From 32e5cab56a6707cf897f918999720ff7e455255e Mon Sep 17 00:00:00 2001
From: Chengwei Yang <chengwei.yang@intel.com>
Date: Sat, 29 Jun 2013 11:56:20 +0800
Subject: [PATCH] Fix: a non ascii byte will trigger BadAddress error

If a byte in DBusString *unescaped isn't a ascii byte, which will be
cast to char (signed char on most of platform), so that's the issue
unsigned char cast to signed char. e.g. "\303\266" is a valid unicode
character, if everything goes right, it will be escaped to "%c3%b6".
However, in fact, it escaped to "%<garbage-byte>3%<garbage-byte>6".

_dbus_string_append_byte_as_hex() take an int parameter, so negative
byte is valid, but cause get a negative index in array. So garbage value
will get. e.g. '\303' --> hexdigits[((signed byte)(-61)) >> 4] is
hexdigits[-4].

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499
Sgne-off-by: Chengwei Yang <chengwei.yang@intel.com>
[fixed whitespace -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
---
 dbus/dbus-address.c | 6 +++---
 dbus/dbus-string.c  | 2 +-
 dbus/dbus-string.h  | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dbus/dbus-address.c b/dbus/dbus-address.c
index 90484dc..f3d48d0 100644
--- a/dbus/dbus-address.c
+++ b/dbus/dbus-address.c
@@ -104,15 +104,15 @@ dbus_bool_t
 _dbus_address_append_escaped (DBusString       *escaped,
                               const DBusString *unescaped)
 {
-  const char *p;
-  const char *end;
+  const unsigned char *p;
+  const unsigned char *end;
   dbus_bool_t ret;
   int orig_len;
 
   ret = FALSE;
 
   orig_len = _dbus_string_get_length (escaped);
-  p = _dbus_string_get_const_data (unescaped);
+  p = (const unsigned char *) _dbus_string_get_const_data (unescaped);
   end = p + _dbus_string_get_length (unescaped);
   while (p != end)
     {
diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c
index 52eb0f2..0f63612 100644
--- a/dbus/dbus-string.c
+++ b/dbus/dbus-string.c
@@ -2228,7 +2228,7 @@ _dbus_string_starts_with_c_str (const DBusString *a,
  */
 dbus_bool_t
 _dbus_string_append_byte_as_hex (DBusString *str,
-                                 int         byte)
+                                 unsigned char byte)
 {
   const char hexdigits[16] = {
     '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
diff --git a/dbus/dbus-string.h b/dbus/dbus-string.h
index 4ef59db..86fb8c3 100644
--- a/dbus/dbus-string.h
+++ b/dbus/dbus-string.h
@@ -259,7 +259,7 @@ void          _dbus_string_delete_first_word     (DBusString        *str);
 void          _dbus_string_delete_leading_blanks (DBusString        *str);
 void          _dbus_string_chop_white            (DBusString        *str); 
 dbus_bool_t   _dbus_string_append_byte_as_hex    (DBusString        *str,
-                                                  int                byte);
+                                                  unsigned char      byte);
 dbus_bool_t   _dbus_string_hex_encode            (const DBusString  *source,
                                                   int                start,
                                                   DBusString        *dest,
-- 
2.7.4