2005-01-21 Havoc Pennington <hp@redhat.com>
+ * dbus/dbus-bus.c: add more return_if_fail checks
+
+ * dbus/dbus-message.c (load_message): have the "no validation"
+ mode (have to edit the code to toggle the mode for now though)
+
+ * dbus/dbus-marshal-header.c (_dbus_header_load): have a mode that
+ skips all validation; I want to use this at least for benchmark
+ baseline, I'm not sure if it should be a publicly-available switch.
+
+2005-01-21 Havoc Pennington <hp@redhat.com>
+
* glib/dbus-gmain.c: don't put the GLib bindings in the same
toplevel doxygen group as the low-level API stuff
_dbus_return_val_if_fail (connection != NULL, DBUS_UID_UNSET);
_dbus_return_val_if_fail (name != NULL, DBUS_UID_UNSET);
+ _dbus_return_val_if_fail (_dbus_check_is_valid_bus_name (name), DBUS_UID_UNSET);
_dbus_return_val_if_error_is_set (error, DBUS_UID_UNSET);
message = dbus_message_new_method_call (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
_dbus_return_val_if_fail (connection != NULL, 0);
_dbus_return_val_if_fail (name != NULL, 0);
+ _dbus_return_val_if_fail (_dbus_check_is_valid_bus_name (name), 0);
_dbus_return_val_if_error_is_set (error, 0);
message = dbus_message_new_method_call (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
_dbus_return_val_if_fail (connection != NULL, FALSE);
_dbus_return_val_if_fail (name != NULL, FALSE);
+ _dbus_return_val_if_fail (_dbus_check_is_valid_bus_name (name), FALSE);
_dbus_return_val_if_error_is_set (error, FALSE);
message = dbus_message_new_method_call (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
DBusMessage *msg;
DBusMessage *reply;
+ _dbus_return_val_if_fail (connection != NULL, FALSE);
+ _dbus_return_val_if_fail (_dbus_check_is_valid_bus_name (name), FALSE);
+
msg = dbus_message_new_method_call (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
DBUS_PATH_ORG_FREEDESKTOP_DBUS,
DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS,
{
DBusMessage *msg;
+ _dbus_return_if_fail (rule != NULL);
+
msg = dbus_message_new_method_call (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
DBUS_PATH_ORG_FREEDESKTOP_DBUS,
DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS,
{
DBusMessage *msg;
+ _dbus_return_if_fail (rule != NULL);
+
msg = dbus_message_new_method_call (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
DBUS_PATH_ORG_FREEDESKTOP_DBUS,
DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS,
}
/**
- * Creates a message header from untrusted data. The return value
- * is #TRUE if there was enough memory and the data was valid. If it
- * returns #TRUE, the header will be created. If it returns #FALSE
- * and *validity == #DBUS_VALID, then there wasn't enough memory. If
- * it returns #FALSE and *validity != #DBUS_VALID then the data was
- * invalid.
+ * Creates a message header from potentially-untrusted data. The
+ * return value is #TRUE if there was enough memory and the data was
+ * valid. If it returns #TRUE, the header will be created. If it
+ * returns #FALSE and *validity == #DBUS_VALID, then there wasn't
+ * enough memory. If it returns #FALSE and *validity != #DBUS_VALID
+ * then the data was invalid.
*
* The byte_order, fields_array_len, and body_len args should be from
* _dbus_header_have_message_untrusted(). Validation performed in
* already done.
*
* @param header the header (must be initialized)
+ * @param mode whether to do validation
* @param validity return location for invalidity reason
* @param byte_order byte order from header
* @param fields_array_len claimed length of fields array
* @returns #FALSE if no memory or data was invalid, #TRUE otherwise
*/
dbus_bool_t
-_dbus_header_load_untrusted (DBusHeader *header,
- DBusValidity *validity,
- int byte_order,
- int fields_array_len,
- int header_len,
- int body_len,
- const DBusString *str,
- int start,
- int len)
+_dbus_header_load (DBusHeader *header,
+ DBusValidationMode mode,
+ DBusValidity *validity,
+ int byte_order,
+ int fields_array_len,
+ int header_len,
+ int body_len,
+ const DBusString *str,
+ int start,
+ int len)
{
int leftover;
DBusValidity v;
return FALSE;
}
- v = _dbus_validate_body_with_reason (&_dbus_header_signature_str, 0,
- byte_order,
- &leftover,
- str, start, len);
-
- if (v != DBUS_VALID)
+ if (mode == DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
{
- *validity = v;
- goto invalid;
+ leftover = len - header_len - body_len - start;
+ }
+ else
+ {
+ v = _dbus_validate_body_with_reason (&_dbus_header_signature_str, 0,
+ byte_order,
+ &leftover,
+ str, start, len);
+
+ if (v != DBUS_VALID)
+ {
+ *validity = v;
+ goto invalid;
+ }
}
_dbus_assert (leftover < len);
_dbus_assert (start + header_len == (int) _DBUS_ALIGN_VALUE (padding_start, 8));
_dbus_assert (start + header_len == padding_start + padding_len);
- if (!_dbus_string_validate_nul (str, padding_start, padding_len))
+ if (mode != DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
{
- *validity = DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
- goto invalid;
+ if (!_dbus_string_validate_nul (str, padding_start, padding_len))
+ {
+ *validity = DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
+ goto invalid;
+ }
}
header->padding = padding_len;
+ if (mode == DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
+ {
+ *validity = DBUS_VALID;
+ return TRUE;
+ }
+
/* We now know the data is well-formed, but we have to check that
* it's valid.
*/
const DBusString *str,
int start,
int len);
-dbus_bool_t _dbus_header_load_untrusted (DBusHeader *header,
+dbus_bool_t _dbus_header_load (DBusHeader *header,
+ DBusValidationMode mode,
DBusValidity *validity,
int byte_order,
int fields_array_len,
#endif
/**
+ * This is used rather than a bool for high visibility
+ */
+typedef enum
+{
+ DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY,
+ DBUS_VALIDATION_MODE_DATA_IS_UNTRUSTED
+} DBusValidationMode;
+
+/**
* This is primarily used in unit testing, so we can verify that each
* invalid message is invalid for the expected reasons. Thus we really
* want a distinct enum value for every codepath leaving the validator
DBusValidity validity;
const DBusString *type_str;
int type_pos;
+ DBusValidationMode mode;
+ mode = DBUS_VALIDATION_MODE_DATA_IS_UNTRUSTED;
+
oom = FALSE;
#if 0
_dbus_assert (_dbus_string_get_length (&message->header.data) == 0);
_dbus_assert ((header_len + body_len) <= _dbus_string_get_length (&loader->data));
- if (!_dbus_header_load_untrusted (&message->header,
- &validity,
- byte_order,
- fields_array_len,
- header_len,
- body_len,
- &loader->data, 0,
- _dbus_string_get_length (&loader->data)))
+ if (!_dbus_header_load (&message->header,
+ mode,
+ &validity,
+ byte_order,
+ fields_array_len,
+ header_len,
+ body_len,
+ &loader->data, 0,
+ _dbus_string_get_length (&loader->data)))
{
_dbus_verbose ("Failed to load header for new message code %d\n", validity);
if (validity == DBUS_VALID)
message->byte_order = byte_order;
/* 2. VALIDATE BODY */
-
- get_const_signature (&message->header, &type_str, &type_pos);
-
- /* Because the bytes_remaining arg is NULL, this validates that the
- * body is the right length
- */
- validity = _dbus_validate_body_with_reason (type_str,
- type_pos,
- byte_order,
- NULL,
- &loader->data,
- header_len,
- body_len);
- if (validity != DBUS_VALID)
+ if (mode != DBUS_VALIDATION_MODE_WE_TRUST_THIS_DATA_ABSOLUTELY)
{
- _dbus_verbose ("Failed to validate message body code %d\n", validity);
- goto failed;
+ get_const_signature (&message->header, &type_str, &type_pos);
+
+ /* Because the bytes_remaining arg is NULL, this validates that the
+ * body is the right length
+ */
+ validity = _dbus_validate_body_with_reason (type_str,
+ type_pos,
+ byte_order,
+ NULL,
+ &loader->data,
+ header_len,
+ body_len);
+ if (validity != DBUS_VALID)
+ {
+ _dbus_verbose ("Failed to validate message body code %d\n", validity);
+ goto failed;
+ }
}
/* 3. COPY OVER BODY AND QUEUE MESSAGE */
echo "Checking out to directory "`pwd`
-#cvs co dbus || die "failed to cvs update"
-
-cd dbus
+/bin/rm -rf dbus/doc || true ## get rid of old doxygen, etc.
+cvs co dbus || die "failed to cvs update"
+cd dbus || die "could not cd to dbus"
echo "Configuring and building docs"
projects / platform / upstream / dbus.git / commitdiff