diff options
author | Will Thompson <will.thompson@collabora.co.uk> | 2010-11-21 16:34:51 +0000 |
---|---|---|
committer | Will Thompson <will.thompson@collabora.co.uk> | 2010-11-23 10:57:22 +0000 |
commit | 613ecbfba04965bf48f78c3afbb9a99144cb6036 (patch) | |
tree | 39595aec21b4346e298723ebafbcaefbe8e026eb | |
parent | 2f7b11158b497e759cd03664b1881f88157a9f1a (diff) | |
download | dbus-613ecbfba04965bf48f78c3afbb9a99144cb6036.tar.gz |
Validate arg0namespace matches' values.
I could be convinced that this is overkill, but it seems sensible to
forbid obviously-broken arg0namespace matches.
-rw-r--r-- | bus/signals.c | 68 | ||||
-rw-r--r-- | dbus/dbus-marshal-validate.c | 66 | ||||
-rw-r--r-- | dbus/dbus-marshal-validate.h | 3 |
3 files changed, 119 insertions, 18 deletions
diff --git a/bus/signals.c b/bus/signals.c index 9939a23e..daf85403 100644 --- a/bus/signals.c +++ b/bus/signals.c @@ -771,7 +771,22 @@ bus_match_rule_parse_arg_match (BusMatchRule *rule, } else if (_dbus_string_equal_c_str (&key_str, "arg0namespace")) { + int value_len = _dbus_string_get_length (value); + is_namespace = TRUE; + + if (value_len > 0 && + _dbus_string_get_byte (value, value_len - 1) == '.') + value_len--; + + if (!_dbus_validate_bus_namespace (value, 0, value_len)) + { + dbus_set_error (error, DBUS_ERROR_MATCH_RULE_INVALID, + "arg0namespace='%s' is not a valid (optionally " + "period-terminated) prefix of a bus name", + _dbus_string_get_const_data (value)); + goto failed; + } } else { @@ -2109,9 +2124,62 @@ test_parsing (void *data) bus_match_rule_unref (rule); } + rule = check_parse (TRUE, "arg0namespace='foo.'"); + if (rule != NULL) + { + _dbus_assert (rule->flags == BUS_MATCH_ARGS); + _dbus_assert (rule->args != NULL); + _dbus_assert (rule->args_len == 1); + _dbus_assert (strcmp (rule->args[0], "foo.") == 0); + _dbus_assert ((rule->arg_lens[0] & BUS_MATCH_ARG_NAMESPACE) + == BUS_MATCH_ARG_NAMESPACE); + + bus_match_rule_unref (rule); + } + + rule = check_parse (TRUE, "arg0namespace='foo.bar'"); + if (rule != NULL) + { + _dbus_assert (rule->flags == BUS_MATCH_ARGS); + _dbus_assert (rule->args != NULL); + _dbus_assert (rule->args_len == 1); + _dbus_assert (strcmp (rule->args[0], "foo.bar") == 0); + _dbus_assert ((rule->arg_lens[0] & BUS_MATCH_ARG_NAMESPACE) + == BUS_MATCH_ARG_NAMESPACE); + + bus_match_rule_unref (rule); + } + + rule = check_parse (TRUE, "arg0namespace='foo.bar.'"); + if (rule != NULL) + { + _dbus_assert (rule->flags == BUS_MATCH_ARGS); + _dbus_assert (rule->args != NULL); + _dbus_assert (rule->args_len == 1); + _dbus_assert (strcmp (rule->args[0], "foo.bar.") == 0); + _dbus_assert ((rule->arg_lens[0] & BUS_MATCH_ARG_NAMESPACE) + == BUS_MATCH_ARG_NAMESPACE); + + bus_match_rule_unref (rule); + } + + /* Only arg0namespace is supported. */ rule = check_parse (FALSE, "arg1namespace='foo'"); _dbus_assert (rule == NULL); + /* An empty string isn't a valid namespace prefix (you should just not + * specify this key at all). + */ + rule = check_parse (FALSE, "arg0namespace=''"); + _dbus_assert (rule == NULL); + + /* Two trailing periods on otherwise-valid namespaces aren't allowed. */ + rule = check_parse (FALSE, "arg0namespace='foo..'"); + _dbus_assert (rule == NULL); + + rule = check_parse (FALSE, "arg0namespace='foo.bar..'"); + _dbus_assert (rule == NULL); + /* Too-large argN */ rule = check_parse (FALSE, "arg300='foo'"); _dbus_assert (rule == NULL); diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c index aa470fc8..7d49624b 100644 --- a/dbus/dbus-marshal-validate.c +++ b/dbus/dbus-marshal-validate.c @@ -1062,23 +1062,11 @@ _dbus_validate_error_name (const DBusString *str, ((c) >= 'a' && (c) <= 'z') || \ ((c) == '_') || ((c) == '-')) -/** - * Checks that the given range of the string is a valid bus name in - * the D-Bus protocol. This includes a length restriction, etc., see - * the specification. - * - * @todo this is inconsistent with most of DBusString in that - * it allows a start,len range that extends past the string end. - * - * @param str the string - * @param start first byte index to check - * @param len number of bytes to check - * @returns #TRUE if the byte range exists and is a valid name - */ -dbus_bool_t -_dbus_validate_bus_name (const DBusString *str, - int start, - int len) +static dbus_bool_t +_dbus_validate_bus_name_full (const DBusString *str, + int start, + int len, + dbus_bool_t is_namespace) { const unsigned char *s; const unsigned char *end; @@ -1156,13 +1144,55 @@ _dbus_validate_bus_name (const DBusString *str, ++s; } - if (_DBUS_UNLIKELY (last_dot == NULL)) + if (!is_namespace && _DBUS_UNLIKELY (last_dot == NULL)) return FALSE; return TRUE; } /** + * Checks that the given range of the string is a valid bus name in + * the D-Bus protocol. This includes a length restriction, etc., see + * the specification. + * + * @todo this is inconsistent with most of DBusString in that + * it allows a start,len range that extends past the string end. + * + * @param str the string + * @param start first byte index to check + * @param len number of bytes to check + * @returns #TRUE if the byte range exists and is a valid name + */ +dbus_bool_t +_dbus_validate_bus_name (const DBusString *str, + int start, + int len) +{ + return _dbus_validate_bus_name_full (str, start, len, FALSE); +} + +/** + * Checks that the given range of the string is a prefix of a valid bus name in + * the D-Bus protocol. Unlike _dbus_validate_bus_name(), this accepts strings + * with only one period-separated component. + * + * @todo this is inconsistent with most of DBusString in that + * it allows a start,len range that extends past the string end. + * + * @param str the string + * @param start first byte index to check + * @param len number of bytes to check + * @returns #TRUE if the byte range exists and is a valid name + */ +dbus_bool_t +_dbus_validate_bus_namespace (const DBusString *str, + int start, + int len) +{ + return _dbus_validate_bus_name_full (str, start, len, TRUE); +} + +/** * Checks that the given range of the string is a valid message type * signature in the D-Bus protocol. * diff --git a/dbus/dbus-marshal-validate.h b/dbus/dbus-marshal-validate.h index 5817de32..9b896085 100644 --- a/dbus/dbus-marshal-validate.h +++ b/dbus/dbus-marshal-validate.h @@ -143,6 +143,9 @@ dbus_bool_t _dbus_validate_error_name (const DBusString *str, dbus_bool_t _dbus_validate_bus_name (const DBusString *str, int start, int len); +dbus_bool_t _dbus_validate_bus_namespace (const DBusString *str, + int start, + int len); dbus_bool_t _dbus_validate_signature (const DBusString *str, int start, int len); |