2005-01-28 Havoc Pennington <hp@redhat.com>

[platform/upstream/dbus.git] / dbus / dbus-message.c

diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c
index 4ddfa37..8525200 100644 (file)
--- a/dbus/dbus-message.c
+++ b/dbus/dbus-message.c
@@ -25,6 +25,7 @@
 #include "dbus-internals.h"
 #include "dbus-marshal-recursive.h"
 #include "dbus-marshal-validate.h"
+#include "dbus-marshal-byteswap.h"
 #include "dbus-marshal-header.h"
 #include "dbus-message-private.h"
 #include "dbus-object-tree.h"
@@ -76,6 +77,57 @@ struct DBusMessageRealIter
   } u; /**< the type writer or reader that does all the work */
 };
 
+static void
+get_const_signature (DBusHeader        *header,
+                     const DBusString **type_str_p,
+                     int               *type_pos_p)
+{
+  if (_dbus_header_get_field_raw (header,
+                                  DBUS_HEADER_FIELD_SIGNATURE,
+                                  type_str_p,
+                                  type_pos_p))
+    {
+      *type_pos_p += 1; /* skip the signature length which is 1 byte */
+    }
+  else
+    {
+      *type_str_p = &_dbus_empty_signature_str;
+      *type_pos_p = 0;
+    }
+}
+
+/**
+ * Swaps the message to compiler byte order if required
+ *
+ * @param message the message
+ */
+static void
+_dbus_message_byteswap (DBusMessage *message)
+{
+  const DBusString *type_str;
+  int type_pos;
+  
+  if (message->byte_order == DBUS_COMPILER_BYTE_ORDER)
+    return;
+
+  _dbus_verbose ("Swapping message into compiler byte order\n");
+  
+  get_const_signature (&message->header, &type_str, &type_pos);
+  
+  _dbus_marshal_byteswap (type_str, type_pos,
+                          message->byte_order,
+                          DBUS_COMPILER_BYTE_ORDER,
+                          &message->body, 0);
+
+  message->byte_order = DBUS_COMPILER_BYTE_ORDER;
+  
+  _dbus_header_byteswap (&message->header, DBUS_COMPILER_BYTE_ORDER);
+}
+
+#define ensure_byte_order(message)                      \
+ if (message->byte_order != DBUS_COMPILER_BYTE_ORDER)   \
+   _dbus_message_byteswap (message)
+
 /**
  * Gets the data to be sent over the network for this message.
  * The header and then the body should be written out.
@@ -250,25 +302,6 @@ set_or_delete_string_field (DBusMessage *message,
                                          &value);
 }
 
-static void
-get_const_signature (DBusHeader        *header,
-                     const DBusString **type_str_p,
-                     int               *type_pos_p)
-{
-  if (_dbus_header_get_field_raw (header,
-                                  DBUS_HEADER_FIELD_SIGNATURE,
-                                  type_str_p,
-                                  type_pos_p))
-    {
-      *type_pos_p += 1; /* skip the signature length which is 1 byte */
-    }
-  else
-    {
-      *type_str_p = &_dbus_empty_signature_str;
-      *type_pos_p = 0;
-    }
-}
-
 #if 0
 /* Probably we don't need to use this */
 /**
@@ -570,7 +603,7 @@ dbus_message_cache_or_finalize (DBusMessage *message)
 {
   dbus_bool_t was_cached;
   int i;
-
+  
   _dbus_assert (message->refcount.value == 0);
 
   /* This calls application code and has to be done first thing
@@ -654,7 +687,7 @@ dbus_message_new_empty_header (void)
       message->generation = _dbus_current_generation;
 #endif
     }
-
+  
   message->refcount.value = 1;
   message->byte_order = DBUS_COMPILER_BYTE_ORDER;
   message->locked = FALSE;
@@ -1345,6 +1378,11 @@ _dbus_message_iter_init_common (DBusMessage         *message,
 {
   _dbus_assert (sizeof (DBusMessageRealIter) <= sizeof (DBusMessageIter));
 
+  /* Since the iterator will read or write who-knows-what from the
+   * message, we need to get in the right byte order
+   */
+  ensure_byte_order (message);
+  
   real->message = message;
   real->changed_stamp = message->changed_stamp;
   real->iter_type = iter_type;
@@ -1381,7 +1419,7 @@ dbus_message_iter_init (DBusMessage     *message,
                           &message->body,
                           0);
 
-  return _dbus_type_reader_has_next (&real->u.reader);
+  return _dbus_type_reader_get_current_type (&real->u.reader) != DBUS_TYPE_INVALID;
 }
 
 #ifndef DBUS_DISABLE_CHECKS
@@ -1401,6 +1439,8 @@ _dbus_message_iter_check (DBusMessageRealIter *iter)
           _dbus_warn ("dbus message changed byte order since iterator was created\n");
           return FALSE;
         }
+      /* because we swap the message into compiler order when you init an iter */
+      _dbus_assert (iter->u.reader.byte_order == DBUS_COMPILER_BYTE_ORDER);
     }
   else if (iter->iter_type == DBUS_MESSAGE_ITER_TYPE_WRITER)
     {
@@ -1409,6 +1449,8 @@ _dbus_message_iter_check (DBusMessageRealIter *iter)
           _dbus_warn ("dbus message changed byte order since append iterator was created\n");
           return FALSE;
         }
+      /* because we swap the message into compiler order when you init an iter */
+      _dbus_assert (iter->u.writer.byte_order == DBUS_COMPILER_BYTE_ORDER);
     }
   else
     {
@@ -2070,10 +2112,10 @@ dbus_message_iter_append_fixed_array (DBusMessageIter *iter,
  * dbus_message_iter_close_container(). Container types are for
  * example struct, variant, and array. For variants, the
  * contained_signature should be the type of the single value inside
- * the variant. For structs, contained_signature should be #NULL; it
- * will be set to whatever types you write into the struct.  For
- * arrays, contained_signature should be the type of the array
- * elements.
+ * the variant. For structs and dict entries, contained_signature
+ * should be #NULL; it will be set to whatever types you write into
+ * the struct.  For arrays, contained_signature should be the type of
+ * the array elements.
  *
  * @todo If this fails due to lack of memory, the message is hosed and
  * you have to start over building the whole message.
@@ -2100,7 +2142,21 @@ dbus_message_iter_open_container (DBusMessageIter *iter,
   _dbus_return_val_if_fail (sub != NULL, FALSE);
   _dbus_return_val_if_fail ((type == DBUS_TYPE_STRUCT &&
                              contained_signature == NULL) ||
+                            (type == DBUS_TYPE_DICT_ENTRY &&
+                             contained_signature == NULL) ||
                             contained_signature != NULL, FALSE);
+  _dbus_return_val_if_fail (type != DBUS_TYPE_DICT_ENTRY ||
+                            dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_ARRAY,
+                            FALSE);
+  
+#if 0
+  /* FIXME this would fail if the contained_signature is a dict entry,
+   * since dict entries are invalid signatures standalone (they must be in
+   * an array)
+   */
+  _dbus_return_val_if_fail (contained_signature == NULL ||
+                            _dbus_check_is_valid_signature (contained_signature));
+#endif
 
   if (!_dbus_message_iter_open_signature (real))
     return FALSE;
@@ -2881,9 +2937,12 @@ _dbus_message_loader_new (void)
   loader = dbus_new0 (DBusMessageLoader, 1);
   if (loader == NULL)
     return NULL;
-
+  
   loader->refcount = 1;
 
+  loader->corrupted = FALSE;
+  loader->corruption_reason = DBUS_VALID;
+  
   /* Try to cap message size at something that won't *totally* hose
    * the system if we have a couple of them.
    */
@@ -2967,13 +3026,6 @@ _dbus_message_loader_get_buffer (DBusMessageLoader  *loader,
 }
 
 /**
- * The smallest header size that can occur.  (It won't be valid due to
- * missing required header fields.) This is 4 bytes, two uint32, an
- * array length.
- */
-#define DBUS_MINIMUM_HEADER_SIZE 16
-
-/**
  * Returns a buffer obtained from _dbus_message_loader_get_buffer(),
  * indicating to the loader how many bytes of the buffer were filled
  * in. This function must always be called, even if no bytes were
@@ -3018,7 +3070,7 @@ _dbus_message_loader_return_buffer (DBusMessageLoader  *loader,
  * loader->data and only delete it occasionally, instead of after
  * each message is loaded.
  *
- * load_message() returns FALSE if not enough memory
+ * load_message() returns FALSE if not enough memory OR the loader was corrupted
  */
 static dbus_bool_t
 load_message (DBusMessageLoader *loader,
@@ -3032,7 +3084,10 @@ load_message (DBusMessageLoader *loader,
   DBusValidity validity;
   const DBusString *type_str;
   int type_pos;
+  DBusValidationMode mode;
 
+  mode = DBUS_VALIDATION_MODE_DATA_IS_UNTRUSTED;
+  
   oom = FALSE;
 
 #if 0
@@ -3043,18 +3098,24 @@ load_message (DBusMessageLoader *loader,
   _dbus_assert (_dbus_string_get_length (&message->header.data) == 0);
   _dbus_assert ((header_len + body_len) <= _dbus_string_get_length (&loader->data));
 
-  if (!_dbus_header_load_untrusted (&message->header,
-                                    &validity,
-                                    byte_order,
-                                    fields_array_len,
-                                    header_len,
-                                    body_len,
-                                    &loader->data, 0,
-                                    _dbus_string_get_length (&loader->data)))
+  if (!_dbus_header_load (&message->header,
+                          mode,
+                          &validity,
+                          byte_order,
+                          fields_array_len,
+                          header_len,
+                          body_len,
+                          &loader->data, 0,
+                          _dbus_string_get_length (&loader->data)))
     {
       _dbus_verbose ("Failed to load header for new message code %d\n", validity);
       if (validity == DBUS_VALID)
         oom = TRUE;
+      else
+        {
+          loader->corrupted = TRUE;
+          loader->corruption_reason = validity;
+        }
       goto failed;
     }
 
@@ -3063,23 +3124,29 @@ load_message (DBusMessageLoader *loader,
   message->byte_order = byte_order;
 
   /* 2. VALIDATE BODY */
-
-  get_const_signature (&message->header, &type_str, &type_pos);
-
-  /* Because the bytes_remaining arg is NULL, this validates that the
-   * body is the right length
-   */
-  validity = _dbus_validate_body_with_reason (type_str,
-                                              type_pos,
-                                              byte_order,
-                                              NULL,
-                                              &loader->data,
-                                              header_len,
-                                              body_len);
-  if (validity != DBUS_VALID)
+  if (mode != DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
     {
-      _dbus_verbose ("Failed to validate message body code %d\n", validity);
-      goto failed;
+      get_const_signature (&message->header, &type_str, &type_pos);
+      
+      /* Because the bytes_remaining arg is NULL, this validates that the
+       * body is the right length
+       */
+      validity = _dbus_validate_body_with_reason (type_str,
+                                                  type_pos,
+                                                  byte_order,
+                                                  NULL,
+                                                  &loader->data,
+                                                  header_len,
+                                                  body_len);
+      if (validity != DBUS_VALID)
+        {
+          _dbus_verbose ("Failed to validate message body code %d\n", validity);
+
+          loader->corrupted = TRUE;
+          loader->corruption_reason = validity;
+          
+          goto failed;
+        }
     }
 
   /* 3. COPY OVER BODY AND QUEUE MESSAGE */
@@ -3111,6 +3178,8 @@ load_message (DBusMessageLoader *loader,
 
   _dbus_assert (!oom);
   _dbus_assert (!loader->corrupted);
+  _dbus_assert (loader->messages != NULL);
+  _dbus_assert (_dbus_list_find_last (&loader->messages, message) != NULL);
 
   return TRUE;
 
@@ -3120,13 +3189,15 @@ load_message (DBusMessageLoader *loader,
 
   /* does nothing if the message isn't in the list */
   _dbus_list_remove_last (&loader->messages, message);
-
-  if (!oom)
-    loader->corrupted = TRUE;
+  
+  if (oom)
+    _dbus_assert (!loader->corrupted);
+  else
+    _dbus_assert (loader->corrupted);
 
   _dbus_verbose_bytes_of_string (&loader->data, 0, _dbus_string_get_length (&loader->data));
 
-  return !oom;
+  return FALSE;
 }
 
 /**
@@ -3174,15 +3245,24 @@ _dbus_message_loader_queue_messages (DBusMessageLoader *loader)
                              header_len, body_len))
             {
               dbus_message_unref (message);
-              return FALSE;
+              /* load_message() returns false if corrupted or OOM; if
+               * corrupted then return TRUE for not OOM
+               */
+              return loader->corrupted;
             }
+
+          _dbus_assert (loader->messages != NULL);
+          _dbus_assert (_dbus_list_find_last (&loader->messages, message) != NULL);
        }
       else
         {
           _dbus_verbose ("Initial peek at header says we don't have a whole message yet, or data broken with invalid code %d\n",
                          validity);
           if (validity != DBUS_VALID)
-            loader->corrupted = TRUE;
+            {
+              loader->corrupted = TRUE;
+              loader->corruption_reason = validity;
+            }
           return TRUE;
         }
     }
@@ -3259,6 +3339,8 @@ _dbus_message_loader_putback_message_link (DBusMessageLoader  *loader,
 dbus_bool_t
 _dbus_message_loader_get_is_corrupted (DBusMessageLoader *loader)
 {
+  _dbus_assert ((loader->corrupted && loader->corruption_reason != DBUS_VALID) ||
+                (!loader->corrupted && loader->corruption_reason == DBUS_VALID));
   return loader->corrupted;
 }