1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-marshal-validate.c Validation routines for marshaled data
4 * Copyright (C) 2005 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "dbus-internals.h"
26 #include "dbus-marshal-validate.h"
27 #include "dbus-marshal-recursive.h"
28 #include "dbus-marshal-basic.h"
29 #include "dbus-signature.h"
30 #include "dbus-string.h"
33 * @addtogroup DBusMarshal
39 * Verifies that the range of type_str from type_pos to type_end is a
40 * valid signature. If this function returns #TRUE, it will be safe
41 * to iterate over the signature with a types-only #DBusTypeReader.
42 * The range passed in should NOT include the terminating
43 * nul/DBUS_TYPE_INVALID.
45 * @param type_str the string
46 * @param type_pos where the typecodes start
47 * @param len length of typecodes
48 * @returns #DBUS_VALID if valid, reason why invalid otherwise
51 _dbus_validate_signature_with_reason (const DBusString *type_str,
55 const unsigned char *p;
56 const unsigned char *end;
64 DBusList *element_count_stack;
65 char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' };
69 element_count_stack = NULL;
71 if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0)))
73 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
77 _dbus_assert (type_str != NULL);
78 _dbus_assert (type_pos < _DBUS_INT32_MAX - len);
79 _dbus_assert (len >= 0);
80 _dbus_assert (type_pos >= 0);
82 if (len > DBUS_MAXIMUM_SIGNATURE_LENGTH)
84 result = DBUS_INVALID_SIGNATURE_TOO_LONG;
88 p = _dbus_string_get_const_udata_len (type_str, type_pos, 0);
90 end = _dbus_string_get_const_udata_len (type_str, type_pos + len, 0);
94 last = DBUS_TYPE_INVALID;
98 _dbus_assert (struct_depth + dict_entry_depth >= 0);
99 _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
100 _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0');
105 case DBUS_TYPE_BOOLEAN:
106 case DBUS_TYPE_INT16:
107 case DBUS_TYPE_UINT16:
108 case DBUS_TYPE_INT32:
109 case DBUS_TYPE_UINT32:
110 case DBUS_TYPE_UNIX_FD:
111 case DBUS_TYPE_INT64:
112 case DBUS_TYPE_UINT64:
113 case DBUS_TYPE_DOUBLE:
114 case DBUS_TYPE_STRING:
115 case DBUS_TYPE_OBJECT_PATH:
116 case DBUS_TYPE_SIGNATURE:
117 case DBUS_TYPE_VARIANT:
120 case DBUS_TYPE_ARRAY:
122 if (array_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
124 result = DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION;
129 case DBUS_STRUCT_BEGIN_CHAR:
132 if (struct_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
134 result = DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION;
138 if (!_dbus_list_append (&element_count_stack,
139 _DBUS_INT_TO_POINTER (0)))
141 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
145 _dbus_assert (struct_depth + dict_entry_depth >= 1);
146 _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
147 _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
148 opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR;
151 case DBUS_STRUCT_END_CHAR:
152 if (struct_depth == 0)
154 result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
158 if (last == DBUS_STRUCT_BEGIN_CHAR)
160 result = DBUS_INVALID_STRUCT_HAS_NO_FIELDS;
164 _dbus_assert (struct_depth + dict_entry_depth >= 1);
165 _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
166 last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
168 if (last_bracket != DBUS_STRUCT_BEGIN_CHAR)
170 result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
174 _dbus_list_pop_last (&element_count_stack);
177 opened_brackets[struct_depth + dict_entry_depth] = '\0';
180 case DBUS_DICT_ENTRY_BEGIN_CHAR:
181 if (last != DBUS_TYPE_ARRAY)
183 result = DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY;
187 dict_entry_depth += 1;
189 if (dict_entry_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
191 result = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
195 if (!_dbus_list_append (&element_count_stack,
196 _DBUS_INT_TO_POINTER (0)))
198 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
202 _dbus_assert (struct_depth + dict_entry_depth >= 1);
203 _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
204 _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
205 opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR;
208 case DBUS_DICT_ENTRY_END_CHAR:
209 if (dict_entry_depth == 0)
211 result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
215 _dbus_assert (struct_depth + dict_entry_depth >= 1);
216 _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
217 last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
219 if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR)
221 result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
225 dict_entry_depth -= 1;
226 opened_brackets[struct_depth + dict_entry_depth] = '\0';
229 _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
231 if (element_count != 2)
233 if (element_count == 0)
234 result = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
235 else if (element_count == 1)
236 result = DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD;
238 result = DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS;
244 case DBUS_TYPE_STRUCT: /* doesn't appear in signatures */
245 case DBUS_TYPE_DICT_ENTRY: /* ditto */
247 result = DBUS_INVALID_UNKNOWN_TYPECODE;
251 if (*p != DBUS_TYPE_ARRAY &&
252 *p != DBUS_DICT_ENTRY_BEGIN_CHAR &&
253 *p != DBUS_STRUCT_BEGIN_CHAR)
256 _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
260 if (!_dbus_list_append (&element_count_stack,
261 _DBUS_INT_TO_POINTER (element_count)))
263 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
270 if (*p == DBUS_TYPE_ARRAY && p != end)
272 const unsigned char *p1;
274 if (*p1 == DBUS_STRUCT_END_CHAR ||
275 *p1 == DBUS_DICT_ENTRY_END_CHAR)
277 result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
287 if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
289 if (!(dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
291 result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
303 result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
307 if (struct_depth > 0)
309 result = DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED;
313 if (dict_entry_depth > 0)
315 result = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
319 _dbus_assert (last != DBUS_TYPE_ARRAY);
320 _dbus_assert (last != DBUS_STRUCT_BEGIN_CHAR);
321 _dbus_assert (last != DBUS_DICT_ENTRY_BEGIN_CHAR);
326 _dbus_list_clear (&element_count_stack);
330 /* note: this function is also used to validate the header's values,
331 * since the header is a valid body with a particular signature.
334 validate_body_helper (DBusTypeReader *reader,
336 dbus_bool_t walk_reader_to_end,
338 const unsigned char *p,
339 const unsigned char *end,
340 const unsigned char **new_p)
344 /* The spec allows arrays and structs to each nest 32, for total
345 * nesting of 2*32. We want to impose the same limit on "dynamic"
346 * value nesting (not visible in the signature) which is introduced
347 * by DBUS_TYPE_VARIANT.
349 if (total_depth > (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2))
351 return DBUS_INVALID_NESTED_TOO_DEEPLY;
354 while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID)
356 const unsigned char *a;
360 _dbus_verbose (" validating value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
361 _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
365 /* Guarantee that p has one byte to look at */
367 return DBUS_INVALID_NOT_ENOUGH_DATA;
369 switch (current_type)
375 case DBUS_TYPE_BOOLEAN:
376 case DBUS_TYPE_INT16:
377 case DBUS_TYPE_UINT16:
378 case DBUS_TYPE_INT32:
379 case DBUS_TYPE_UINT32:
380 case DBUS_TYPE_UNIX_FD:
381 case DBUS_TYPE_INT64:
382 case DBUS_TYPE_UINT64:
383 case DBUS_TYPE_DOUBLE:
384 alignment = _dbus_type_get_alignment (current_type);
385 a = _DBUS_ALIGN_ADDRESS (p, alignment);
387 return DBUS_INVALID_NOT_ENOUGH_DATA;
391 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
395 if (current_type == DBUS_TYPE_BOOLEAN)
400 return DBUS_INVALID_NOT_ENOUGH_DATA;
402 v = _dbus_unpack_uint32 (byte_order, p);
404 if (!(v == 0 || v == 1))
405 return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
411 case DBUS_TYPE_ARRAY:
412 case DBUS_TYPE_STRING:
413 case DBUS_TYPE_OBJECT_PATH:
415 dbus_uint32_t claimed_len;
417 a = _DBUS_ALIGN_ADDRESS (p, 4);
419 return DBUS_INVALID_NOT_ENOUGH_DATA;
423 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
427 claimed_len = _dbus_unpack_uint32 (byte_order, p);
430 /* p may now be == end */
431 _dbus_assert (p <= end);
433 if (current_type == DBUS_TYPE_ARRAY)
435 int array_elem_type = _dbus_type_reader_get_element_type (reader);
437 if (!dbus_type_is_valid (array_elem_type))
439 return DBUS_INVALID_UNKNOWN_TYPECODE;
442 alignment = _dbus_type_get_alignment (array_elem_type);
444 a = _DBUS_ALIGN_ADDRESS (p, alignment);
446 /* a may now be == end */
448 return DBUS_INVALID_NOT_ENOUGH_DATA;
453 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
458 if (claimed_len > (unsigned long) (end - p))
459 return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
461 if (current_type == DBUS_TYPE_OBJECT_PATH)
464 _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
465 if (!_dbus_validate_path (&str, 0,
466 _dbus_string_get_length (&str)))
467 return DBUS_INVALID_BAD_PATH;
471 else if (current_type == DBUS_TYPE_STRING)
474 _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
475 if (!_dbus_string_validate_utf8 (&str, 0,
476 _dbus_string_get_length (&str)))
477 return DBUS_INVALID_BAD_UTF8_IN_STRING;
481 else if (current_type == DBUS_TYPE_ARRAY && claimed_len > 0)
484 DBusValidity validity;
485 const unsigned char *array_end;
488 if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
489 return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
491 /* Remember that the reader is types only, so we can't
492 * use it to iterate over elements. It stays the same
495 _dbus_type_reader_recurse (reader, &sub);
497 array_end = p + claimed_len;
499 array_elem_type = _dbus_type_reader_get_element_type (reader);
501 /* avoid recursive call to validate_body_helper if this is an array
502 * of fixed-size elements
504 if (dbus_type_is_fixed (array_elem_type))
506 /* Note that fixed-size types all have sizes equal to
507 * their alignments, so this is really the item size. */
508 alignment = _dbus_type_get_alignment (array_elem_type);
509 _dbus_assert (alignment == 1 || alignment == 2 ||
510 alignment == 4 || alignment == 8);
512 /* Because the alignment is a power of 2, this is
513 * equivalent to: (claimed_len % alignment) != 0,
514 * but avoids slower integer division */
515 if ((claimed_len & (alignment - 1)) != 0)
516 return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
518 /* bools need to be handled differently, because they can
519 * have an invalid value
521 if (array_elem_type == DBUS_TYPE_BOOLEAN)
525 while (p < array_end)
527 v = _dbus_unpack_uint32 (byte_order, p);
529 if (!(v == 0 || v == 1))
530 return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
544 while (p < array_end)
546 validity = validate_body_helper (&sub, byte_order, FALSE,
549 if (validity != DBUS_VALID)
555 return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
558 /* check nul termination */
559 if (current_type != DBUS_TYPE_ARRAY)
562 return DBUS_INVALID_NOT_ENOUGH_DATA;
565 return DBUS_INVALID_STRING_MISSING_NUL;
571 case DBUS_TYPE_SIGNATURE:
573 dbus_uint32_t claimed_len;
575 DBusValidity validity;
580 /* 1 is for nul termination */
581 if (claimed_len + 1 > (unsigned long) (end - p))
582 return DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
584 _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
586 _dbus_validate_signature_with_reason (&str, 0,
587 _dbus_string_get_length (&str));
589 if (validity != DBUS_VALID)
594 _dbus_assert (p < end);
595 if (*p != DBUS_TYPE_INVALID)
596 return DBUS_INVALID_SIGNATURE_MISSING_NUL;
600 _dbus_verbose ("p = %p end = %p claimed_len %u\n", p, end, claimed_len);
604 case DBUS_TYPE_VARIANT:
606 /* 1 byte sig len, sig typecodes, align to
607 * contained-type-boundary, values.
610 /* In addition to normal signature validation, we need to be sure
611 * the signature contains only a single (possibly container) type.
613 dbus_uint32_t claimed_len;
616 DBusValidity validity;
617 int contained_alignment;
625 if (claimed_len + 1 > (unsigned long) (end - p))
626 return DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
628 _dbus_string_init_const_len (&sig, (const char *) p, claimed_len);
629 reason = _dbus_validate_signature_with_reason (&sig, 0,
630 _dbus_string_get_length (&sig));
631 if (!(reason == DBUS_VALID))
633 if (reason == DBUS_VALIDITY_UNKNOWN_OOM_ERROR)
636 return DBUS_INVALID_VARIANT_SIGNATURE_BAD;
641 if (*p != DBUS_TYPE_INVALID)
642 return DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL;
645 contained_type = _dbus_first_type_in_signature (&sig, 0);
646 if (contained_type == DBUS_TYPE_INVALID)
647 return DBUS_INVALID_VARIANT_SIGNATURE_EMPTY;
649 contained_alignment = _dbus_type_get_alignment (contained_type);
651 a = _DBUS_ALIGN_ADDRESS (p, contained_alignment);
653 return DBUS_INVALID_NOT_ENOUGH_DATA;
657 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
661 _dbus_type_reader_init_types_only (&sub, &sig, 0);
663 _dbus_assert (_dbus_type_reader_get_current_type (&sub) != DBUS_TYPE_INVALID);
665 validity = validate_body_helper (&sub, byte_order, FALSE,
668 if (validity != DBUS_VALID)
671 if (_dbus_type_reader_next (&sub))
672 return DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES;
674 _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_INVALID);
678 case DBUS_TYPE_DICT_ENTRY:
679 case DBUS_TYPE_STRUCT:
682 DBusValidity validity;
684 a = _DBUS_ALIGN_ADDRESS (p, 8);
686 return DBUS_INVALID_NOT_ENOUGH_DATA;
690 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
694 _dbus_type_reader_recurse (reader, &sub);
696 validity = validate_body_helper (&sub, byte_order, TRUE,
699 if (validity != DBUS_VALID)
705 _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
710 _dbus_verbose (" validated value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
711 _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
717 _dbus_verbose ("not enough data!!! p = %p end = %p end-p = %d\n",
718 p, end, (int) (end - p));
719 return DBUS_INVALID_NOT_ENOUGH_DATA;
722 if (walk_reader_to_end)
723 _dbus_type_reader_next (reader);
735 * Verifies that the range of value_str from value_pos to value_end is
736 * a legitimate value of type expected_signature. If this function
737 * returns #TRUE, it will be safe to iterate over the values with
738 * #DBusTypeReader. The signature is assumed to be already valid.
740 * If bytes_remaining is not #NULL, then leftover bytes will be stored
741 * there and #DBUS_VALID returned. If it is #NULL, then
742 * #DBUS_INVALID_TOO_MUCH_DATA will be returned if bytes are left
745 * @param expected_signature the expected types in the value_str
746 * @param expected_signature_start where in expected_signature is the signature
747 * @param byte_order the byte order
748 * @param bytes_remaining place to store leftover bytes
749 * @param value_str the string containing the body
750 * @param value_pos where the values start
751 * @param len length of values after value_pos
752 * @returns #DBUS_VALID if valid, reason why invalid otherwise
755 _dbus_validate_body_with_reason (const DBusString *expected_signature,
756 int expected_signature_start,
758 int *bytes_remaining,
759 const DBusString *value_str,
763 DBusTypeReader reader;
764 const unsigned char *p;
765 const unsigned char *end;
766 DBusValidity validity;
768 _dbus_assert (len >= 0);
769 _dbus_assert (value_pos >= 0);
770 _dbus_assert (value_pos <= _dbus_string_get_length (value_str) - len);
772 _dbus_verbose ("validating body from pos %d len %d sig '%s'\n",
773 value_pos, len, _dbus_string_get_const_data_len (expected_signature,
774 expected_signature_start,
777 _dbus_type_reader_init_types_only (&reader,
778 expected_signature, expected_signature_start);
780 p = _dbus_string_get_const_udata_len (value_str, value_pos, len);
783 validity = validate_body_helper (&reader, byte_order, TRUE, 0, p, end, &p);
784 if (validity != DBUS_VALID)
789 *bytes_remaining = end - p;
793 return DBUS_INVALID_TOO_MUCH_DATA;
796 _dbus_assert (p == end);
802 * Determine wether the given character is valid as the first character
805 #define VALID_INITIAL_NAME_CHARACTER(c) \
806 ( ((c) >= 'A' && (c) <= 'Z') || \
807 ((c) >= 'a' && (c) <= 'z') || \
811 * Determine wether the given character is valid as a second or later
812 * character in a name
814 #define VALID_NAME_CHARACTER(c) \
815 ( ((c) >= '0' && (c) <= '9') || \
816 ((c) >= 'A' && (c) <= 'Z') || \
817 ((c) >= 'a' && (c) <= 'z') || \
821 * Checks that the given range of the string is a valid object path
822 * name in the D-Bus protocol. Part of the validation ensures that
823 * the object path contains only ASCII.
825 * @todo this is inconsistent with most of DBusString in that
826 * it allows a start,len range that extends past the string end.
828 * @todo change spec to disallow more things, such as spaces in the
831 * @param str the string
832 * @param start first byte index to check
833 * @param len number of bytes to check
834 * @returns #TRUE if the byte range exists and is a valid name
837 _dbus_validate_path (const DBusString *str,
841 const unsigned char *s;
842 const unsigned char *end;
843 const unsigned char *last_slash;
845 _dbus_assert (start >= 0);
846 _dbus_assert (len >= 0);
847 _dbus_assert (start <= _dbus_string_get_length (str));
849 if (len > _dbus_string_get_length (str) - start)
855 s = _dbus_string_get_const_udata (str) + start;
867 if ((s - last_slash) < 2)
868 return FALSE; /* no empty path components allowed */
874 if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
881 if ((end - last_slash) < 2 &&
883 return FALSE; /* trailing slash not allowed unless the string is "/" */
889 _dbus_validity_to_error_message (DBusValidity validity)
893 case DBUS_VALIDITY_UNKNOWN_OOM_ERROR: return "Out of memory";
894 case DBUS_INVALID_FOR_UNKNOWN_REASON: return "Unknown reason";
895 case DBUS_VALID_BUT_INCOMPLETE: return "Valid but incomplete";
896 case DBUS_VALIDITY_UNKNOWN: return "Validity unknown";
897 case DBUS_VALID: return "Valid";
898 case DBUS_INVALID_UNKNOWN_TYPECODE: return "Unknown typecode";
899 case DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE: return "Missing array element type";
900 case DBUS_INVALID_SIGNATURE_TOO_LONG: return "Signature is too long";
901 case DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION: return "Exceeded maximum array recursion";
902 case DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION: return "Exceeded maximum struct recursion";
903 case DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED: return "Struct ended but not started";
904 case DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED: return "Struct started but not ended";
905 case DBUS_INVALID_STRUCT_HAS_NO_FIELDS: return "Struct has no fields";
906 case DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL: return "Alignment padding not null";
907 case DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE: return "Boolean is not zero or one";
908 case DBUS_INVALID_NOT_ENOUGH_DATA: return "Not enough data";
909 case DBUS_INVALID_TOO_MUCH_DATA: return "Too much data";
910 case DBUS_INVALID_BAD_BYTE_ORDER: return "Bad byte order";
911 case DBUS_INVALID_BAD_PROTOCOL_VERSION: return "Bad protocol version";
912 case DBUS_INVALID_BAD_MESSAGE_TYPE: return "Bad message type";
913 case DBUS_INVALID_BAD_SERIAL: return "Bad serial";
914 case DBUS_INVALID_INSANE_FIELDS_ARRAY_LENGTH: return "Insane fields array length";
915 case DBUS_INVALID_INSANE_BODY_LENGTH: return "Insane body length";
916 case DBUS_INVALID_MESSAGE_TOO_LONG: return "Message too long";
917 case DBUS_INVALID_HEADER_FIELD_CODE: return "Header field code";
918 case DBUS_INVALID_HEADER_FIELD_HAS_WRONG_TYPE: return "Header field has wrong type";
919 case DBUS_INVALID_USES_LOCAL_INTERFACE: return "Uses local interface";
920 case DBUS_INVALID_USES_LOCAL_PATH: return "Uses local path";
921 case DBUS_INVALID_HEADER_FIELD_APPEARS_TWICE: return "Header field appears twice";
922 case DBUS_INVALID_BAD_DESTINATION: return "Bad destination";
923 case DBUS_INVALID_BAD_INTERFACE: return "Bad interface";
924 case DBUS_INVALID_BAD_MEMBER: return "Bad member";
925 case DBUS_INVALID_BAD_ERROR_NAME: return "Bad error name";
926 case DBUS_INVALID_BAD_SENDER: return "Bad sender";
927 case DBUS_INVALID_MISSING_PATH: return "Missing path";
928 case DBUS_INVALID_MISSING_INTERFACE: return "Missing interface";
929 case DBUS_INVALID_MISSING_MEMBER: return "Missing member";
930 case DBUS_INVALID_MISSING_ERROR_NAME: return "Missing error name";
931 case DBUS_INVALID_MISSING_REPLY_SERIAL: return "Missing reply serial";
932 case DBUS_INVALID_LENGTH_OUT_OF_BOUNDS: return "Length out of bounds";
933 case DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM: return "Array length exceeds maximum";
934 case DBUS_INVALID_BAD_PATH: return "Bad path";
935 case DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Signature length out of bounds";
936 case DBUS_INVALID_BAD_UTF8_IN_STRING: return "Bad utf8 in string";
937 case DBUS_INVALID_ARRAY_LENGTH_INCORRECT: return "Array length incorrect";
938 case DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Variant signature length out of bounds";
939 case DBUS_INVALID_VARIANT_SIGNATURE_BAD: return "Variant signature bad";
940 case DBUS_INVALID_VARIANT_SIGNATURE_EMPTY: return "Variant signature empty";
941 case DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES: return "Variant signature specifies multiple values";
942 case DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL: return "Variant signature missing nul";
943 case DBUS_INVALID_STRING_MISSING_NUL: return "String missing nul";
944 case DBUS_INVALID_SIGNATURE_MISSING_NUL: return "Signature missing nul";
945 case DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION: return "Exceeded maximum dict entry recursion";
946 case DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED: return "Dict entry ended but not started";
947 case DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED: return "Dict entry started but not ended";
948 case DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS: return "Dict entry has no fields";
949 case DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD: return "Dict entry has only one field";
950 case DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS: return "Dict entry has too many fields";
951 case DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY: return "Dict entry not inside array";
952 case DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE: return "Dict key must be basic type";
953 case DBUS_INVALID_MISSING_UNIX_FDS: return "Unix file descriptor missing";
954 case DBUS_INVALID_NESTED_TOO_DEEPLY: return "Variants cannot be used to create a hugely recursive tree of values";
955 case DBUS_VALIDITY_LAST:
962 * Checks that the given range of the string is a valid interface name
963 * in the D-Bus protocol. This includes a length restriction and an
964 * ASCII subset, see the specification.
966 * @todo this is inconsistent with most of DBusString in that
967 * it allows a start,len range that extends past the string end.
969 * @param str the string
970 * @param start first byte index to check
971 * @param len number of bytes to check
972 * @returns #TRUE if the byte range exists and is a valid name
975 _dbus_validate_interface (const DBusString *str,
979 const unsigned char *s;
980 const unsigned char *end;
981 const unsigned char *iface;
982 const unsigned char *last_dot;
984 _dbus_assert (start >= 0);
985 _dbus_assert (len >= 0);
986 _dbus_assert (start <= _dbus_string_get_length (str));
988 if (len > _dbus_string_get_length (str) - start)
991 if (len > DBUS_MAXIMUM_NAME_LENGTH)
998 iface = _dbus_string_get_const_udata (str) + start;
1002 /* check special cases of first char so it doesn't have to be done
1003 * in the loop. Note we know len > 0
1005 if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
1007 else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
1016 if (_DBUS_UNLIKELY ((s + 1) == end))
1018 else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*(s + 1))))
1021 ++s; /* we just validated the next char, so skip two */
1023 else if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
1031 if (_DBUS_UNLIKELY (last_dot == NULL))
1038 * Checks that the given range of the string is a valid member name
1039 * in the D-Bus protocol. This includes a length restriction, etc.,
1040 * see the specification.
1042 * @todo this is inconsistent with most of DBusString in that
1043 * it allows a start,len range that extends past the string end.
1045 * @param str the string
1046 * @param start first byte index to check
1047 * @param len number of bytes to check
1048 * @returns #TRUE if the byte range exists and is a valid name
1051 _dbus_validate_member (const DBusString *str,
1055 const unsigned char *s;
1056 const unsigned char *end;
1057 const unsigned char *member;
1059 _dbus_assert (start >= 0);
1060 _dbus_assert (len >= 0);
1061 _dbus_assert (start <= _dbus_string_get_length (str));
1063 if (len > _dbus_string_get_length (str) - start)
1066 if (len > DBUS_MAXIMUM_NAME_LENGTH)
1072 member = _dbus_string_get_const_udata (str) + start;
1076 /* check special cases of first char so it doesn't have to be done
1077 * in the loop. Note we know len > 0
1080 if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
1087 if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
1099 * Checks that the given range of the string is a valid error name
1100 * in the D-Bus protocol. This includes a length restriction, etc.,
1101 * see the specification.
1103 * @todo this is inconsistent with most of DBusString in that
1104 * it allows a start,len range that extends past the string end.
1106 * @param str the string
1107 * @param start first byte index to check
1108 * @param len number of bytes to check
1109 * @returns #TRUE if the byte range exists and is a valid name
1112 _dbus_validate_error_name (const DBusString *str,
1116 /* Same restrictions as interface name at the moment */
1117 return _dbus_validate_interface (str, start, len);
1121 * Determine wether the given character is valid as the first character
1124 #define VALID_INITIAL_BUS_NAME_CHARACTER(c) \
1125 ( ((c) >= 'A' && (c) <= 'Z') || \
1126 ((c) >= 'a' && (c) <= 'z') || \
1127 ((c) == '_') || ((c) == '-'))
1130 * Determine wether the given character is valid as a second or later
1131 * character in a bus name
1133 #define VALID_BUS_NAME_CHARACTER(c) \
1134 ( ((c) >= '0' && (c) <= '9') || \
1135 ((c) >= 'A' && (c) <= 'Z') || \
1136 ((c) >= 'a' && (c) <= 'z') || \
1137 ((c) == '_') || ((c) == '-'))
1140 _dbus_validate_bus_name_full (const DBusString *str,
1143 dbus_bool_t is_namespace)
1145 const unsigned char *s;
1146 const unsigned char *end;
1147 const unsigned char *iface;
1148 const unsigned char *last_dot;
1150 _dbus_assert (start >= 0);
1151 _dbus_assert (len >= 0);
1152 _dbus_assert (start <= _dbus_string_get_length (str));
1154 if (len > _dbus_string_get_length (str) - start)
1157 if (len > DBUS_MAXIMUM_NAME_LENGTH)
1164 iface = _dbus_string_get_const_udata (str) + start;
1168 /* check special cases of first char so it doesn't have to be done
1169 * in the loop. Note we know len > 0
1179 if (_DBUS_UNLIKELY ((s + 1) == end))
1181 if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
1183 ++s; /* we just validated the next char, so skip two */
1185 else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1195 else if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
1197 else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*s)))
1206 if (_DBUS_UNLIKELY ((s + 1) == end))
1208 else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*(s + 1))))
1211 ++s; /* we just validated the next char, so skip two */
1213 else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1221 if (!is_namespace && _DBUS_UNLIKELY (last_dot == NULL))
1228 * Checks that the given range of the string is a valid bus name in
1229 * the D-Bus protocol. This includes a length restriction, etc., see
1230 * the specification.
1232 * @todo this is inconsistent with most of DBusString in that
1233 * it allows a start,len range that extends past the string end.
1235 * @param str the string
1236 * @param start first byte index to check
1237 * @param len number of bytes to check
1238 * @returns #TRUE if the byte range exists and is a valid name
1241 _dbus_validate_bus_name (const DBusString *str,
1245 return _dbus_validate_bus_name_full (str, start, len, FALSE);
1249 * Checks that the given range of the string is a prefix of a valid bus name in
1250 * the D-Bus protocol. Unlike _dbus_validate_bus_name(), this accepts strings
1251 * with only one period-separated component.
1253 * @todo this is inconsistent with most of DBusString in that
1254 * it allows a start,len range that extends past the string end.
1256 * @param str the string
1257 * @param start first byte index to check
1258 * @param len number of bytes to check
1259 * @returns #TRUE if the byte range exists and is a valid name
1262 _dbus_validate_bus_namespace (const DBusString *str,
1266 return _dbus_validate_bus_name_full (str, start, len, TRUE);
1269 /** define _dbus_check_is_valid_path() */
1270 DEFINE_DBUS_NAME_CHECK(path)
1271 /** define _dbus_check_is_valid_interface() */
1272 DEFINE_DBUS_NAME_CHECK(interface)
1273 /** define _dbus_check_is_valid_member() */
1274 DEFINE_DBUS_NAME_CHECK(member)
1275 /** define _dbus_check_is_valid_error_name() */
1276 DEFINE_DBUS_NAME_CHECK(error_name)
1277 /** define _dbus_check_is_valid_bus_name() */
1278 DEFINE_DBUS_NAME_CHECK(bus_name)
1279 /** define _dbus_check_is_valid_utf8() */
1280 DEFINE_DBUS_NAME_CHECK(utf8)
1284 /* tests in dbus-marshal-validate-util.c */