diff options
| author | Chengwei Yang <chengwei.yang@intel.com> | 2013-06-29 11:56:20 +0800 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-07-01 12:09:02 +0100 |
| commit | 32e5cab56a6707cf897f918999720ff7e455255e (patch) | |
| tree | f4c55cd73b86efe2a4914f5f0474c5e241f86c77 | |
| parent | 160fbc9ec110fc3aa691b86971b50ee8dc740783 (diff) | |
| download | dbus-32e5cab56a6707cf897f918999720ff7e455255e.tar.gz | |
Fix: a non ascii byte will trigger BadAddress error
If a byte in DBusString *unescaped isn't a ascii byte, which will be
cast to char (signed char on most of platform), so that's the issue
unsigned char cast to signed char. e.g. "\303\266" is a valid unicode
character, if everything goes right, it will be escaped to "%c3%b6".
However, in fact, it escaped to "%<garbage-byte>3%<garbage-byte>6".
_dbus_string_append_byte_as_hex() take an int parameter, so negative
byte is valid, but cause get a negative index in array. So garbage value
will get. e.g. '\303' --> hexdigits[((signed byte)(-61)) >> 4] is
hexdigits[-4].
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499
Sgne-off-by: Chengwei Yang <chengwei.yang@intel.com>
[fixed whitespace -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
| -rw-r--r-- | dbus/dbus-address.c | 6 | ||||
| -rw-r--r-- | dbus/dbus-string.c | 2 | ||||
| -rw-r--r-- | dbus/dbus-string.h | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/dbus/dbus-address.c b/dbus/dbus-address.c index 90484dc1..f3d48d0a 100644 --- a/dbus/dbus-address.c +++ b/dbus/dbus-address.c @@ -104,15 +104,15 @@ dbus_bool_t _dbus_address_append_escaped (DBusString *escaped, const DBusString *unescaped) { - const char *p; - const char *end; + const unsigned char *p; + const unsigned char *end; dbus_bool_t ret; int orig_len; ret = FALSE; orig_len = _dbus_string_get_length (escaped); - p = _dbus_string_get_const_data (unescaped); + p = (const unsigned char *) _dbus_string_get_const_data (unescaped); end = p + _dbus_string_get_length (unescaped); while (p != end) { diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c index 52eb0f23..0f63612f 100644 --- a/dbus/dbus-string.c +++ b/dbus/dbus-string.c @@ -2228,7 +2228,7 @@ _dbus_string_starts_with_c_str (const DBusString *a, */ dbus_bool_t _dbus_string_append_byte_as_hex (DBusString *str, - int byte) + unsigned char byte) { const char hexdigits[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', diff --git a/dbus/dbus-string.h b/dbus/dbus-string.h index 4ef59db1..86fb8c39 100644 --- a/dbus/dbus-string.h +++ b/dbus/dbus-string.h @@ -259,7 +259,7 @@ void _dbus_string_delete_first_word (DBusString *str); void _dbus_string_delete_leading_blanks (DBusString *str); void _dbus_string_chop_white (DBusString *str); dbus_bool_t _dbus_string_append_byte_as_hex (DBusString *str, - int byte); + unsigned char byte); dbus_bool_t _dbus_string_hex_encode (const DBusString *source, int start, DBusString *dest, |