 * value, it isn't allowed to be #NULL. If the field doesn't exist,
1415 * it will be created.
1417 * @param header the header
1418 * @param field the field to set
1419 * @param type the type of the value
1420 * @param value the value as for _dbus_marshal_set_basic()
1421 * @returns #FALSE if no memory
1424 _dbus_header_set_field_basic (DBusHeader *header,
1429 return _dbus_header_is_gvariant (header) ?
1430 _dbus_header_set_field_basic_gvariant (header, field, type, value) :
1431 _dbus_header_set_field_basic_dbus1 (header, field, type, value);
1435 _dbus_header_get_field_basic_dbus1 (DBusHeader *header,
1440 _dbus_assert (field != DBUS_HEADER_FIELD_INVALID);
1441 _dbus_assert (field <= DBUS_HEADER_FIELD_LAST);
1442 _dbus_assert (_dbus_header_field_types[field].code == field);
1443 /* in light of this you might ask why the type is passed in;
1444 * the only rationale I can think of is so the caller has
1445 * to specify its expectation and breaks if we change it
1447 _dbus_assert (type == EXPECTED_TYPE_OF_FIELD (field));
1449 if (!_dbus_header_cache_check (header, field))
1452 _dbus_assert (header->fields[field].value_pos >= 0);
1454 _dbus_marshal_read_basic (&header->data,
1455 header->fields[field].value_pos,
1456 type, value, _dbus_header_get_byte_order (header),
1462 * Gets the value of a field with basic type. If the field
1463 * doesn't exist, returns #FALSE, otherwise returns #TRUE.
1465 * @param header the header
1466 * @param field the field to get
1467 * @param type the type of the value
1468 * @param value the value as for _dbus_marshal_read_basic()
1469 * @returns #FALSE if the field doesn't exist
1472 _dbus_header_get_field_basic (DBusHeader *header,
1477 return _dbus_header_is_gvariant (header) ?
1478 _dbus_header_get_field_basic_gvariant (header, field, type, value) :
1479 _dbus_header_get_field_basic_dbus1 (header, field, type, value);
1483 * Gets the raw marshaled data for a field. If the field doesn't
1484 * exist, returns #FALSE, otherwise returns #TRUE. Returns the start
1485 * of the marshaled data, i.e. usually the byte where the length
1486 * starts (for strings and arrays) or for basic types just the value
1489 * @param header the header
1490 * @param field the field to get
1491 * @param str return location for the data string
1492 * @param pos return location for start of field value
1493 * @returns #FALSE if the field doesn't exist
1496 _dbus_header_get_field_raw (DBusHeader *header,
1498 const DBusString **str,
1501 if (!_dbus_header_cache_check (header, field))
1505 *str = &header->data;
1507 *pos = header->fields[field].value_pos;
1513 * Deletes a field, if it exists.
1515 * @param header the header
1516 * @param field the field to delete
1517 * @returns #FALSE if no memory
1520 _dbus_header_delete_field (DBusHeader *header,
1523 DBusTypeReader reader;
1524 DBusTypeReader realign_root;
1526 if (_dbus_header_cache_known_nonexistent (header, field))
1527 return TRUE; /* nothing to do */
1529 /* Scan to the field we want, delete and realign, reappend
1530 * padding. Field may turn out not to exist.
1532 if (!find_field_for_modification (header, field,
1533 &reader, &realign_root))
1534 return TRUE; /* nothing to do */
1536 if (!reserve_header_padding (header))
1539 if (!_dbus_type_reader_delete (&reader,
1543 correct_header_padding (header);
1545 _dbus_header_cache_invalidate_all (header);
1547 _dbus_assert (!_dbus_header_cache_check (header, field)); /* Expensive assertion ... */
1553 * Toggles a message flag bit, turning on the bit if value = TRUE and
1554 * flipping it off if value = FALSE.
1556 * @param header the header
1557 * @param flag the message flag to toggle
1558 * @param value toggle on or off
1561 _dbus_header_toggle_flag (DBusHeader *header,
1565 unsigned char *flags_p;
1567 flags_p = _dbus_string_get_udata_len (&header->data, FLAGS_OFFSET, 1);
1576 * Gets a message flag bit, returning TRUE if the bit is set.
1578 * @param header the header
1579 * @param flag the message flag to get
1580 * @returns #TRUE if the flag is set
1583 _dbus_header_get_flag (DBusHeader *header,
1586 const unsigned char *flags_p;
1588 flags_p = _dbus_string_get_const_udata_len (&header->data, FLAGS_OFFSET, 1);
1590 return (*flags_p & flag) != 0;
1594 * Swaps the header into the given order if required.
1596 * @param header the header
1597 * @param new_order the new byte order
1600 _dbus_header_byteswap (DBusHeader *header,
1605 byte_order = _dbus_header_get_byte_order (header);
1607 if (byte_order == new_order)
1610 _dbus_marshal_byteswap (&_dbus_header_signature_str,
1615 _dbus_string_set_byte (&header->data, BYTE_ORDER_OFFSET, new_order);