[pulseaudio-discuss] [PATCH v2 16/18] tagstruct: Accept only valid UTF-8 strings

Tanu Kaskinen tanu.kaskinen at linux.intel.com
Fri Jun 28 00:48:10 PDT 2013 

If we agree that all strings sent over the native protocol must be
valid UTF-8, then it can be checked in pa_tagstruct_gets(), so
callers don't have to the checking themselves. There were not many
callers that were checking the UTF-8 validity, but there probably
should have been many more.
---
 src/pulsecore/protocol-native.c | 7 ++-----
 src/pulsecore/tagstruct.c       | 4 ++++
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index 9be65b0..a73787d 100644
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -32,7 +32,6 @@
 #include <pulse/rtclock.h>
 #include <pulse/timeval.h>
 #include <pulse/version.h>
-#include <pulse/utf8.h>
 #include <pulse/util.h>
 #include <pulse/xmalloc.h>
 #include <pulse/internal.h>
@@ -4360,7 +4359,7 @@ static void command_set_stream_name(pa_pdispatch *pd, uint32_t command, uint32_t
     }
 
     CHECK_VALIDITY(c->pstream, c->authorized, tag, PA_ERR_ACCESS);
-    CHECK_VALIDITY(c->pstream, name && pa_utf8_valid(name), tag, PA_ERR_INVALID);
+    CHECK_VALIDITY(c->pstream, name, tag, PA_ERR_INVALID);
 
     if (command == PA_COMMAND_SET_PLAYBACK_STREAM_NAME) {
         playback_stream *s;
@@ -4449,8 +4448,7 @@ static void command_load_module(pa_pdispatch *pd, uint32_t command, uint32_t tag
     }
 
     CHECK_VALIDITY(c->pstream, c->authorized, tag, PA_ERR_ACCESS);
-    CHECK_VALIDITY(c->pstream, name && *name && pa_utf8_valid(name) && !strchr(name, '/'), tag, PA_ERR_INVALID);
-    CHECK_VALIDITY(c->pstream, !argument || pa_utf8_valid(argument), tag, PA_ERR_INVALID);
+    CHECK_VALIDITY(c->pstream, name && *name && !strchr(name, '/'), tag, PA_ERR_INVALID);
 
     if (!(m = pa_module_load(c->protocol->core, name, argument))) {
         pa_pstream_send_error(c->pstream, tag, PA_ERR_MODINITFAILED);
@@ -4653,7 +4651,6 @@ static void command_extension(pa_pdispatch *pd, uint32_t command, uint32_t tag,
     }
 
     CHECK_VALIDITY(c->pstream, c->authorized, tag, PA_ERR_ACCESS);
-    CHECK_VALIDITY(c->pstream, !name || pa_utf8_valid(name), tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, idx != PA_INVALID_INDEX || name, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, idx == PA_INVALID_INDEX || !name, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, !name || idx == PA_INVALID_INDEX, tag, PA_ERR_INVALID);
diff --git a/src/pulsecore/tagstruct.c b/src/pulsecore/tagstruct.c
index ded4157..30a3ee8 100644
--- a/src/pulsecore/tagstruct.c
+++ b/src/pulsecore/tagstruct.c
@@ -33,6 +33,7 @@
 #include <netinet/in.h>
 #endif
 
+#include <pulse/utf8.h>
 #include <pulse/xmalloc.h>
 
 #include <pulsecore/socket.h>
@@ -346,6 +347,9 @@ int pa_tagstruct_gets(pa_tagstruct*t, const char **s) {
     if (error)
         return -1;
 
+    if (!pa_utf8_valid((char *) (t->data + t->rindex + 1)))
+        return -1;
+
     *s = (char*) (t->data+t->rindex+1);
 
     t->rindex += n+2;
-- 
1.8.1.2

More information about the pulseaudio-discuss mailing list