1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-marshal-validate.c Validation routines for marshaled data
4 * Copyright (C) 2005 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
24 #include "dbus-internals.h"
25 #include "dbus-marshal-validate.h"
26 #include "dbus-marshal-recursive.h"
27 #include "dbus-marshal-basic.h"
28 #include "dbus-signature.h"
29 #include "dbus-string.h"
32 * @addtogroup DBusMarshal
38 * Verifies that the range of type_str from type_pos to type_end is a
39 * valid signature. If this function returns #TRUE, it will be safe
40 * to iterate over the signature with a types-only #DBusTypeReader.
41 * The range passed in should NOT include the terminating
42 * nul/DBUS_TYPE_INVALID.
44 * @param type_str the string
45 * @param type_pos where the typecodes start
46 * @param len length of typecodes
47 * @returns #DBUS_VALID if valid, reason why invalid otherwise
50 _dbus_validate_signature_with_reason (const DBusString *type_str,
54 const unsigned char *p;
55 const unsigned char *end;
63 DBusList *element_count_stack;
66 element_count_stack = NULL;
68 if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0)))
70 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
74 _dbus_assert (type_str != NULL);
75 _dbus_assert (type_pos < _DBUS_INT32_MAX - len);
76 _dbus_assert (len >= 0);
77 _dbus_assert (type_pos >= 0);
79 if (len > DBUS_MAXIMUM_SIGNATURE_LENGTH)
81 result = DBUS_INVALID_SIGNATURE_TOO_LONG;
85 p = _dbus_string_get_const_data_len (type_str, type_pos, 0);
87 end = _dbus_string_get_const_data_len (type_str, type_pos + len, 0);
91 last = DBUS_TYPE_INVALID;
98 case DBUS_TYPE_BOOLEAN:
100 case DBUS_TYPE_UINT16:
101 case DBUS_TYPE_INT32:
102 case DBUS_TYPE_UINT32:
103 case DBUS_TYPE_UNIX_FD:
104 case DBUS_TYPE_INT64:
105 case DBUS_TYPE_UINT64:
106 case DBUS_TYPE_DOUBLE:
107 case DBUS_TYPE_STRING:
108 case DBUS_TYPE_OBJECT_PATH:
109 case DBUS_TYPE_SIGNATURE:
110 case DBUS_TYPE_VARIANT:
113 case DBUS_TYPE_ARRAY:
115 if (array_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
117 result = DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION;
122 case DBUS_STRUCT_BEGIN_CHAR:
125 if (struct_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
127 result = DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION;
131 if (!_dbus_list_append (&element_count_stack,
132 _DBUS_INT_TO_POINTER (0)))
134 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
140 case DBUS_STRUCT_END_CHAR:
141 if (struct_depth == 0)
143 result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
147 if (last == DBUS_STRUCT_BEGIN_CHAR)
149 result = DBUS_INVALID_STRUCT_HAS_NO_FIELDS;
153 _dbus_list_pop_last (&element_count_stack);
158 case DBUS_DICT_ENTRY_BEGIN_CHAR:
159 if (last != DBUS_TYPE_ARRAY)
161 result = DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY;
165 dict_entry_depth += 1;
167 if (dict_entry_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
169 result = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
173 if (!_dbus_list_append (&element_count_stack,
174 _DBUS_INT_TO_POINTER (0)))
176 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
182 case DBUS_DICT_ENTRY_END_CHAR:
183 if (dict_entry_depth == 0)
185 result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
189 dict_entry_depth -= 1;
192 _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
194 if (element_count != 2)
196 if (element_count == 0)
197 result = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
198 else if (element_count == 1)
199 result = DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD;
201 result = DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS;
207 case DBUS_TYPE_STRUCT: /* doesn't appear in signatures */
208 case DBUS_TYPE_DICT_ENTRY: /* ditto */
210 result = DBUS_INVALID_UNKNOWN_TYPECODE;
214 if (*p != DBUS_TYPE_ARRAY &&
215 *p != DBUS_DICT_ENTRY_BEGIN_CHAR &&
216 *p != DBUS_STRUCT_BEGIN_CHAR)
219 _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
223 if (!_dbus_list_append (&element_count_stack,
224 _DBUS_INT_TO_POINTER (element_count)))
226 result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR;
233 if (*p == DBUS_TYPE_ARRAY && p != end)
237 if (*p1 == DBUS_STRUCT_END_CHAR ||
238 *p1 == DBUS_DICT_ENTRY_END_CHAR)
240 result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
250 if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
252 if (!(_dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
254 result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
266 result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
270 if (struct_depth > 0)
272 result = DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED;
276 if (dict_entry_depth > 0)
278 result = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
282 _dbus_assert (last != DBUS_TYPE_ARRAY);
283 _dbus_assert (last != DBUS_STRUCT_BEGIN_CHAR);
284 _dbus_assert (last != DBUS_DICT_ENTRY_BEGIN_CHAR);
289 _dbus_list_clear (&element_count_stack);
294 validate_body_helper (DBusTypeReader *reader,
296 dbus_bool_t walk_reader_to_end,
297 const unsigned char *p,
298 const unsigned char *end,
299 const unsigned char **new_p)
303 while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID)
305 const unsigned char *a;
309 _dbus_verbose (" validating value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
310 _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
314 /* Guarantee that p has one byte to look at */
316 return DBUS_INVALID_NOT_ENOUGH_DATA;
318 switch (current_type)
324 case DBUS_TYPE_BOOLEAN:
325 case DBUS_TYPE_INT16:
326 case DBUS_TYPE_UINT16:
327 case DBUS_TYPE_INT32:
328 case DBUS_TYPE_UINT32:
329 case DBUS_TYPE_UNIX_FD:
330 case DBUS_TYPE_INT64:
331 case DBUS_TYPE_UINT64:
332 case DBUS_TYPE_DOUBLE:
333 alignment = _dbus_type_get_alignment (current_type);
334 a = _DBUS_ALIGN_ADDRESS (p, alignment);
336 return DBUS_INVALID_NOT_ENOUGH_DATA;
340 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
344 if (current_type == DBUS_TYPE_BOOLEAN)
346 dbus_uint32_t v = _dbus_unpack_uint32 (byte_order,
348 if (!(v == 0 || v == 1))
349 return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
355 case DBUS_TYPE_ARRAY:
356 case DBUS_TYPE_STRING:
357 case DBUS_TYPE_OBJECT_PATH:
359 dbus_uint32_t claimed_len;
361 a = _DBUS_ALIGN_ADDRESS (p, 4);
363 return DBUS_INVALID_NOT_ENOUGH_DATA;
367 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
371 claimed_len = _dbus_unpack_uint32 (byte_order, p);
374 /* p may now be == end */
375 _dbus_assert (p <= end);
377 if (current_type == DBUS_TYPE_ARRAY)
379 int array_elem_type = _dbus_type_reader_get_element_type (reader);
381 if (!_dbus_type_is_valid (array_elem_type))
383 return DBUS_INVALID_UNKNOWN_TYPECODE;
386 alignment = _dbus_type_get_alignment (array_elem_type);
388 a = _DBUS_ALIGN_ADDRESS (p, alignment);
390 /* a may now be == end */
392 return DBUS_INVALID_NOT_ENOUGH_DATA;
397 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
402 if (claimed_len > (unsigned long) (end - p))
403 return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
405 if (current_type == DBUS_TYPE_OBJECT_PATH)
408 _dbus_string_init_const_len (&str, p, claimed_len);
409 if (!_dbus_validate_path (&str, 0,
410 _dbus_string_get_length (&str)))
411 return DBUS_INVALID_BAD_PATH;
415 else if (current_type == DBUS_TYPE_STRING)
418 _dbus_string_init_const_len (&str, p, claimed_len);
419 if (!_dbus_string_validate_utf8 (&str, 0,
420 _dbus_string_get_length (&str)))
421 return DBUS_INVALID_BAD_UTF8_IN_STRING;
425 else if (current_type == DBUS_TYPE_ARRAY && claimed_len > 0)
428 DBusValidity validity;
429 const unsigned char *array_end;
432 if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
433 return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
435 /* Remember that the reader is types only, so we can't
436 * use it to iterate over elements. It stays the same
439 _dbus_type_reader_recurse (reader, &sub);
441 array_end = p + claimed_len;
443 array_elem_type = _dbus_type_reader_get_element_type (reader);
445 /* avoid recursive call to validate_body_helper if this is an array
446 * of fixed-size elements
448 if (dbus_type_is_fixed (array_elem_type))
450 /* bools need to be handled differently, because they can
451 * have an invalid value
453 if (array_elem_type == DBUS_TYPE_BOOLEAN)
456 alignment = _dbus_type_get_alignment (array_elem_type);
458 while (p < array_end)
460 v = _dbus_unpack_uint32 (byte_order, p);
462 if (!(v == 0 || v == 1))
463 return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
477 while (p < array_end)
479 validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p);
480 if (validity != DBUS_VALID)
486 return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
489 /* check nul termination */
490 if (current_type != DBUS_TYPE_ARRAY)
493 return DBUS_INVALID_NOT_ENOUGH_DATA;
496 return DBUS_INVALID_STRING_MISSING_NUL;
502 case DBUS_TYPE_SIGNATURE:
504 dbus_uint32_t claimed_len;
506 DBusValidity validity;
511 /* 1 is for nul termination */
512 if (claimed_len + 1 > (unsigned long) (end - p))
513 return DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
515 _dbus_string_init_const_len (&str, p, claimed_len);
517 _dbus_validate_signature_with_reason (&str, 0,
518 _dbus_string_get_length (&str));
520 if (validity != DBUS_VALID)
525 _dbus_assert (p < end);
526 if (*p != DBUS_TYPE_INVALID)
527 return DBUS_INVALID_SIGNATURE_MISSING_NUL;
531 _dbus_verbose ("p = %p end = %p claimed_len %u\n", p, end, claimed_len);
535 case DBUS_TYPE_VARIANT:
537 /* 1 byte sig len, sig typecodes, align to
538 * contained-type-boundary, values.
541 /* In addition to normal signature validation, we need to be sure
542 * the signature contains only a single (possibly container) type.
544 dbus_uint32_t claimed_len;
547 DBusValidity validity;
548 int contained_alignment;
556 if (claimed_len + 1 > (unsigned long) (end - p))
557 return DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
559 _dbus_string_init_const_len (&sig, p, claimed_len);
560 reason = _dbus_validate_signature_with_reason (&sig, 0,
561 _dbus_string_get_length (&sig));
562 if (!(reason == DBUS_VALID))
564 if (reason == DBUS_VALIDITY_UNKNOWN_OOM_ERROR)
567 return DBUS_INVALID_VARIANT_SIGNATURE_BAD;
572 if (*p != DBUS_TYPE_INVALID)
573 return DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL;
576 contained_type = _dbus_first_type_in_signature (&sig, 0);
577 if (contained_type == DBUS_TYPE_INVALID)
578 return DBUS_INVALID_VARIANT_SIGNATURE_EMPTY;
580 contained_alignment = _dbus_type_get_alignment (contained_type);
582 a = _DBUS_ALIGN_ADDRESS (p, contained_alignment);
584 return DBUS_INVALID_NOT_ENOUGH_DATA;
588 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
592 _dbus_type_reader_init_types_only (&sub, &sig, 0);
594 _dbus_assert (_dbus_type_reader_get_current_type (&sub) != DBUS_TYPE_INVALID);
596 validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p);
597 if (validity != DBUS_VALID)
600 if (_dbus_type_reader_next (&sub))
601 return DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES;
603 _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_INVALID);
607 case DBUS_TYPE_DICT_ENTRY:
608 case DBUS_TYPE_STRUCT:
611 DBusValidity validity;
613 a = _DBUS_ALIGN_ADDRESS (p, 8);
615 return DBUS_INVALID_NOT_ENOUGH_DATA;
619 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
623 _dbus_type_reader_recurse (reader, &sub);
625 validity = validate_body_helper (&sub, byte_order, TRUE, p, end, &p);
626 if (validity != DBUS_VALID)
632 _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
637 _dbus_verbose (" validated value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
638 _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
644 _dbus_verbose ("not enough data!!! p = %p end = %p end-p = %d\n",
645 p, end, (int) (end - p));
646 return DBUS_INVALID_NOT_ENOUGH_DATA;
649 if (walk_reader_to_end)
650 _dbus_type_reader_next (reader);
662 * Verifies that the range of value_str from value_pos to value_end is
663 * a legitimate value of type expected_signature. If this function
664 * returns #TRUE, it will be safe to iterate over the values with
665 * #DBusTypeReader. The signature is assumed to be already valid.
667 * If bytes_remaining is not #NULL, then leftover bytes will be stored
668 * there and #DBUS_VALID returned. If it is #NULL, then
669 * #DBUS_INVALID_TOO_MUCH_DATA will be returned if bytes are left
672 * @param expected_signature the expected types in the value_str
673 * @param expected_signature_start where in expected_signature is the signature
674 * @param byte_order the byte order
675 * @param bytes_remaining place to store leftover bytes
676 * @param value_str the string containing the body
677 * @param value_pos where the values start
678 * @param len length of values after value_pos
679 * @returns #DBUS_VALID if valid, reason why invalid otherwise
682 _dbus_validate_body_with_reason (const DBusString *expected_signature,
683 int expected_signature_start,
685 int *bytes_remaining,
686 const DBusString *value_str,
690 DBusTypeReader reader;
691 const unsigned char *p;
692 const unsigned char *end;
693 DBusValidity validity;
695 _dbus_assert (len >= 0);
696 _dbus_assert (value_pos >= 0);
697 _dbus_assert (value_pos <= _dbus_string_get_length (value_str) - len);
699 _dbus_verbose ("validating body from pos %d len %d sig '%s'\n",
700 value_pos, len, _dbus_string_get_const_data_len (expected_signature,
701 expected_signature_start,
704 _dbus_type_reader_init_types_only (&reader,
705 expected_signature, expected_signature_start);
707 p = _dbus_string_get_const_data_len (value_str, value_pos, len);
710 validity = validate_body_helper (&reader, byte_order, TRUE, p, end, &p);
711 if (validity != DBUS_VALID)
716 *bytes_remaining = end - p;
720 return DBUS_INVALID_TOO_MUCH_DATA;
723 _dbus_assert (p == end);
729 * Determine wether the given character is valid as the first character
732 #define VALID_INITIAL_NAME_CHARACTER(c) \
733 ( ((c) >= 'A' && (c) <= 'Z') || \
734 ((c) >= 'a' && (c) <= 'z') || \
738 * Determine wether the given character is valid as a second or later
739 * character in a name
741 #define VALID_NAME_CHARACTER(c) \
742 ( ((c) >= '0' && (c) <= '9') || \
743 ((c) >= 'A' && (c) <= 'Z') || \
744 ((c) >= 'a' && (c) <= 'z') || \
748 * Checks that the given range of the string is a valid object path
749 * name in the D-Bus protocol. Part of the validation ensures that
750 * the object path contains only ASCII.
752 * @todo this is inconsistent with most of DBusString in that
753 * it allows a start,len range that extends past the string end.
755 * @todo change spec to disallow more things, such as spaces in the
758 * @param str the string
759 * @param start first byte index to check
760 * @param len number of bytes to check
761 * @returns #TRUE if the byte range exists and is a valid name
764 _dbus_validate_path (const DBusString *str,
768 const unsigned char *s;
769 const unsigned char *end;
770 const unsigned char *last_slash;
772 _dbus_assert (start >= 0);
773 _dbus_assert (len >= 0);
774 _dbus_assert (start <= _dbus_string_get_length (str));
776 if (len > _dbus_string_get_length (str) - start)
782 s = _dbus_string_get_const_data (str) + start;
794 if ((s - last_slash) < 2)
795 return FALSE; /* no empty path components allowed */
801 if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
808 if ((end - last_slash) < 2 &&
810 return FALSE; /* trailing slash not allowed unless the string is "/" */
816 _dbus_validity_to_error_message (DBusValidity validity)
820 case DBUS_VALIDITY_UNKNOWN_OOM_ERROR: return "Out of memory";
821 case DBUS_INVALID_FOR_UNKNOWN_REASON: return "Unknown reason";
822 case DBUS_VALID_BUT_INCOMPLETE: return "Valid but incomplete";
823 case DBUS_VALIDITY_UNKNOWN: return "Validity unknown";
824 case DBUS_VALID: return "Valid";
825 case DBUS_INVALID_UNKNOWN_TYPECODE: return "Unknown typecode";
826 case DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE: return "Missing array element type";
827 case DBUS_INVALID_SIGNATURE_TOO_LONG: return "Signature is too long";
828 case DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION: return "Exceeded maximum array recursion";
829 case DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION: return "Exceeded maximum struct recursion";
830 case DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED: return "Struct ended but not started";
831 case DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED: return "Struct started but not ended";
832 case DBUS_INVALID_STRUCT_HAS_NO_FIELDS: return "Struct has no fields";
833 case DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL: return "Alignment padding not null";
834 case DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE: return "Boolean is not zero or one";
835 case DBUS_INVALID_NOT_ENOUGH_DATA: return "Not enough data";
836 case DBUS_INVALID_TOO_MUCH_DATA: return "Too much data";
837 case DBUS_INVALID_BAD_BYTE_ORDER: return "Bad byte order";
838 case DBUS_INVALID_BAD_PROTOCOL_VERSION: return "Bad protocol version";
839 case DBUS_INVALID_BAD_MESSAGE_TYPE: return "Bad message type";
840 case DBUS_INVALID_BAD_SERIAL: return "Bad serial";
841 case DBUS_INVALID_INSANE_FIELDS_ARRAY_LENGTH: return "Insane fields array length";
842 case DBUS_INVALID_INSANE_BODY_LENGTH: return "Insane body length";
843 case DBUS_INVALID_MESSAGE_TOO_LONG: return "Message too long";
844 case DBUS_INVALID_HEADER_FIELD_CODE: return "Header field code";
845 case DBUS_INVALID_HEADER_FIELD_HAS_WRONG_TYPE: return "Header field has wrong type";
846 case DBUS_INVALID_USES_LOCAL_INTERFACE: return "Uses local interface";
847 case DBUS_INVALID_USES_LOCAL_PATH: return "Uses local path";
848 case DBUS_INVALID_HEADER_FIELD_APPEARS_TWICE: return "Header field appears twice";
849 case DBUS_INVALID_BAD_DESTINATION: return "Bad destination";
850 case DBUS_INVALID_BAD_INTERFACE: return "Bad interface";
851 case DBUS_INVALID_BAD_MEMBER: return "Bad member";
852 case DBUS_INVALID_BAD_ERROR_NAME: return "Bad error name";
853 case DBUS_INVALID_BAD_SENDER: return "Bad sender";
854 case DBUS_INVALID_MISSING_PATH: return "Missing path";
855 case DBUS_INVALID_MISSING_INTERFACE: return "Missing interface";
856 case DBUS_INVALID_MISSING_MEMBER: return "Missing member";
857 case DBUS_INVALID_MISSING_ERROR_NAME: return "Missing error name";
858 case DBUS_INVALID_MISSING_REPLY_SERIAL: return "Missing reply serial";
859 case DBUS_INVALID_LENGTH_OUT_OF_BOUNDS: return "Length out of bounds";
860 case DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM: return "Array length exceeds maximum";
861 case DBUS_INVALID_BAD_PATH: return "Bad path";
862 case DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Signature length out of bounds";
863 case DBUS_INVALID_BAD_UTF8_IN_STRING: return "Bad utf8 in string";
864 case DBUS_INVALID_ARRAY_LENGTH_INCORRECT: return "Array length incorrect";
865 case DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Variant signature length out of bounds";
866 case DBUS_INVALID_VARIANT_SIGNATURE_BAD: return "Variant signature bad";
867 case DBUS_INVALID_VARIANT_SIGNATURE_EMPTY: return "Variant signature empty";
868 case DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES: return "Variant signature specifies multiple values";
869 case DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL: return "Variant signature missing nul";
870 case DBUS_INVALID_STRING_MISSING_NUL: return "String missing nul";
871 case DBUS_INVALID_SIGNATURE_MISSING_NUL: return "Signature missing nul";
872 case DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION: return "Exceeded maximum dict entry recursion";
873 case DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED: return "Dict entry ended but not started";
874 case DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED: return "Dict entry started but not ended";
875 case DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS: return "Dict entry has no fields";
876 case DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD: return "Dict entry has only one field";
877 case DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS: return "Dict entry has too many fields";
878 case DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY: return "Dict entry not inside array";
879 case DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE: return "Dict key must be basic type";
887 * Checks that the given range of the string is a valid interface name
888 * in the D-Bus protocol. This includes a length restriction and an
889 * ASCII subset, see the specification.
891 * @todo this is inconsistent with most of DBusString in that
892 * it allows a start,len range that extends past the string end.
894 * @param str the string
895 * @param start first byte index to check
896 * @param len number of bytes to check
897 * @returns #TRUE if the byte range exists and is a valid name
900 _dbus_validate_interface (const DBusString *str,
904 const unsigned char *s;
905 const unsigned char *end;
906 const unsigned char *iface;
907 const unsigned char *last_dot;
909 _dbus_assert (start >= 0);
910 _dbus_assert (len >= 0);
911 _dbus_assert (start <= _dbus_string_get_length (str));
913 if (len > _dbus_string_get_length (str) - start)
916 if (len > DBUS_MAXIMUM_NAME_LENGTH)
923 iface = _dbus_string_get_const_data (str) + start;
927 /* check special cases of first char so it doesn't have to be done
928 * in the loop. Note we know len > 0
930 if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
932 else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
941 if (_DBUS_UNLIKELY ((s + 1) == end))
943 else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*(s + 1))))
946 ++s; /* we just validated the next char, so skip two */
948 else if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
956 if (_DBUS_UNLIKELY (last_dot == NULL))
963 * Checks that the given range of the string is a valid member name
964 * in the D-Bus protocol. This includes a length restriction, etc.,
965 * see the specification.
967 * @todo this is inconsistent with most of DBusString in that
968 * it allows a start,len range that extends past the string end.
970 * @param str the string
971 * @param start first byte index to check
972 * @param len number of bytes to check
973 * @returns #TRUE if the byte range exists and is a valid name
976 _dbus_validate_member (const DBusString *str,
980 const unsigned char *s;
981 const unsigned char *end;
982 const unsigned char *member;
984 _dbus_assert (start >= 0);
985 _dbus_assert (len >= 0);
986 _dbus_assert (start <= _dbus_string_get_length (str));
988 if (len > _dbus_string_get_length (str) - start)
991 if (len > DBUS_MAXIMUM_NAME_LENGTH)
997 member = _dbus_string_get_const_data (str) + start;
1001 /* check special cases of first char so it doesn't have to be done
1002 * in the loop. Note we know len > 0
1005 if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
1012 if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
1024 * Checks that the given range of the string is a valid error name
1025 * in the D-Bus protocol. This includes a length restriction, etc.,
1026 * see the specification.
1028 * @todo this is inconsistent with most of DBusString in that
1029 * it allows a start,len range that extends past the string end.
1031 * @param str the string
1032 * @param start first byte index to check
1033 * @param len number of bytes to check
1034 * @returns #TRUE if the byte range exists and is a valid name
1037 _dbus_validate_error_name (const DBusString *str,
1041 /* Same restrictions as interface name at the moment */
1042 return _dbus_validate_interface (str, start, len);
1046 * Determine wether the given character is valid as the first character
1049 #define VALID_INITIAL_BUS_NAME_CHARACTER(c) \
1050 ( ((c) >= 'A' && (c) <= 'Z') || \
1051 ((c) >= 'a' && (c) <= 'z') || \
1052 ((c) == '_') || ((c) == '-'))
1055 * Determine wether the given character is valid as a second or later
1056 * character in a bus name
1058 #define VALID_BUS_NAME_CHARACTER(c) \
1059 ( ((c) >= '0' && (c) <= '9') || \
1060 ((c) >= 'A' && (c) <= 'Z') || \
1061 ((c) >= 'a' && (c) <= 'z') || \
1062 ((c) == '_') || ((c) == '-'))
1065 * Checks that the given range of the string is a valid bus name in
1066 * the D-Bus protocol. This includes a length restriction, etc., see
1067 * the specification.
1069 * @todo this is inconsistent with most of DBusString in that
1070 * it allows a start,len range that extends past the string end.
1072 * @param str the string
1073 * @param start first byte index to check
1074 * @param len number of bytes to check
1075 * @returns #TRUE if the byte range exists and is a valid name
1078 _dbus_validate_bus_name (const DBusString *str,
1082 const unsigned char *s;
1083 const unsigned char *end;
1084 const unsigned char *iface;
1085 const unsigned char *last_dot;
1087 _dbus_assert (start >= 0);
1088 _dbus_assert (len >= 0);
1089 _dbus_assert (start <= _dbus_string_get_length (str));
1091 if (len > _dbus_string_get_length (str) - start)
1094 if (len > DBUS_MAXIMUM_NAME_LENGTH)
1101 iface = _dbus_string_get_const_data (str) + start;
1105 /* check special cases of first char so it doesn't have to be done
1106 * in the loop. Note we know len > 0
1116 if (_DBUS_UNLIKELY ((s + 1) == end))
1118 if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
1120 ++s; /* we just validated the next char, so skip two */
1122 else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1132 else if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
1134 else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*s)))
1143 if (_DBUS_UNLIKELY ((s + 1) == end))
1145 else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*(s + 1))))
1148 ++s; /* we just validated the next char, so skip two */
1150 else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1158 if (_DBUS_UNLIKELY (last_dot == NULL))
1165 * Checks that the given range of the string is a valid message type
1166 * signature in the D-Bus protocol.
1168 * @todo this is inconsistent with most of DBusString in that
1169 * it allows a start,len range that extends past the string end.
1171 * @param str the string
1172 * @param start first byte index to check
1173 * @param len number of bytes to check
1174 * @returns #TRUE if the byte range exists and is a valid signature
1177 _dbus_validate_signature (const DBusString *str,
1181 _dbus_assert (start >= 0);
1182 _dbus_assert (start <= _dbus_string_get_length (str));
1183 _dbus_assert (len >= 0);
1185 if (len > _dbus_string_get_length (str) - start)
1188 return _dbus_validate_signature_with_reason (str, start, len) == DBUS_VALID;
1191 /** define _dbus_check_is_valid_path() */
1192 DEFINE_DBUS_NAME_CHECK(path)
1193 /** define _dbus_check_is_valid_interface() */
1194 DEFINE_DBUS_NAME_CHECK(interface)
1195 /** define _dbus_check_is_valid_member() */
1196 DEFINE_DBUS_NAME_CHECK(member)
1197 /** define _dbus_check_is_valid_error_name() */
1198 DEFINE_DBUS_NAME_CHECK(error_name)
1199 /** define _dbus_check_is_valid_bus_name() */
1200 DEFINE_DBUS_NAME_CHECK(bus_name)
1201 /** define _dbus_check_is_valid_signature() */
1202 DEFINE_DBUS_NAME_CHECK(signature)
1206 /* tests in dbus-marshal-validate-util.c */