kdbus: assure that GVariant footer is not split 64/131364/3 accepted/tizen/unified/20170608.184708 submit/tizen/20170608.074009
authorAdrian Szyndela <adrian.s@samsung.com>
Fri, 26 May 2017 14:16:22 +0000 (16:16 +0200)
committerHyotaek Shim <hyotaek.shim@samsung.com>
Wed, 7 Jun 2017 14:10:52 +0000 (14:10 +0000)
Change-Id: I4a92adaf91c3205274be5d87302908ad35cb2dbf

dbus/dbus-transport-kdbus.c

index b4cc0e13b55fd7ecf1abc6e30e5183219971c0b3..b8aa0f4201b41a2cab7176184ca1bee468cea852 100755 (executable)
@@ -826,6 +826,29 @@ kdbus_write_msg_internal (DBusTransportKdbus  *transport,
   if (body_size > 0)
     {
       const char* body_data = _dbus_string_get_const_data (body);
+      size_t body_offsets_size;
+      const char *footer_ptr;
+
+      /* determine body offsets size */
+      if (ret_size <= 0xFF)
+        body_offsets_size = 1;
+      else if (ret_size <= 0xFFFF)
+        body_offsets_size = 2;
+      else if (ret_size <= 0xFFFFFFFF)
+        body_offsets_size = 4;
+      else
+        body_offsets_size = 8;
+
+      /* check footer size */
+      footer_ptr = body_data + body_size - body_offsets_size -1;
+      while (footer_ptr >= body_data && (*footer_ptr) != 0)
+        footer_ptr--;
+
+      if (footer_ptr < body_data)
+        {
+          ret_size = -1;
+          goto out;
+        }
 
 #ifdef DBUS_ENABLE_VERBOSE_MODE
       if (-1 != debug)
@@ -837,31 +860,6 @@ kdbus_write_msg_internal (DBusTransportKdbus  *transport,
 
       if (memfd >= 0)
         {
-
-          size_t body_offsets_size;
-         const char *footer_ptr;
-
-          /* determine body offsets size */
-          if (ret_size <= 0xFF)
-            body_offsets_size = 1;
-          else if (ret_size <= 0xFFFF)
-            body_offsets_size = 2;
-          else if (ret_size <= 0xFFFFFFFF)
-            body_offsets_size = 4;
-          else
-            body_offsets_size = 8;
-
-          /* check footer size */
-          footer_ptr = body_data + body_size - body_offsets_size -1;
-          while (footer_ptr >= body_data && (*footer_ptr) != 0)
-            footer_ptr--;
-
-          if (footer_ptr < body_data)
-            {
-              ret_size = -1;
-              goto out;
-            }
-
           /* prepare memfd for body */
           if (prepare_mfd (memfd,
                            body_data,
@@ -871,13 +869,13 @@ kdbus_write_msg_internal (DBusTransportKdbus  *transport,
               goto out;
             }
 
-         /* body */
+      /* body */
           item = _kdbus_item_add_payload_memfd (item,
                                                 0,
                                                 (footer_ptr - body_data) * sizeof(char),
                                                 memfd);
 
-         /* footer */
+      /* footer */
           item = _kdbus_item_add_payload_vec (item,
                                               (body_data + body_size - footer_ptr) * sizeof(char),
                                               (uintptr_t)footer_ptr);
@@ -891,6 +889,10 @@ kdbus_write_msg_internal (DBusTransportKdbus  *transport,
               if (part_size > KDBUS_MSG_MAX_PAYLOAD_VEC_SIZE)
                   part_size = KDBUS_MSG_MAX_PAYLOAD_VEC_SIZE;
 
+              /* we need to adjust part size if footer does not fit as a whole */
+              if (body_size - part_size > 0 && footer_ptr < (body_data + part_size))
+                  part_size = footer_ptr - body_data;
+
               _dbus_verbose ("attaching body part\n");
               item = _kdbus_item_add_payload_vec (item,
                                                   part_size,