fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-05-05 22:48:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

2005-02-06 Havoc Pennington <hp@redhat.com>

Browse source 
* dbus/dbus-message-factory.c (generate_special): more tests

	* dbus/dbus-marshal-validate.c (validate_body_helper): detect
	array length that exceeds the maximum
This commit is contained in:
Havoc Pennington 2005-02-06 05:19:50 +00:00
parent 8f04e1e01f
commit 96a4751632
5 changed files with 182 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ChangeLog
View file

@ -1,3 +1,10 @@
2005-02-06 Havoc Pennington <hp@redhat.com>
* dbus/dbus-message-factory.c (generate_special): more tests
* dbus/dbus-marshal-validate.c (validate_body_helper): detect
array length that exceeds the maximum
2005-02-05 Havoc Pennington <hp@redhat.com>
* dbus/dbus-message-factory.c (generate_special): more test cases,

7
dbus/dbus-marshal-basic.c
View file

@ -577,8 +577,8 @@ _dbus_marshal_read_basic (const DBusString *str,
}
break;
default:
_dbus_warn ("type %s not a basic type\n",
_dbus_type_to_string (type));
_dbus_warn ("type %s %d not a basic type\n",
_dbus_type_to_string (type), type);
_dbus_assert_not_reached ("not a basic type");
break;
}
@ -757,6 +757,9 @@ marshal_len_followed_by_bytes (int marshal_as,
if (marshal_as == MARSHAL_AS_SIGNATURE)
{
_dbus_assert (data_len <= DBUS_MAXIMUM_SIGNATURE_LENGTH);
_dbus_assert (data_len <= 255); /* same as max sig len right now */
if (!_dbus_string_insert_byte (str, pos, data_len))
goto oom;

5
dbus/dbus-marshal-validate.c
View file

@ -266,7 +266,7 @@ validate_body_helper (DBusTypeReader *reader,
}
if (claimed_len > (unsigned long) (end - p))
return DBUS_INVALID_STRING_LENGTH_OUT_OF_BOUNDS;
return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
if (current_type == DBUS_TYPE_OBJECT_PATH)
{
@ -294,6 +294,9 @@ validate_body_helper (DBusTypeReader *reader,
DBusValidity validity;
const unsigned char *array_end;
if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
/* Remember that the reader is types only, so we can't
* use it to iterate over elements. It stays the same
* for all elements.

45
dbus/dbus-marshal-validate.h
View file

@ -55,7 +55,9 @@ typedef enum
DBUS_VALID = 0,
DBUS_INVALID_UNKNOWN_TYPECODE = 1,
DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE = 2,
DBUS_INVALID_SIGNATURE_TOO_LONG = 3,
DBUS_INVALID_SIGNATURE_TOO_LONG = 3, /* this one is impossible right now since
* you can't put a too-long value in a byte
*/
DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION = 4,
DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION = 5,
DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED = 6,
@ -87,27 +89,26 @@ typedef enum
DBUS_INVALID_MISSING_MEMBER = 32,
DBUS_INVALID_MISSING_ERROR_NAME = 33,
DBUS_INVALID_MISSING_REPLY_SERIAL = 34,
DBUS_INVALID_STRING_LENGTH_OUT_OF_BOUNDS = 35,
DBUS_INVALID_ARRAY_LENGTH_OUT_OF_BOUNDS = 36,
DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM = 37,
DBUS_INVALID_BAD_PATH = 38,
DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 39,
DBUS_INVALID_BAD_UTF8_IN_STRING = 40,
DBUS_INVALID_ARRAY_LENGTH_INCORRECT = 41,
DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 42,
DBUS_INVALID_VARIANT_SIGNATURE_BAD = 43,
DBUS_INVALID_VARIANT_SIGNATURE_EMPTY = 44,
DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES = 45,
DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL = 46,
DBUS_INVALID_STRING_MISSING_NUL = 47,
DBUS_INVALID_SIGNATURE_MISSING_NUL = 48,
DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION = 49,
DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED = 50,
DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED = 51,
DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS = 52,
DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD = 53,
DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 54,
DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 55,
DBUS_INVALID_LENGTH_OUT_OF_BOUNDS = 35,
DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM = 36,
DBUS_INVALID_BAD_PATH = 37,
DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 38,
DBUS_INVALID_BAD_UTF8_IN_STRING = 39,
DBUS_INVALID_ARRAY_LENGTH_INCORRECT = 40,
DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 41,
DBUS_INVALID_VARIANT_SIGNATURE_BAD = 42,
DBUS_INVALID_VARIANT_SIGNATURE_EMPTY = 43,
DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES = 44,
DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL = 45,
DBUS_INVALID_STRING_MISSING_NUL = 46,
DBUS_INVALID_SIGNATURE_MISSING_NUL = 47,
DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION = 48,
DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED = 49,
DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED = 50,
DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS = 51,
DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD = 52,
DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 53,
DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 54,
DBUS_VALIDITY_LAST
} DBusValidity;

145
dbus/dbus-message-factory.c
View file

@ -315,6 +315,22 @@ simple_method_return (void)
return message;
}
static DBusMessage*
simple_error (void)
{
DBusMessage *message;
message = dbus_message_new (DBUS_MESSAGE_TYPE_ERROR);
if (message == NULL)
_dbus_assert_not_reached ("oom");
if (!dbus_message_set_error_name (message, "foo.bar"))
_dbus_assert_not_reached ("oom");
set_reply_serial (message);
return message;
}
static dbus_bool_t
generate_special (DBusMessageDataIter *iter,
DBusString *data,
@ -354,7 +370,7 @@ generate_special (DBusMessageDataIter *iter,
}
else if (item_seq == 1)
{
char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH+1];
char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH+2];
const char *v_STRING;
int i;
@ -372,6 +388,7 @@ generate_special (DBusMessageDataIter *iter,
long_sig[i] = DBUS_TYPE_ARRAY;
++i;
}
long_sig[i] = DBUS_TYPE_INVALID;
v_STRING = long_sig;
if (!_dbus_header_set_field_basic (&message->header,
@ -389,7 +406,7 @@ generate_special (DBusMessageDataIter *iter,
}
else if (item_seq == 2)
{
char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2+3];
char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2+4];
const char *v_STRING;
int i;
@ -416,6 +433,7 @@ generate_special (DBusMessageDataIter *iter,
long_sig[i] = DBUS_STRUCT_END_CHAR;
++i;
}
long_sig[i] = DBUS_TYPE_INVALID;
v_STRING = long_sig;
if (!_dbus_header_set_field_basic (&message->header,
@ -592,6 +610,129 @@ generate_special (DBusMessageDataIter *iter,
*expected_validity = DBUS_INVALID_MISSING_REPLY_SERIAL;
}
else if (item_seq == 15)
{
message = simple_error ();
if (!dbus_message_set_error_name (message, NULL))
_dbus_assert_not_reached ("oom");
generate_from_message (data, expected_validity, message);
*expected_validity = DBUS_INVALID_MISSING_ERROR_NAME;
}
else if (item_seq == 16)
{
char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*3+6];
const char *v_STRING;
int i;
int n_begins;
message = simple_method_call ();
if (!dbus_message_append_args (message,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INVALID))
_dbus_assert_not_reached ("oom");
i = 0;
while (i <= (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2 + 2))
{
long_sig[i] = DBUS_TYPE_ARRAY;
++i;
long_sig[i] = DBUS_DICT_ENTRY_BEGIN_CHAR;
++i;
}
n_begins = i / 2;
long_sig[i] = DBUS_TYPE_INT32;
++i;
long_sig[i] = DBUS_TYPE_INT32;
++i;
while (n_begins > 0)
{
long_sig[i] = DBUS_DICT_ENTRY_END_CHAR;
++i;
n_begins -= 1;
}
long_sig[i] = DBUS_TYPE_INVALID;
v_STRING = long_sig;
if (!_dbus_header_set_field_basic (&message->header,
DBUS_HEADER_FIELD_SIGNATURE,
DBUS_TYPE_SIGNATURE,
&v_STRING))
_dbus_assert_not_reached ("oom");
_dbus_header_get_field_raw (&message->header,
DBUS_HEADER_FIELD_SIGNATURE,
NULL, &pos);
generate_from_message (data, expected_validity, message);
*expected_validity = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
}
else if (item_seq == 17)
{
message = simple_method_call ();
if (!dbus_message_append_args (message,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INVALID))
_dbus_assert_not_reached ("oom");
_dbus_header_get_field_raw (&message->header,
DBUS_HEADER_FIELD_SIGNATURE,
NULL, &pos);
generate_from_message (data, expected_validity, message);
_dbus_string_set_byte (data, pos + 1, DBUS_TYPE_ARRAY);
_dbus_string_set_byte (data, pos + 2, DBUS_DICT_ENTRY_BEGIN_CHAR);
*expected_validity = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
}
else if (item_seq == 18)
{
message = simple_method_call ();
if (!dbus_message_append_args (message,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INVALID))
_dbus_assert_not_reached ("oom");
_dbus_header_get_field_raw (&message->header,
DBUS_HEADER_FIELD_SIGNATURE,
NULL, &pos);
generate_from_message (data, expected_validity, message);
_dbus_string_set_byte (data, pos + 1, DBUS_DICT_ENTRY_END_CHAR);
*expected_validity = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
}
else if (item_seq == 19)
{
message = simple_method_call ();
if (!dbus_message_append_args (message,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INT32, &v_INT32,
DBUS_TYPE_INVALID))
_dbus_assert_not_reached ("oom");
_dbus_header_get_field_raw (&message->header,
DBUS_HEADER_FIELD_SIGNATURE,
NULL, &pos);
generate_from_message (data, expected_validity, message);
_dbus_string_set_byte (data, pos + 1, DBUS_TYPE_ARRAY);
_dbus_string_set_byte (data, pos + 2, DBUS_DICT_ENTRY_BEGIN_CHAR);
_dbus_string_set_byte (data, pos + 3, DBUS_DICT_ENTRY_END_CHAR);
*expected_validity = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
}
else
{
return FALSE;