Add dbus-syntax.[ch]

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39549
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>

4 files changed, 370 insertions, 0 deletions

diff --git a/dbus/Makefile.am b/dbus/Makefile.am
index c8d35f75..bb5cccaf 100644
--- a/dbus/Makefile.am
+++ b/dbus/Makefile.am
@@ -132,6 +132,7 @@ dbusinclude_HEADERS=				\
 	dbus-server.h				\
 	dbus-shared.h				\
 	dbus-signature.h			\
+	dbus-syntax.h				\
 	dbus-threads.h				\
 	dbus-types.h
 
@@ -183,6 +184,7 @@ DBUS_LIB_SOURCES=				\
 	dbus-sha.c				\
 	dbus-sha.h				\
 	dbus-signature.c			\
+	dbus-syntax.c				\
 	dbus-timeout.c				\
 	dbus-timeout.h				\
 	dbus-threads-internal.h			\
diff --git a/dbus/dbus-syntax.c b/dbus/dbus-syntax.c
new file mode 100644
index 00000000..47922875
--- /dev/null
+++ b/dbus/dbus-syntax.c
@@ -0,0 +1,309 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/* dbus-syntax.c - utility functions for strings with special syntax
+ *
+ * Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
+ * Copyright © 2011 Nokia Corporation
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include <config.h>
+#include "dbus-syntax.h"
+
+#include "dbus-internals.h"
+#include "dbus-marshal-validate.h"
+#include "dbus-shared.h"
+
+/**
+ * @defgroup DBusSyntax Utility functions for strings with special syntax
+ * @ingroup  DBus
+ * @brief Parsing D-Bus type signatures
+ * @{
+ */
+
+/**
+ * Check an object path for validity. Remember that #NULL can always
+ * be passed instead of a DBusError *, if you don't care about having
+ * an error name and message.
+ *
+ * This function is suitable for validating C strings, but is not suitable
+ * for validating untrusted data from a network unless the string's length
+ * is also checked, since it assumes that the string ends at the first zero
+ * byte according to normal C conventions.
+ *
+ * @param path a potentially invalid object path, which must not be #NULL
+ * @param error error return
+ * @returns #TRUE if path is valid
+ */
+dbus_bool_t
+dbus_validate_path (const char       *path,
+                    DBusError        *error)
+{
+  DBusString str;
+  int len;
+
+  _dbus_return_val_if_fail (path != NULL, FALSE);
+
+  _dbus_string_init_const (&str, path);
+  len = _dbus_string_get_length (&str);
+
+  /* In general, it ought to be valid... */
+  if (_DBUS_LIKELY (_dbus_validate_path (&str, 0, len)))
+    return TRUE;
+
+  /* slow path: string is invalid, find out why */
+
+  if (!_dbus_string_validate_utf8 (&str, 0, len))
+    {
+      /* don't quote the actual string here, since a DBusError also needs to
+       * be valid UTF-8 */
+      dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                      "Object path was not valid UTF-8");
+      return FALSE;
+    }
+
+  /* FIXME: later, diagnose exactly how it was invalid */
+  dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                  "Object path was not valid: '%s'", path);
+  return FALSE;
+}
+
+/**
+ * Check an interface name for validity. Remember that #NULL can always
+ * be passed instead of a DBusError *, if you don't care about having
+ * an error name and message.
+ *
+ * This function is suitable for validating C strings, but is not suitable
+ * for validating untrusted data from a network unless the string's length
+ * is also checked, since it assumes that the string ends at the first zero
+ * byte according to normal C conventions.
+ *
+ * @param path a potentially invalid interface name, which must not be #NULL
+ * @param error error return
+ * @returns #TRUE if name is valid
+ */
+dbus_bool_t
+dbus_validate_interface (const char       *name,
+                         DBusError        *error)
+{
+  DBusString str;
+  int len;
+
+  _dbus_return_val_if_fail (name != NULL, FALSE);
+
+  _dbus_string_init_const (&str, name);
+  len = _dbus_string_get_length (&str);
+
+  /* In general, it ought to be valid... */
+  if (_DBUS_LIKELY (_dbus_validate_interface (&str, 0, len)))
+    return TRUE;
+
+  /* slow path: string is invalid, find out why */
+
+  if (!_dbus_string_validate_utf8 (&str, 0, len))
+    {
+      /* don't quote the actual string here, since a DBusError also needs to
+       * be valid UTF-8 */
+      dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                      "Interface name was not valid UTF-8");
+      return FALSE;
+    }
+
+  /* FIXME: later, diagnose exactly how it was invalid */
+  dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                  "Interface name was not valid: '%s'", name);
+  return FALSE;
+}
+
+/**
+ * Check a member (method/signal) name for validity. Remember that #NULL
+ * can always be passed instead of a DBusError *, if you don't care about
+ * having an error name and message.
+ *
+ * This function is suitable for validating C strings, but is not suitable
+ * for validating untrusted data from a network unless the string's length
+ * is also checked, since it assumes that the string ends at the first zero
+ * byte according to normal C conventions.
+ *
+ * @param path a potentially invalid member name, which must not be #NULL
+ * @param error error return
+ * @returns #TRUE if name is valid
+ */
+dbus_bool_t
+dbus_validate_member (const char       *name,
+                      DBusError        *error)
+{
+  DBusString str;
+  int len;
+
+  _dbus_return_val_if_fail (name != NULL, FALSE);
+
+  _dbus_string_init_const (&str, name);
+  len = _dbus_string_get_length (&str);
+
+  /* In general, it ought to be valid... */
+  if (_DBUS_LIKELY (_dbus_validate_member (&str, 0, len)))
+    return TRUE;
+
+  /* slow path: string is invalid, find out why */
+
+  if (!_dbus_string_validate_utf8 (&str, 0, len))
+    {
+      /* don't quote the actual string here, since a DBusError also needs to
+       * be valid UTF-8 */
+      dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                      "Member name was not valid UTF-8");
+      return FALSE;
+    }
+
+  /* FIXME: later, diagnose exactly how it was invalid */
+  dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                  "Member name was not valid: '%s'", name);
+  return FALSE;
+}
+
+/**
+ * Check an error name for validity. Remember that #NULL
+ * can always be passed instead of a DBusError *, if you don't care about
+ * having an error name and message.
+ *
+ * This function is suitable for validating C strings, but is not suitable
+ * for validating untrusted data from a network unless the string's length
+ * is also checked, since it assumes that the string ends at the first zero
+ * byte according to normal C conventions.
+ *
+ * @param path a potentially invalid error name, which must not be #NULL
+ * @param error error return
+ * @returns #TRUE if name is valid
+ */
+dbus_bool_t
+dbus_validate_error_name (const char       *name,
+                          DBusError        *error)
+{
+  DBusString str;
+  int len;
+
+  _dbus_return_val_if_fail (name != NULL, FALSE);
+
+  _dbus_string_init_const (&str, name);
+  len = _dbus_string_get_length (&str);
+
+  /* In general, it ought to be valid... */
+  if (_DBUS_LIKELY (_dbus_validate_error_name (&str, 0, len)))
+    return TRUE;
+
+  /* slow path: string is invalid, find out why */
+
+  if (!_dbus_string_validate_utf8 (&str, 0, len))
+    {
+      /* don't quote the actual string here, since a DBusError also needs to
+       * be valid UTF-8 */
+      dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                      "Error name was not valid UTF-8");
+      return FALSE;
+    }
+
+  /* FIXME: later, diagnose exactly how it was invalid */
+  dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                  "Error name was not valid: '%s'", name);
+  return FALSE;
+}
+
+/**
+ * Check a bus name for validity. Remember that #NULL
+ * can always be passed instead of a DBusError *, if you don't care about
+ * having an error name and message.
+ *
+ * This function is suitable for validating C strings, but is not suitable
+ * for validating untrusted data from a network unless the string's length
+ * is also checked, since it assumes that the string ends at the first zero
+ * byte according to normal C conventions.
+ *
+ * @param path a potentially invalid bus name, which must not be #NULL
+ * @param error error return
+ * @returns #TRUE if name is valid
+ */
+dbus_bool_t
+dbus_validate_bus_name (const char       *name,
+                        DBusError        *error)
+{
+  DBusString str;
+  int len;
+
+  _dbus_return_val_if_fail (name != NULL, FALSE);
+
+  _dbus_string_init_const (&str, name);
+  len = _dbus_string_get_length (&str);
+
+  /* In general, it ought to be valid... */
+  if (_DBUS_LIKELY (_dbus_validate_bus_name (&str, 0, len)))
+    return TRUE;
+
+  /* slow path: string is invalid, find out why */
+
+  if (!_dbus_string_validate_utf8 (&str, 0, len))
+    {
+      /* don't quote the actual string here, since a DBusError also needs to
+       * be valid UTF-8 */
+      dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                      "Bus name was not valid UTF-8");
+      return FALSE;
+    }
+
+  /* FIXME: later, diagnose exactly how it was invalid */
+  dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                  "Bus name was not valid: '%s'", name);
+  return FALSE;
+}
+
+/**
+ * Check a string for validity. Strings on D-Bus must be valid UTF-8.
+ * Remember that #NULL can always be passed instead of a DBusError *,
+ * if you don't care about having an error name and message.
+ *
+ * This function is suitable for validating C strings, but is not suitable
+ * for validating untrusted data from a network unless the string's length
+ * is also checked, since it assumes that the string ends at the first zero
+ * byte according to normal C conventions.
+ *
+ * @param alleged_utf8 a string to be checked, which must not be #NULL
+ * @param error error return
+ * @returns #TRUE if alleged_utf8 is valid UTF-8
+ */
+dbus_bool_t
+dbus_validate_utf8 (const char       *alleged_utf8,
+                    DBusError        *error)
+{
+  DBusString str;
+
+  _dbus_return_val_if_fail (alleged_utf8 != NULL, FALSE);
+
+  _dbus_string_init_const (&str, alleged_utf8);
+
+  if (_DBUS_LIKELY (_dbus_string_validate_utf8 (&str, 0,
+                                                _dbus_string_get_length (&str))))
+    return TRUE;
+
+  /* don't quote the actual string here, since a DBusError also needs to
+   * be valid UTF-8 */
+  dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
+                  "String was not valid UTF-8");
+  return FALSE;
+}
+
+/** @} */ /* end of group */
diff --git a/dbus/dbus-syntax.h b/dbus/dbus-syntax.h
new file mode 100644
index 00000000..daf20f06
--- /dev/null
+++ b/dbus/dbus-syntax.h
@@ -0,0 +1,58 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/* dbus-syntax.h - utility functions for strings with special syntax
+ *
+ * Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
+ * Copyright © 2011 Nokia Corporation
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+#if !defined (DBUS_INSIDE_DBUS_H) && !defined (DBUS_COMPILATION)
+#error "Only <dbus/dbus.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef DBUS_SYNTAX_H
+#define DBUS_SYNTAX_H
+
+#include <dbus/dbus-macros.h>
+#include <dbus/dbus-types.h>
+#include <dbus/dbus-errors.h>
+
+DBUS_BEGIN_DECLS
+
+DBUS_EXPORT
+dbus_bool_t     dbus_validate_path                   (const char *path,
+                                                      DBusError  *error);
+DBUS_EXPORT
+dbus_bool_t     dbus_validate_interface              (const char *name,
+                                                      DBusError  *error);
+DBUS_EXPORT
+dbus_bool_t     dbus_validate_member                 (const char *name,
+                                                      DBusError  *error);
+DBUS_EXPORT
+dbus_bool_t     dbus_validate_error_name             (const char *name,
+                                                      DBusError  *error);
+DBUS_EXPORT
+dbus_bool_t     dbus_validate_bus_name               (const char *name,
+                                                      DBusError  *error);
+DBUS_EXPORT
+dbus_bool_t     dbus_validate_utf8                   (const char *alleged_utf8,
+                                                      DBusError  *error);
+
+DBUS_END_DECLS
+
+#endif /* multiple-inclusion guard */
diff --git a/dbus/dbus.h b/dbus/dbus.h
index 1f099508..932ceab3 100644
--- a/dbus/dbus.h
+++ b/dbus/dbus.h
@@ -39,6 +39,7 @@
 #include <dbus/dbus-server.h>
 #include <dbus/dbus-shared.h>
 #include <dbus/dbus-signature.h>
+#include <dbus/dbus-syntax.h>
 #include <dbus/dbus-threads.h>
 #include <dbus/dbus-types.h>