dbus/dbus dbus-marshal-basic.c, 1.23, 1.24 dbus-marshal-validate.c,
1.16, 1.17 dbus-marshal-validate.h, 1.9,
1.10 dbus-message-factory.c, 1.5, 1.6
Havoc Pennington
hp at freedesktop.org
Sat Feb 5 21:19:52 PST 2005
Update of /cvs/dbus/dbus/dbus
In directory gabe:/tmp/cvs-serv10398/dbus
Modified Files:
dbus-marshal-basic.c dbus-marshal-validate.c
dbus-marshal-validate.h dbus-message-factory.c
Log Message:
2005-02-06 Havoc Pennington <hp at redhat.com>
* dbus/dbus-message-factory.c (generate_special): more tests
* dbus/dbus-marshal-validate.c (validate_body_helper): detect
array length that exceeds the maximum
Index: dbus-marshal-basic.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-marshal-basic.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- dbus-marshal-basic.c 28 Jan 2005 05:30:53 -0000 1.23
+++ dbus-marshal-basic.c 6 Feb 2005 05:19:50 -0000 1.24
@@ -577,8 +577,8 @@
}
break;
default:
- _dbus_warn ("type %s not a basic type\n",
- _dbus_type_to_string (type));
+ _dbus_warn ("type %s %d not a basic type\n",
+ _dbus_type_to_string (type), type);
_dbus_assert_not_reached ("not a basic type");
break;
}
@@ -757,6 +757,9 @@
if (marshal_as == MARSHAL_AS_SIGNATURE)
{
+ _dbus_assert (data_len <= DBUS_MAXIMUM_SIGNATURE_LENGTH);
+ _dbus_assert (data_len <= 255); /* same as max sig len right now */
+
if (!_dbus_string_insert_byte (str, pos, data_len))
goto oom;
Index: dbus-marshal-validate.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-marshal-validate.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- dbus-marshal-validate.c 6 Feb 2005 04:21:57 -0000 1.16
+++ dbus-marshal-validate.c 6 Feb 2005 05:19:50 -0000 1.17
@@ -266,7 +266,7 @@
}
if (claimed_len > (unsigned long) (end - p))
- return DBUS_INVALID_STRING_LENGTH_OUT_OF_BOUNDS;
+ return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
if (current_type == DBUS_TYPE_OBJECT_PATH)
{
@@ -294,6 +294,9 @@
DBusValidity validity;
const unsigned char *array_end;
+ if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
+ return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
+
/* Remember that the reader is types only, so we can't
* use it to iterate over elements. It stays the same
* for all elements.
Index: dbus-marshal-validate.h
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-marshal-validate.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- dbus-marshal-validate.h 6 Feb 2005 04:21:57 -0000 1.9
+++ dbus-marshal-validate.h 6 Feb 2005 05:19:50 -0000 1.10
@@ -55,7 +55,9 @@
DBUS_VALID = 0,
DBUS_INVALID_UNKNOWN_TYPECODE = 1,
DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE = 2,
- DBUS_INVALID_SIGNATURE_TOO_LONG = 3,
+ DBUS_INVALID_SIGNATURE_TOO_LONG = 3, /* this one is impossible right now since
+ * you can't put a too-long value in a byte
+ */
DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION = 4,
DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION = 5,
DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED = 6,
@@ -87,27 +89,26 @@
DBUS_INVALID_MISSING_MEMBER = 32,
DBUS_INVALID_MISSING_ERROR_NAME = 33,
DBUS_INVALID_MISSING_REPLY_SERIAL = 34,
- DBUS_INVALID_STRING_LENGTH_OUT_OF_BOUNDS = 35,
- DBUS_INVALID_ARRAY_LENGTH_OUT_OF_BOUNDS = 36,
- DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM = 37,
- DBUS_INVALID_BAD_PATH = 38,
- DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 39,
- DBUS_INVALID_BAD_UTF8_IN_STRING = 40,
- DBUS_INVALID_ARRAY_LENGTH_INCORRECT = 41,
- DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 42,
- DBUS_INVALID_VARIANT_SIGNATURE_BAD = 43,
- DBUS_INVALID_VARIANT_SIGNATURE_EMPTY = 44,
- DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES = 45,
- DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL = 46,
- DBUS_INVALID_STRING_MISSING_NUL = 47,
- DBUS_INVALID_SIGNATURE_MISSING_NUL = 48,
- DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION = 49,
- DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED = 50,
- DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED = 51,
- DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS = 52,
- DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD = 53,
- DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 54,
- DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 55,
+ DBUS_INVALID_LENGTH_OUT_OF_BOUNDS = 35,
+ DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM = 36,
+ DBUS_INVALID_BAD_PATH = 37,
+ DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 38,
+ DBUS_INVALID_BAD_UTF8_IN_STRING = 39,
+ DBUS_INVALID_ARRAY_LENGTH_INCORRECT = 40,
+ DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 41,
+ DBUS_INVALID_VARIANT_SIGNATURE_BAD = 42,
+ DBUS_INVALID_VARIANT_SIGNATURE_EMPTY = 43,
+ DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES = 44,
+ DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL = 45,
+ DBUS_INVALID_STRING_MISSING_NUL = 46,
+ DBUS_INVALID_SIGNATURE_MISSING_NUL = 47,
+ DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION = 48,
+ DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED = 49,
+ DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED = 50,
+ DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS = 51,
+ DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD = 52,
+ DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 53,
+ DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 54,
DBUS_VALIDITY_LAST
} DBusValidity;
Index: dbus-message-factory.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-message-factory.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- dbus-message-factory.c 6 Feb 2005 04:21:57 -0000 1.5
+++ dbus-message-factory.c 6 Feb 2005 05:19:50 -0000 1.6
@@ -315,6 +315,22 @@
return message;
}
+static DBusMessage*
+simple_error (void)
+{
+ DBusMessage *message;
+ message = dbus_message_new (DBUS_MESSAGE_TYPE_ERROR);
+ if (message == NULL)
+ _dbus_assert_not_reached ("oom");
+
+ if (!dbus_message_set_error_name (message, "foo.bar"))
+ _dbus_assert_not_reached ("oom");
+
+ set_reply_serial (message);
+
+ return message;
+}
+
static dbus_bool_t
generate_special (DBusMessageDataIter *iter,
DBusString *data,
@@ -354,7 +370,7 @@
}
else if (item_seq == 1)
{
- char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH+1];
+ char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH+2];
const char *v_STRING;
int i;
@@ -372,6 +388,7 @@
long_sig[i] = DBUS_TYPE_ARRAY;
++i;
}
+ long_sig[i] = DBUS_TYPE_INVALID;
v_STRING = long_sig;
if (!_dbus_header_set_field_basic (&message->header,
@@ -389,7 +406,7 @@
}
else if (item_seq == 2)
{
- char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2+3];
+ char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2+4];
const char *v_STRING;
int i;
@@ -416,6 +433,7 @@
long_sig[i] = DBUS_STRUCT_END_CHAR;
++i;
}
+ long_sig[i] = DBUS_TYPE_INVALID;
v_STRING = long_sig;
if (!_dbus_header_set_field_basic (&message->header,
@@ -592,6 +610,129 @@
*expected_validity = DBUS_INVALID_MISSING_REPLY_SERIAL;
}
+ else if (item_seq == 15)
+ {
+ message = simple_error ();
+
+ if (!dbus_message_set_error_name (message, NULL))
+ _dbus_assert_not_reached ("oom");
+
+ generate_from_message (data, expected_validity, message);
+
+ *expected_validity = DBUS_INVALID_MISSING_ERROR_NAME;
+ }
+ else if (item_seq == 16)
+ {
+ char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*3+6];
+ const char *v_STRING;
+ int i;
+ int n_begins;
+
+ message = simple_method_call ();
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INVALID))
+ _dbus_assert_not_reached ("oom");
+
+ i = 0;
+ while (i <= (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2 + 2))
+ {
+ long_sig[i] = DBUS_TYPE_ARRAY;
+ ++i;
+ long_sig[i] = DBUS_DICT_ENTRY_BEGIN_CHAR;
+ ++i;
+ }
+ n_begins = i / 2;
+
+ long_sig[i] = DBUS_TYPE_INT32;
+ ++i;
+ long_sig[i] = DBUS_TYPE_INT32;
+ ++i;
+
+ while (n_begins > 0)
+ {
+ long_sig[i] = DBUS_DICT_ENTRY_END_CHAR;
+ ++i;
+ n_begins -= 1;
+ }
+ long_sig[i] = DBUS_TYPE_INVALID;
+
+ v_STRING = long_sig;
+ if (!_dbus_header_set_field_basic (&message->header,
+ DBUS_HEADER_FIELD_SIGNATURE,
+ DBUS_TYPE_SIGNATURE,
+ &v_STRING))
+ _dbus_assert_not_reached ("oom");
+
+ _dbus_header_get_field_raw (&message->header,
+ DBUS_HEADER_FIELD_SIGNATURE,
+ NULL, &pos);
+ generate_from_message (data, expected_validity, message);
+
+ *expected_validity = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
+ }
+ else if (item_seq == 17)
+ {
+ message = simple_method_call ();
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INVALID))
+ _dbus_assert_not_reached ("oom");
+
+ _dbus_header_get_field_raw (&message->header,
+ DBUS_HEADER_FIELD_SIGNATURE,
+ NULL, &pos);
+ generate_from_message (data, expected_validity, message);
+
+ _dbus_string_set_byte (data, pos + 1, DBUS_TYPE_ARRAY);
+ _dbus_string_set_byte (data, pos + 2, DBUS_DICT_ENTRY_BEGIN_CHAR);
+
+ *expected_validity = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
+ }
+ else if (item_seq == 18)
+ {
+ message = simple_method_call ();
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INVALID))
+ _dbus_assert_not_reached ("oom");
+
+ _dbus_header_get_field_raw (&message->header,
+ DBUS_HEADER_FIELD_SIGNATURE,
+ NULL, &pos);
+ generate_from_message (data, expected_validity, message);
+
+ _dbus_string_set_byte (data, pos + 1, DBUS_DICT_ENTRY_END_CHAR);
+
+ *expected_validity = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
+ }
+ else if (item_seq == 19)
+ {
+ message = simple_method_call ();
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INT32, &v_INT32,
+ DBUS_TYPE_INVALID))
+ _dbus_assert_not_reached ("oom");
+
+ _dbus_header_get_field_raw (&message->header,
+ DBUS_HEADER_FIELD_SIGNATURE,
+ NULL, &pos);
+ generate_from_message (data, expected_validity, message);
+
+ _dbus_string_set_byte (data, pos + 1, DBUS_TYPE_ARRAY);
+ _dbus_string_set_byte (data, pos + 2, DBUS_DICT_ENTRY_BEGIN_CHAR);
+ _dbus_string_set_byte (data, pos + 3, DBUS_DICT_ENTRY_END_CHAR);
+
+ *expected_validity = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
+ }
else
{
return FALSE;
More information about the dbus-commit
mailing list