dbus/dbus dbus-marshal-basic.c, 1.23, 1.24 dbus-marshal-validate.c, 1.16, 1.17 dbus-marshal-validate.h, 1.9, 1.10 dbus-message-factory.c, 1.5, 1.6

Havoc Pennington hp at freedesktop.org
Sat Feb 5 21:19:52 PST 2005


Update of /cvs/dbus/dbus/dbus
In directory gabe:/tmp/cvs-serv10398/dbus

Modified Files:
	dbus-marshal-basic.c dbus-marshal-validate.c 
	dbus-marshal-validate.h dbus-message-factory.c 
Log Message:
2005-02-06  Havoc Pennington  <hp at redhat.com>

	* dbus/dbus-message-factory.c (generate_special): more tests

	* dbus/dbus-marshal-validate.c (validate_body_helper): detect
	array length that exceeds the maximum



Index: dbus-marshal-basic.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-marshal-basic.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- dbus-marshal-basic.c	28 Jan 2005 05:30:53 -0000	1.23
+++ dbus-marshal-basic.c	6 Feb 2005 05:19:50 -0000	1.24
@@ -577,8 +577,8 @@
       }
       break;
     default:
-      _dbus_warn ("type %s not a basic type\n",
-                  _dbus_type_to_string (type));
+      _dbus_warn ("type %s %d not a basic type\n",
+                  _dbus_type_to_string (type), type);
       _dbus_assert_not_reached ("not a basic type");
       break;
     }
@@ -757,6 +757,9 @@
 
   if (marshal_as == MARSHAL_AS_SIGNATURE)
     {
+      _dbus_assert (data_len <= DBUS_MAXIMUM_SIGNATURE_LENGTH);
+      _dbus_assert (data_len <= 255); /* same as max sig len right now */
+      
       if (!_dbus_string_insert_byte (str, pos, data_len))
         goto oom;
 

Index: dbus-marshal-validate.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-marshal-validate.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- dbus-marshal-validate.c	6 Feb 2005 04:21:57 -0000	1.16
+++ dbus-marshal-validate.c	6 Feb 2005 05:19:50 -0000	1.17
@@ -266,7 +266,7 @@
               }
 
             if (claimed_len > (unsigned long) (end - p))
-              return DBUS_INVALID_STRING_LENGTH_OUT_OF_BOUNDS;
+              return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
 
             if (current_type == DBUS_TYPE_OBJECT_PATH)
               {
@@ -294,6 +294,9 @@
                 DBusValidity validity;
                 const unsigned char *array_end;
 
+                if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
+                  return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
+                
                 /* Remember that the reader is types only, so we can't
                  * use it to iterate over elements. It stays the same
                  * for all elements.

Index: dbus-marshal-validate.h
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-marshal-validate.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- dbus-marshal-validate.h	6 Feb 2005 04:21:57 -0000	1.9
+++ dbus-marshal-validate.h	6 Feb 2005 05:19:50 -0000	1.10
@@ -55,7 +55,9 @@
   DBUS_VALID = 0,
   DBUS_INVALID_UNKNOWN_TYPECODE = 1,
   DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE = 2,
-  DBUS_INVALID_SIGNATURE_TOO_LONG = 3,
+  DBUS_INVALID_SIGNATURE_TOO_LONG = 3, /* this one is impossible right now since
+                                        * you can't put a too-long value in a byte
+                                        */
   DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION = 4,
   DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION = 5,
   DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED = 6,
@@ -87,27 +89,26 @@
   DBUS_INVALID_MISSING_MEMBER = 32,
   DBUS_INVALID_MISSING_ERROR_NAME = 33,
   DBUS_INVALID_MISSING_REPLY_SERIAL = 34,
-  DBUS_INVALID_STRING_LENGTH_OUT_OF_BOUNDS = 35,
-  DBUS_INVALID_ARRAY_LENGTH_OUT_OF_BOUNDS = 36,
-  DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM = 37,
-  DBUS_INVALID_BAD_PATH = 38,
-  DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 39,
-  DBUS_INVALID_BAD_UTF8_IN_STRING = 40,
-  DBUS_INVALID_ARRAY_LENGTH_INCORRECT = 41,
-  DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 42,
-  DBUS_INVALID_VARIANT_SIGNATURE_BAD = 43,
-  DBUS_INVALID_VARIANT_SIGNATURE_EMPTY = 44,
-  DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES = 45,
-  DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL = 46,
-  DBUS_INVALID_STRING_MISSING_NUL = 47,
-  DBUS_INVALID_SIGNATURE_MISSING_NUL = 48,
-  DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION = 49,
-  DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED = 50,
-  DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED = 51,
-  DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS = 52,
-  DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD = 53,
-  DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 54,
-  DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 55,
+  DBUS_INVALID_LENGTH_OUT_OF_BOUNDS = 35,
+  DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM = 36,
+  DBUS_INVALID_BAD_PATH = 37,
+  DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 38,
+  DBUS_INVALID_BAD_UTF8_IN_STRING = 39,
+  DBUS_INVALID_ARRAY_LENGTH_INCORRECT = 40,
+  DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS = 41,
+  DBUS_INVALID_VARIANT_SIGNATURE_BAD = 42,
+  DBUS_INVALID_VARIANT_SIGNATURE_EMPTY = 43,
+  DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES = 44,
+  DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL = 45,
+  DBUS_INVALID_STRING_MISSING_NUL = 46,
+  DBUS_INVALID_SIGNATURE_MISSING_NUL = 47,
+  DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION = 48,
+  DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED = 49,
+  DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED = 50,
+  DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS = 51,
+  DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD = 52,
+  DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 53,
+  DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 54,
   DBUS_VALIDITY_LAST
 } DBusValidity;
 

Index: dbus-message-factory.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-message-factory.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- dbus-message-factory.c	6 Feb 2005 04:21:57 -0000	1.5
+++ dbus-message-factory.c	6 Feb 2005 05:19:50 -0000	1.6
@@ -315,6 +315,22 @@
   return message;
 }
 
+static DBusMessage*
+simple_error (void)
+{
+  DBusMessage *message;
+  message =  dbus_message_new (DBUS_MESSAGE_TYPE_ERROR);
+  if (message == NULL)
+    _dbus_assert_not_reached ("oom");
+
+  if (!dbus_message_set_error_name (message, "foo.bar"))
+    _dbus_assert_not_reached ("oom");
+  
+  set_reply_serial (message);
+  
+  return message;
+}
+
 static dbus_bool_t
 generate_special (DBusMessageDataIter   *iter,
                   DBusString            *data,
@@ -354,7 +370,7 @@
     }
   else if (item_seq == 1)
     {
-      char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH+1];
+      char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH+2];
       const char *v_STRING;
       int i;
       
@@ -372,6 +388,7 @@
           long_sig[i] = DBUS_TYPE_ARRAY;
           ++i;
         }
+      long_sig[i] = DBUS_TYPE_INVALID;
 
       v_STRING = long_sig;
       if (!_dbus_header_set_field_basic (&message->header,
@@ -389,7 +406,7 @@
     }
   else if (item_seq == 2)
     {
-      char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2+3];
+      char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2+4];
       const char *v_STRING;
       int i;
       
@@ -416,6 +433,7 @@
           long_sig[i] = DBUS_STRUCT_END_CHAR;
           ++i;
         }
+      long_sig[i] = DBUS_TYPE_INVALID;
       
       v_STRING = long_sig;
       if (!_dbus_header_set_field_basic (&message->header,
@@ -592,6 +610,129 @@
       
       *expected_validity = DBUS_INVALID_MISSING_REPLY_SERIAL;
     }
+  else if (item_seq == 15)
+    {
+      message = simple_error ();
+
+      if (!dbus_message_set_error_name (message, NULL))
+        _dbus_assert_not_reached ("oom");
+      
+      generate_from_message (data, expected_validity, message);
+      
+      *expected_validity = DBUS_INVALID_MISSING_ERROR_NAME;
+    }
+  else if (item_seq == 16)
+    {
+      char long_sig[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*3+6];
+      const char *v_STRING;
+      int i;
+      int n_begins;
+      
+      message = simple_method_call ();
+      if (!dbus_message_append_args (message,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INVALID))
+        _dbus_assert_not_reached ("oom");
+
+      i = 0;
+      while (i <= (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH*2 + 2))
+        {
+          long_sig[i] = DBUS_TYPE_ARRAY;
+          ++i;
+          long_sig[i] = DBUS_DICT_ENTRY_BEGIN_CHAR;
+          ++i;
+        }
+      n_begins = i / 2;
+
+      long_sig[i] = DBUS_TYPE_INT32;
+      ++i;
+      long_sig[i] = DBUS_TYPE_INT32;
+      ++i;
+      
+      while (n_begins > 0)
+        {
+          long_sig[i] = DBUS_DICT_ENTRY_END_CHAR;
+          ++i;
+          n_begins -= 1;
+        }
+      long_sig[i] = DBUS_TYPE_INVALID;
+      
+      v_STRING = long_sig;
+      if (!_dbus_header_set_field_basic (&message->header,
+                                         DBUS_HEADER_FIELD_SIGNATURE,
+                                         DBUS_TYPE_SIGNATURE,
+                                         &v_STRING))
+        _dbus_assert_not_reached ("oom");
+      
+      _dbus_header_get_field_raw (&message->header,
+                                  DBUS_HEADER_FIELD_SIGNATURE,
+                                  NULL, &pos);
+      generate_from_message (data, expected_validity, message);
+      
+      *expected_validity = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
+    }
+  else if (item_seq == 17)
+    {
+      message = simple_method_call ();
+      if (!dbus_message_append_args (message,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INVALID))
+        _dbus_assert_not_reached ("oom");
+                                     
+      _dbus_header_get_field_raw (&message->header,
+                                  DBUS_HEADER_FIELD_SIGNATURE,
+                                  NULL, &pos);
+      generate_from_message (data, expected_validity, message);
+
+      _dbus_string_set_byte (data, pos + 1, DBUS_TYPE_ARRAY);
+      _dbus_string_set_byte (data, pos + 2, DBUS_DICT_ENTRY_BEGIN_CHAR);
+      
+      *expected_validity = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
+    }
+  else if (item_seq == 18)
+    {
+      message = simple_method_call ();
+      if (!dbus_message_append_args (message,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INVALID))
+        _dbus_assert_not_reached ("oom");
+                                     
+      _dbus_header_get_field_raw (&message->header,
+                                  DBUS_HEADER_FIELD_SIGNATURE,
+                                  NULL, &pos);
+      generate_from_message (data, expected_validity, message);
+      
+      _dbus_string_set_byte (data, pos + 1, DBUS_DICT_ENTRY_END_CHAR);
+      
+      *expected_validity = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
+    }
+  else if (item_seq == 19)
+    {
+      message = simple_method_call ();
+      if (!dbus_message_append_args (message,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INT32, &v_INT32,
+                                     DBUS_TYPE_INVALID))
+        _dbus_assert_not_reached ("oom");
+                                     
+      _dbus_header_get_field_raw (&message->header,
+                                  DBUS_HEADER_FIELD_SIGNATURE,
+                                  NULL, &pos);
+      generate_from_message (data, expected_validity, message);
+
+      _dbus_string_set_byte (data, pos + 1, DBUS_TYPE_ARRAY);
+      _dbus_string_set_byte (data, pos + 2, DBUS_DICT_ENTRY_BEGIN_CHAR);
+      _dbus_string_set_byte (data, pos + 3, DBUS_DICT_ENTRY_END_CHAR);
+      
+      *expected_validity = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
+    }
   else
     {
       return FALSE;



More information about the dbus-commit mailing list