* bus/driver.c (bus_driver_handle_acquire_service): init
retval/reply before checking name
* dbus/dbus-marshal.c (_dbus_marshal_validate_arg): add a
recursion depth argument
* dbus/dbus-message.h (struct DBusMessageIter): put some padding
in the public struct for future extension
* dbus/dbus-message-builder.c (_dbus_message_data_load): fix
typo
* dbus/dbus-marshal.c (_dbus_marshal_validate_arg): fix a verbose
message
* doc/dbus-specification.sgml: fix typo
+2003-04-08 Havoc Pennington <hp@redhat.com>
+
+ * bus/driver.c (bus_driver_handle_acquire_service): init
+ retval/reply before checking name
+
+ * dbus/dbus-marshal.c (_dbus_marshal_validate_arg): add a
+ recursion depth argument
+
+ * dbus/dbus-message.h (struct DBusMessageIter): put some padding
+ in the public struct for future extension
+
+ * dbus/dbus-message-builder.c (_dbus_message_data_load): fix
+ typo
+
+ * dbus/dbus-marshal.c (_dbus_marshal_validate_arg): fix a verbose
+ message
+
+ * doc/dbus-specification.sgml: fix typo
+
2003-04-08 Alexander Larsson <alexl@redhat.com>
Implemented recursive types, named types and new-style iters
2003-04-08 Alexander Larsson <alexl@redhat.com>
Implemented recursive types, named types and new-style iters
return FALSE;
_dbus_verbose ("Trying to own service %s with flags 0x%x\n", name, flags);
return FALSE;
_dbus_verbose ("Trying to own service %s with flags 0x%x\n", name, flags);
+
+ retval = FALSE;
+ reply = NULL;
+
if (*name == ':')
{
/* Not allowed; only base services can start with ':' */
if (*name == ':')
{
/* Not allowed; only base services can start with ':' */
-
- retval = FALSE;
- reply = NULL;
_dbus_string_init_const (&service_name, name);
_dbus_string_init_const (&service_name, name);
* returns #TRUE if a valid arg begins at "pos"
*
* @todo security: need to audit this function.
* returns #TRUE if a valid arg begins at "pos"
*
* @todo security: need to audit this function.
+ *
+ * @todo For array types that can't be invalid, we should not
+ * walk the whole array validating it. e.g. just skip all the
+ * int values in an int array.
*
* @param str a string
* @param byte_order the byte order to use
*
* @param str a string
* @param byte_order the byte order to use
+ * @param depth current recursion depth, to prevent excessive recursion
* @param type the type of the argument
* @param pos the pos where the arg starts
* @param end_pos pointer where the position right
* @param type the type of the argument
* @param pos the pos where the arg starts
* @param end_pos pointer where the position right
dbus_bool_t
_dbus_marshal_validate_arg (const DBusString *str,
int byte_order,
dbus_bool_t
_dbus_marshal_validate_arg (const DBusString *str,
int byte_order,
int type,
int pos,
int *end_pos)
{
if (pos > _dbus_string_get_length (str))
int type,
int pos,
int *end_pos)
{
if (pos > _dbus_string_get_length (str))
+ {
+ _dbus_verbose ("Validation went off the end of the message\n");
+ return FALSE;
+ }
+#define MAX_VALIDATION_DEPTH 32
+
+ if (depth > MAX_VALIDATION_DEPTH)
+ {
+ _dbus_verbose ("Maximum recursion depth reached validating message\n");
+ return FALSE;
+ }
+
switch (type)
{
case DBUS_TYPE_INVALID:
switch (type)
{
case DBUS_TYPE_INVALID:
case DBUS_TYPE_BYTE:
if (1 > _dbus_string_get_length (str) - pos)
{
case DBUS_TYPE_BYTE:
if (1 > _dbus_string_get_length (str) - pos)
{
- _dbus_verbose ("no room for boolean value\n");
+ _dbus_verbose ("no room for byte value\n");
- if (!_dbus_marshal_validate_arg (str, byte_order,
+ if (!_dbus_marshal_validate_arg (str, byte_order, depth + 1,
array_type, pos, &pos))
return FALSE;
}
array_type, pos, &pos))
return FALSE;
}
while (pos < end)
{
/* Validate name */
while (pos < end)
{
/* Validate name */
- if (!_dbus_marshal_validate_arg (str, byte_order,
+ if (!_dbus_marshal_validate_arg (str, byte_order, depth + 1,
DBUS_TYPE_STRING, pos, &pos))
return FALSE;
DBUS_TYPE_STRING, pos, &pos))
return FALSE;
- if (!_dbus_marshal_validate_arg (str, byte_order,
+ if (!_dbus_marshal_validate_arg (str, byte_order, depth + 1,
dict_type, pos, &pos))
return FALSE;
}
dict_type, pos, &pos))
return FALSE;
}
int *type,
int *end_pos);
dbus_bool_t _dbus_marshal_validate_arg (const DBusString *str,
int *type,
int *end_pos);
dbus_bool_t _dbus_marshal_validate_arg (const DBusString *str,
int byte_order,
int type,
int pos,
int byte_order,
int type,
int pos,
values = dbus_realloc (values, allocated * sizeof (unsigned char));
if (!values)
{
values = dbus_realloc (values, allocated * sizeof (unsigned char));
if (!values)
{
- _dbus_warn ("could not allocate memory for BOOLEAN_ARRAY\n");
+ _dbus_warn ("could not allocate memory for BYTE_ARRAY\n");
+#ifdef DBUS_BUILD_TESTS
+/* This isn't used, but building it when tests are enabled just to
+ * keep it compiling if we need it in future
+ */
static void
delete_int_field (DBusMessage *message,
int field)
static void
delete_int_field (DBusMessage *message,
int field)
append_header_padding (message);
}
append_header_padding (message);
}
static void
delete_string_field (DBusMessage *message,
static void
delete_string_field (DBusMessage *message,
DBusMessageIter *iter)
{
DBusMessageRealIter *real = (DBusMessageRealIter *)iter;
DBusMessageIter *iter)
{
DBusMessageRealIter *real = (DBusMessageRealIter *)iter;
+
+ _dbus_assert (sizeof (DBusMessageRealIter) <= sizeof (DBusMessageIter));
real->message = message;
real->parent_iter = NULL;
real->message = message;
real->parent_iter = NULL;
/**
* Returns the name and data from a named type that an
/**
* Returns the name and data from a named type that an
- * iterator may point to.Note that you need to check that
+ * iterator may point to. Note that you need to check that
* the iterator points to a named type before using this
* function.
*
* the iterator points to a named type before using this
* function.
*
- if (!_dbus_marshal_validate_arg (data, byte_order, type, pos, &new_pos))
+ if (!_dbus_marshal_validate_arg (data, byte_order, 0, type, pos, &new_pos))
{
_dbus_verbose ("Failed to validate argument to named header field\n");
return FALSE;
{
_dbus_verbose ("Failed to validate argument to named header field\n");
return FALSE;
if (!_dbus_marshal_validate_arg (&loader->data,
byte_order,
if (!_dbus_marshal_validate_arg (&loader->data,
byte_order,
type,
next_arg,
&next_arg))
type,
next_arg,
&next_arg))
str = dbus_message_iter_get_string (iter);
if (str == NULL)
{
str = dbus_message_iter_get_string (iter);
if (str == NULL)
{
- _dbus_warn ("NULL string int message\n");
+ _dbus_warn ("NULL string in message\n");
return FALSE;
}
dbus_free (str);
return FALSE;
}
dbus_free (str);
const char *name2;
const dbus_uint32_t our_int32_array[] = { 0x12345678, 0x23456781, 0x34567812, 0x45678123 };
const char *name2;
const dbus_uint32_t our_int32_array[] = { 0x12345678, 0x23456781, 0x34567812, 0x45678123 };
-
- _dbus_assert (sizeof (DBusMessageRealIter) == sizeof (DBusMessageIter));
+ _dbus_assert (sizeof (DBusMessageRealIter) <= sizeof (DBusMessageIter));
/* Test the vararg functions */
message = dbus_message_new ("org.freedesktop.DBus.Test", "testMessage");
/* Test the vararg functions */
message = dbus_message_new ("org.freedesktop.DBus.Test", "testMessage");
int dummy8;
int dummy9;
int dummy10;
int dummy8;
int dummy9;
int dummy10;
+ int pad1;
+ int pad2;
+ void *pad3;
<entry>a byte giving the element type of the array followed
by an UINT32 (aligned to 4 bytes) giving the length of the
array data in bytes. This is then followed by a number of
<entry>a byte giving the element type of the array followed
by an UINT32 (aligned to 4 bytes) giving the length of the
array data in bytes. This is then followed by a number of
- entires with the same type, encoded like that type normally
+ entries with the same type, encoded like that type normally
would be encoded alone.
</entry>
</row><row>
would be encoded alone.
</entry>
</row><row>