From 613ecbfba04965bf48f78c3afbb9a99144cb6036 Mon Sep 17 00:00:00 2001
From: Will Thompson <will.thompson@collabora.co.uk>
Date: Sun, 21 Nov 2010 16:34:51 +0000
Subject: Validate arg0namespace matches' values.

I could be convinced that this is overkill, but it seems sensible to
forbid obviously-broken arg0namespace matches.
---
 bus/signals.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

(limited to 'bus/signals.c')

diff --git a/bus/signals.c b/bus/signals.c
index 9939a23e..daf85403 100644
--- a/bus/signals.c
+++ b/bus/signals.c
@@ -771,7 +771,22 @@ bus_match_rule_parse_arg_match (BusMatchRule     *rule,
         }
       else if (_dbus_string_equal_c_str (&key_str, "arg0namespace"))
         {
+          int value_len = _dbus_string_get_length (value);
+
           is_namespace = TRUE;
+
+          if (value_len > 0 &&
+              _dbus_string_get_byte (value, value_len - 1) == '.')
+            value_len--;
+
+          if (!_dbus_validate_bus_namespace (value, 0, value_len))
+            {
+              dbus_set_error (error, DBUS_ERROR_MATCH_RULE_INVALID,
+                  "arg0namespace='%s' is not a valid (optionally "
+                  "period-terminated) prefix of a bus name",
+                  _dbus_string_get_const_data (value));
+              goto failed;
+            }
         }
       else
         {
@@ -2109,9 +2124,62 @@ test_parsing (void *data)
       bus_match_rule_unref (rule);
     }
 
+  rule = check_parse (TRUE, "arg0namespace='foo.'");
+  if (rule != NULL)
+    {
+      _dbus_assert (rule->flags == BUS_MATCH_ARGS);
+      _dbus_assert (rule->args != NULL);
+      _dbus_assert (rule->args_len == 1);
+      _dbus_assert (strcmp (rule->args[0], "foo.") == 0);
+      _dbus_assert ((rule->arg_lens[0] & BUS_MATCH_ARG_NAMESPACE)
+          == BUS_MATCH_ARG_NAMESPACE);
+
+      bus_match_rule_unref (rule);
+    }
+
+  rule = check_parse (TRUE, "arg0namespace='foo.bar'");
+  if (rule != NULL)
+    {
+      _dbus_assert (rule->flags == BUS_MATCH_ARGS);
+      _dbus_assert (rule->args != NULL);
+      _dbus_assert (rule->args_len == 1);
+      _dbus_assert (strcmp (rule->args[0], "foo.bar") == 0);
+      _dbus_assert ((rule->arg_lens[0] & BUS_MATCH_ARG_NAMESPACE)
+          == BUS_MATCH_ARG_NAMESPACE);
+
+      bus_match_rule_unref (rule);
+    }
+
+  rule = check_parse (TRUE, "arg0namespace='foo.bar.'");
+  if (rule != NULL)
+    {
+      _dbus_assert (rule->flags == BUS_MATCH_ARGS);
+      _dbus_assert (rule->args != NULL);
+      _dbus_assert (rule->args_len == 1);
+      _dbus_assert (strcmp (rule->args[0], "foo.bar.") == 0);
+      _dbus_assert ((rule->arg_lens[0] & BUS_MATCH_ARG_NAMESPACE)
+          == BUS_MATCH_ARG_NAMESPACE);
+
+      bus_match_rule_unref (rule);
+    }
+
+  /* Only arg0namespace is supported. */
   rule = check_parse (FALSE, "arg1namespace='foo'");
   _dbus_assert (rule == NULL);
 
+  /* An empty string isn't a valid namespace prefix (you should just not
+   * specify this key at all).
+   */
+  rule = check_parse (FALSE, "arg0namespace=''");
+  _dbus_assert (rule == NULL);
+
+  /* Two trailing periods on otherwise-valid namespaces aren't allowed. */
+  rule = check_parse (FALSE, "arg0namespace='foo..'");
+  _dbus_assert (rule == NULL);
+
+  rule = check_parse (FALSE, "arg0namespace='foo.bar..'");
+  _dbus_assert (rule == NULL);
+
   /* Too-large argN */
   rule = check_parse (FALSE, "arg300='foo'");
   _dbus_assert (rule == NULL);
-- 
cgit v1.2.1