D-Bus  1.13.7
dbus-marshal-validate.c
1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-marshal-validate.c Validation routines for marshaled data
3  *
4  * Copyright (C) 2005 Red Hat, Inc.
5  *
6  * Licensed under the Academic Free License version 2.1
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21  *
22  */
23 
24 #include <config.h>
25 #include "dbus-internals.h"
26 #include "dbus-marshal-validate.h"
27 #include "dbus-marshal-recursive.h"
28 #include "dbus-marshal-basic.h"
29 #include "dbus-signature.h"
30 #include "dbus-string.h"
31 
52  int type_pos,
53  int len)
54 {
55  const unsigned char *p;
56  const unsigned char *end;
57  int last;
58  int struct_depth;
59  int array_depth;
60  int dict_entry_depth;
61  DBusValidity result;
62 
63  int element_count;
64  DBusList *element_count_stack;
65 
66  result = DBUS_VALID;
67  element_count_stack = NULL;
68 
69  if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0)))
70  {
72  goto out;
73  }
74 
75  _dbus_assert (type_str != NULL);
76  _dbus_assert (type_pos < _DBUS_INT32_MAX - len);
77  _dbus_assert (len >= 0);
78  _dbus_assert (type_pos >= 0);
79 
81  {
82  result = DBUS_INVALID_SIGNATURE_TOO_LONG;
83  goto out;
84  }
85 
86  p = _dbus_string_get_const_udata_len (type_str, type_pos, 0);
87 
88  end = _dbus_string_get_const_udata_len (type_str, type_pos + len, 0);
89  struct_depth = 0;
90  array_depth = 0;
91  dict_entry_depth = 0;
92  last = DBUS_TYPE_INVALID;
93 
94  while (p != end)
95  {
96  switch (*p)
97  {
98  case DBUS_TYPE_BYTE:
99  case DBUS_TYPE_BOOLEAN:
100  case DBUS_TYPE_INT16:
101  case DBUS_TYPE_UINT16:
102  case DBUS_TYPE_INT32:
103  case DBUS_TYPE_UINT32:
104  case DBUS_TYPE_UNIX_FD:
105  case DBUS_TYPE_INT64:
106  case DBUS_TYPE_UINT64:
107  case DBUS_TYPE_DOUBLE:
108  case DBUS_TYPE_STRING:
110  case DBUS_TYPE_SIGNATURE:
111  case DBUS_TYPE_VARIANT:
112  break;
113 
114  case DBUS_TYPE_ARRAY:
115  array_depth += 1;
116  if (array_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
117  {
118  result = DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION;
119  goto out;
120  }
121  break;
122 
124  struct_depth += 1;
125 
126  if (struct_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
127  {
128  result = DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION;
129  goto out;
130  }
131 
132  if (!_dbus_list_append (&element_count_stack,
134  {
136  goto out;
137  }
138 
139  break;
140 
142  if (struct_depth == 0)
143  {
144  result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
145  goto out;
146  }
147 
148  if (last == DBUS_STRUCT_BEGIN_CHAR)
149  {
150  result = DBUS_INVALID_STRUCT_HAS_NO_FIELDS;
151  goto out;
152  }
153 
154  _dbus_list_pop_last (&element_count_stack);
155 
156  struct_depth -= 1;
157  break;
158 
160  if (last != DBUS_TYPE_ARRAY)
161  {
162  result = DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY;
163  goto out;
164  }
165 
166  dict_entry_depth += 1;
167 
168  if (dict_entry_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
169  {
170  result = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
171  goto out;
172  }
173 
174  if (!_dbus_list_append (&element_count_stack,
176  {
178  goto out;
179  }
180 
181  break;
182 
184  if (dict_entry_depth == 0)
185  {
186  result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
187  goto out;
188  }
189 
190  dict_entry_depth -= 1;
191 
192  element_count =
193  _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
194 
195  if (element_count != 2)
196  {
197  if (element_count == 0)
198  result = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
199  else if (element_count == 1)
200  result = DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD;
201  else
202  result = DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS;
203 
204  goto out;
205  }
206  break;
207 
208  case DBUS_TYPE_STRUCT: /* doesn't appear in signatures */
209  case DBUS_TYPE_DICT_ENTRY: /* ditto */
210  default:
211  result = DBUS_INVALID_UNKNOWN_TYPECODE;
212  goto out;
213  }
214 
215  if (*p != DBUS_TYPE_ARRAY &&
217  *p != DBUS_STRUCT_BEGIN_CHAR)
218  {
219  element_count =
220  _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
221 
222  ++element_count;
223 
224  if (!_dbus_list_append (&element_count_stack,
225  _DBUS_INT_TO_POINTER (element_count)))
226  {
228  goto out;
229  }
230  }
231 
232  if (array_depth > 0)
233  {
234  if (*p == DBUS_TYPE_ARRAY && p != end)
235  {
236  const unsigned char *p1;
237  p1 = p + 1;
238  if (*p1 == DBUS_STRUCT_END_CHAR ||
240  {
241  result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
242  goto out;
243  }
244  }
245  else
246  {
247  array_depth = 0;
248  }
249  }
250 
251  if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
252  {
253  if (!(dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
254  {
255  result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
256  goto out;
257  }
258  }
259 
260  last = *p;
261  ++p;
262  }
263 
264 
265  if (array_depth > 0)
266  {
267  result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
268  goto out;
269  }
270 
271  if (struct_depth > 0)
272  {
273  result = DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED;
274  goto out;
275  }
276 
277  if (dict_entry_depth > 0)
278  {
279  result = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
280  goto out;
281  }
282 
283  _dbus_assert (last != DBUS_TYPE_ARRAY);
286 
287  result = DBUS_VALID;
288 
289 out:
290  _dbus_list_clear (&element_count_stack);
291  return result;
292 }
293 
294 /* note: this function is also used to validate the header's values,
295  * since the header is a valid body with a particular signature.
296  */
297 static DBusValidity
298 validate_body_helper (DBusTypeReader *reader,
299  int byte_order,
300  dbus_bool_t walk_reader_to_end,
301  int total_depth,
302  const unsigned char *p,
303  const unsigned char *end,
304  const unsigned char **new_p)
305 {
306  int current_type;
307 
308  /* The spec allows arrays and structs to each nest 32, for total
309  * nesting of 2*32. We want to impose the same limit on "dynamic"
310  * value nesting (not visible in the signature) which is introduced
311  * by DBUS_TYPE_VARIANT.
312  */
313  if (total_depth > (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2))
314  {
315  return DBUS_INVALID_NESTED_TOO_DEEPLY;
316  }
317 
318  while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID)
319  {
320  const unsigned char *a;
321  int alignment;
322 
323 #if 0
324  _dbus_verbose (" validating value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
325  _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
326  (int) (end - p));
327 #endif
328 
329  /* Guarantee that p has one byte to look at */
330  if (p == end)
331  return DBUS_INVALID_NOT_ENOUGH_DATA;
332 
333  switch (current_type)
334  {
335  case DBUS_TYPE_BYTE:
336  ++p;
337  break;
338 
339  case DBUS_TYPE_BOOLEAN:
340  case DBUS_TYPE_INT16:
341  case DBUS_TYPE_UINT16:
342  case DBUS_TYPE_INT32:
343  case DBUS_TYPE_UINT32:
344  case DBUS_TYPE_UNIX_FD:
345  case DBUS_TYPE_INT64:
346  case DBUS_TYPE_UINT64:
347  case DBUS_TYPE_DOUBLE:
348  alignment = _dbus_type_get_alignment (current_type);
349  a = _DBUS_ALIGN_ADDRESS (p, alignment);
350  if (a >= end)
351  return DBUS_INVALID_NOT_ENOUGH_DATA;
352  while (p != a)
353  {
354  if (*p != '\0')
355  return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
356  ++p;
357  }
358 
359  if (current_type == DBUS_TYPE_BOOLEAN)
360  {
361  dbus_uint32_t v;
362 
363  if (p + 4 > end)
364  return DBUS_INVALID_NOT_ENOUGH_DATA;
365 
366  v = _dbus_unpack_uint32 (byte_order, p);
367 
368  if (!(v == 0 || v == 1))
369  return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
370  }
371 
372  p += alignment;
373  break;
374 
375  case DBUS_TYPE_ARRAY:
376  case DBUS_TYPE_STRING:
378  {
379  dbus_uint32_t claimed_len;
380 
381  a = _DBUS_ALIGN_ADDRESS (p, 4);
382  if (a + 4 > end)
383  return DBUS_INVALID_NOT_ENOUGH_DATA;
384  while (p != a)
385  {
386  if (*p != '\0')
387  return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
388  ++p;
389  }
390 
391  claimed_len = _dbus_unpack_uint32 (byte_order, p);
392  p += 4;
393 
394  /* p may now be == end */
395  _dbus_assert (p <= end);
396 
397  if (current_type == DBUS_TYPE_ARRAY)
398  {
399  int array_elem_type = _dbus_type_reader_get_element_type (reader);
400 
401  if (!dbus_type_is_valid (array_elem_type))
402  {
403  return DBUS_INVALID_UNKNOWN_TYPECODE;
404  }
405 
406  alignment = _dbus_type_get_alignment (array_elem_type);
407 
408  a = _DBUS_ALIGN_ADDRESS (p, alignment);
409 
410  /* a may now be == end */
411  if (a > end)
412  return DBUS_INVALID_NOT_ENOUGH_DATA;
413 
414  while (p != a)
415  {
416  if (*p != '\0')
417  return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
418  ++p;
419  }
420  }
421 
422  if (claimed_len > (unsigned long) (end - p))
423  return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
424 
425  if (current_type == DBUS_TYPE_OBJECT_PATH)
426  {
427  DBusString str;
428  _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
429  if (!_dbus_validate_path (&str, 0,
430  _dbus_string_get_length (&str)))
431  return DBUS_INVALID_BAD_PATH;
432 
433  p += claimed_len;
434  }
435  else if (current_type == DBUS_TYPE_STRING)
436  {
437  DBusString str;
438  _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
439  if (!_dbus_string_validate_utf8 (&str, 0,
440  _dbus_string_get_length (&str)))
441  return DBUS_INVALID_BAD_UTF8_IN_STRING;
442 
443  p += claimed_len;
444  }
445  else if (current_type == DBUS_TYPE_ARRAY && claimed_len > 0)
446  {
447  DBusTypeReader sub;
448  DBusValidity validity;
449  const unsigned char *array_end;
450  int array_elem_type;
451 
452  if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
453  return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
454 
455  /* Remember that the reader is types only, so we can't
456  * use it to iterate over elements. It stays the same
457  * for all elements.
458  */
459  _dbus_type_reader_recurse (reader, &sub);
460 
461  array_end = p + claimed_len;
462 
463  array_elem_type = _dbus_type_reader_get_element_type (reader);
464 
465  /* avoid recursive call to validate_body_helper if this is an array
466  * of fixed-size elements
467  */
468  if (dbus_type_is_fixed (array_elem_type))
469  {
470  /* bools need to be handled differently, because they can
471  * have an invalid value
472  */
473  if (array_elem_type == DBUS_TYPE_BOOLEAN)
474  {
475  dbus_uint32_t v;
476  alignment = _dbus_type_get_alignment (array_elem_type);
477 
478  while (p < array_end)
479  {
480  v = _dbus_unpack_uint32 (byte_order, p);
481 
482  if (!(v == 0 || v == 1))
483  return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
484 
485  p += alignment;
486  }
487  }
488 
489  else
490  {
491  p = array_end;
492  }
493  }
494 
495  else
496  {
497  while (p < array_end)
498  {
499  validity = validate_body_helper (&sub, byte_order, FALSE,
500  total_depth + 1,
501  p, end, &p);
502  if (validity != DBUS_VALID)
503  return validity;
504  }
505  }
506 
507  if (p != array_end)
508  return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
509  }
510 
511  /* check nul termination */
512  if (current_type != DBUS_TYPE_ARRAY)
513  {
514  if (p == end)
515  return DBUS_INVALID_NOT_ENOUGH_DATA;
516 
517  if (*p != '\0')
518  return DBUS_INVALID_STRING_MISSING_NUL;
519  ++p;
520  }
521  }
522  break;
523 
524  case DBUS_TYPE_SIGNATURE:
525  {
526  dbus_uint32_t claimed_len;
527  DBusString str;
528  DBusValidity validity;
529 
530  claimed_len = *p;
531  ++p;
532 
533  /* 1 is for nul termination */
534  if (claimed_len + 1 > (unsigned long) (end - p))
535  return DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
536 
537  _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
538  validity =
540  _dbus_string_get_length (&str));
541 
542  if (validity != DBUS_VALID)
543  return validity;
544 
545  p += claimed_len;
546 
547  _dbus_assert (p < end);
548  if (*p != DBUS_TYPE_INVALID)
549  return DBUS_INVALID_SIGNATURE_MISSING_NUL;
550 
551  ++p;
552 
553  _dbus_verbose ("p = %p end = %p claimed_len %u\n", p, end, claimed_len);
554  }
555  break;
556 
557  case DBUS_TYPE_VARIANT:
558  {
559  /* 1 byte sig len, sig typecodes, align to
560  * contained-type-boundary, values.
561  */
562 
563  /* In addition to normal signature validation, we need to be sure
564  * the signature contains only a single (possibly container) type.
565  */
566  dbus_uint32_t claimed_len;
567  DBusString sig;
568  DBusTypeReader sub;
569  DBusValidity validity;
570  int contained_alignment;
571  int contained_type;
572  DBusValidity reason;
573 
574  claimed_len = *p;
575  ++p;
576 
577  /* + 1 for nul */
578  if (claimed_len + 1 > (unsigned long) (end - p))
579  return DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
580 
581  _dbus_string_init_const_len (&sig, (const char *) p, claimed_len);
582  reason = _dbus_validate_signature_with_reason (&sig, 0,
583  _dbus_string_get_length (&sig));
584  if (!(reason == DBUS_VALID))
585  {
586  if (reason == DBUS_VALIDITY_UNKNOWN_OOM_ERROR)
587  return reason;
588  else
589  return DBUS_INVALID_VARIANT_SIGNATURE_BAD;
590  }
591 
592  p += claimed_len;
593 
594  if (*p != DBUS_TYPE_INVALID)
595  return DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL;
596  ++p;
597 
598  contained_type = _dbus_first_type_in_signature (&sig, 0);
599  if (contained_type == DBUS_TYPE_INVALID)
600  return DBUS_INVALID_VARIANT_SIGNATURE_EMPTY;
601 
602  contained_alignment = _dbus_type_get_alignment (contained_type);
603 
604  a = _DBUS_ALIGN_ADDRESS (p, contained_alignment);
605  if (a > end)
606  return DBUS_INVALID_NOT_ENOUGH_DATA;
607  while (p != a)
608  {
609  if (*p != '\0')
610  return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
611  ++p;
612  }
613 
614  _dbus_type_reader_init_types_only (&sub, &sig, 0);
615 
617 
618  validity = validate_body_helper (&sub, byte_order, FALSE,
619  total_depth + 1,
620  p, end, &p);
621  if (validity != DBUS_VALID)
622  return validity;
623 
624  if (_dbus_type_reader_next (&sub))
625  return DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES;
626 
628  }
629  break;
630 
632  case DBUS_TYPE_STRUCT:
633  {
634  DBusTypeReader sub;
635  DBusValidity validity;
636 
637  a = _DBUS_ALIGN_ADDRESS (p, 8);
638  if (a > end)
639  return DBUS_INVALID_NOT_ENOUGH_DATA;
640  while (p != a)
641  {
642  if (*p != '\0')
643  return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
644  ++p;
645  }
646 
647  _dbus_type_reader_recurse (reader, &sub);
648 
649  validity = validate_body_helper (&sub, byte_order, TRUE,
650  total_depth + 1,
651  p, end, &p);
652  if (validity != DBUS_VALID)
653  return validity;
654  }
655  break;
656 
657  default:
658  _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
659  break;
660  }
661 
662 #if 0
663  _dbus_verbose (" validated value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
664  _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
665  (int) (end - p));
666 #endif
667 
668  if (p > end)
669  {
670  _dbus_verbose ("not enough data!!! p = %p end = %p end-p = %d\n",
671  p, end, (int) (end - p));
672  return DBUS_INVALID_NOT_ENOUGH_DATA;
673  }
674 
675  if (walk_reader_to_end)
676  _dbus_type_reader_next (reader);
677  else
678  break;
679  }
680 
681  if (new_p)
682  *new_p = p;
683 
684  return DBUS_VALID;
685 }
686 
708 _dbus_validate_body_with_reason (const DBusString *expected_signature,
709  int expected_signature_start,
710  int byte_order,
711  int *bytes_remaining,
712  const DBusString *value_str,
713  int value_pos,
714  int len)
715 {
716  DBusTypeReader reader;
717  const unsigned char *p;
718  const unsigned char *end;
719  DBusValidity validity;
720 
721  _dbus_assert (len >= 0);
722  _dbus_assert (value_pos >= 0);
723  _dbus_assert (value_pos <= _dbus_string_get_length (value_str) - len);
724 
725  _dbus_verbose ("validating body from pos %d len %d sig '%s'\n",
726  value_pos, len, _dbus_string_get_const_data_len (expected_signature,
727  expected_signature_start,
728  0));
729 
731  expected_signature, expected_signature_start);
732 
733  p = _dbus_string_get_const_udata_len (value_str, value_pos, len);
734  end = p + len;
735 
736  validity = validate_body_helper (&reader, byte_order, TRUE, 0, p, end, &p);
737  if (validity != DBUS_VALID)
738  return validity;
739 
740  if (bytes_remaining)
741  {
742  *bytes_remaining = end - p;
743  return DBUS_VALID;
744  }
745  else if (p < end)
747  else
748  {
749  _dbus_assert (p == end);
750  return DBUS_VALID;
751  }
752 }
753 
758 #define VALID_INITIAL_NAME_CHARACTER(c) \
759  ( ((c) >= 'A' && (c) <= 'Z') || \
760  ((c) >= 'a' && (c) <= 'z') || \
761  ((c) == '_') )
762 
767 #define VALID_NAME_CHARACTER(c) \
768  ( ((c) >= '0' && (c) <= '9') || \
769  ((c) >= 'A' && (c) <= 'Z') || \
770  ((c) >= 'a' && (c) <= 'z') || \
771  ((c) == '_') )
772 
791  int start,
792  int len)
793 {
794  const unsigned char *s;
795  const unsigned char *end;
796  const unsigned char *last_slash;
797 
798  _dbus_assert (start >= 0);
799  _dbus_assert (len >= 0);
800  _dbus_assert (start <= _dbus_string_get_length (str));
801 
802  if (len > _dbus_string_get_length (str) - start)
803  return FALSE;
804 
805  if (len == 0)
806  return FALSE;
807 
808  s = _dbus_string_get_const_udata (str) + start;
809  end = s + len;
810 
811  if (*s != '/')
812  return FALSE;
813  last_slash = s;
814  ++s;
815 
816  while (s != end)
817  {
818  if (*s == '/')
819  {
820  if ((s - last_slash) < 2)
821  return FALSE; /* no empty path components allowed */
822 
823  last_slash = s;
824  }
825  else
826  {
827  if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
828  return FALSE;
829  }
830 
831  ++s;
832  }
833 
834  if ((end - last_slash) < 2 &&
835  len > 1)
836  return FALSE; /* trailing slash not allowed unless the string is "/" */
837 
838  return TRUE;
839 }
840 
841 const char *
842 _dbus_validity_to_error_message (DBusValidity validity)
843 {
844  switch (validity)
845  {
846  case DBUS_VALIDITY_UNKNOWN_OOM_ERROR: return "Out of memory";
847  case DBUS_INVALID_FOR_UNKNOWN_REASON: return "Unknown reason";
848  case DBUS_VALID_BUT_INCOMPLETE: return "Valid but incomplete";
849  case DBUS_VALIDITY_UNKNOWN: return "Validity unknown";
850  case DBUS_VALID: return "Valid";
851  case DBUS_INVALID_UNKNOWN_TYPECODE: return "Unknown typecode";
852  case DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE: return "Missing array element type";
853  case DBUS_INVALID_SIGNATURE_TOO_LONG: return "Signature is too long";
854  case DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION: return "Exceeded maximum array recursion";
855  case DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION: return "Exceeded maximum struct recursion";
856  case DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED: return "Struct ended but not started";
857  case DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED: return "Struct started but not ended";
858  case DBUS_INVALID_STRUCT_HAS_NO_FIELDS: return "Struct has no fields";
859  case DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL: return "Alignment padding not null";
860  case DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE: return "Boolean is not zero or one";
861  case DBUS_INVALID_NOT_ENOUGH_DATA: return "Not enough data";
862  case DBUS_INVALID_TOO_MUCH_DATA: return "Too much data";
863  case DBUS_INVALID_BAD_BYTE_ORDER: return "Bad byte order";
864  case DBUS_INVALID_BAD_PROTOCOL_VERSION: return "Bad protocol version";
865  case DBUS_INVALID_BAD_MESSAGE_TYPE: return "Bad message type";
866  case DBUS_INVALID_BAD_SERIAL: return "Bad serial";
867  case DBUS_INVALID_INSANE_FIELDS_ARRAY_LENGTH: return "Insane fields array length";
868  case DBUS_INVALID_INSANE_BODY_LENGTH: return "Insane body length";
869  case DBUS_INVALID_MESSAGE_TOO_LONG: return "Message too long";
870  case DBUS_INVALID_HEADER_FIELD_CODE: return "Header field code";
871  case DBUS_INVALID_HEADER_FIELD_HAS_WRONG_TYPE: return "Header field has wrong type";
872  case DBUS_INVALID_USES_LOCAL_INTERFACE: return "Uses local interface";
873  case DBUS_INVALID_USES_LOCAL_PATH: return "Uses local path";
874  case DBUS_INVALID_HEADER_FIELD_APPEARS_TWICE: return "Header field appears twice";
875  case DBUS_INVALID_BAD_DESTINATION: return "Bad destination";
876  case DBUS_INVALID_BAD_INTERFACE: return "Bad interface";
877  case DBUS_INVALID_BAD_MEMBER: return "Bad member";
878  case DBUS_INVALID_BAD_ERROR_NAME: return "Bad error name";
879  case DBUS_INVALID_BAD_SENDER: return "Bad sender";
880  case DBUS_INVALID_MISSING_PATH: return "Missing path";
881  case DBUS_INVALID_MISSING_INTERFACE: return "Missing interface";
882  case DBUS_INVALID_MISSING_MEMBER: return "Missing member";
883  case DBUS_INVALID_MISSING_ERROR_NAME: return "Missing error name";
884  case DBUS_INVALID_MISSING_REPLY_SERIAL: return "Missing reply serial";
885  case DBUS_INVALID_LENGTH_OUT_OF_BOUNDS: return "Length out of bounds";
886  case DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM: return "Array length exceeds maximum";
887  case DBUS_INVALID_BAD_PATH: return "Bad path";
888  case DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Signature length out of bounds";
889  case DBUS_INVALID_BAD_UTF8_IN_STRING: return "Bad utf8 in string";
890  case DBUS_INVALID_ARRAY_LENGTH_INCORRECT: return "Array length incorrect";
891  case DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Variant signature length out of bounds";
892  case DBUS_INVALID_VARIANT_SIGNATURE_BAD: return "Variant signature bad";
893  case DBUS_INVALID_VARIANT_SIGNATURE_EMPTY: return "Variant signature empty";
894  case DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES: return "Variant signature specifies multiple values";
895  case DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL: return "Variant signature missing nul";
896  case DBUS_INVALID_STRING_MISSING_NUL: return "String missing nul";
897  case DBUS_INVALID_SIGNATURE_MISSING_NUL: return "Signature missing nul";
898  case DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION: return "Exceeded maximum dict entry recursion";
899  case DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED: return "Dict entry ended but not started";
900  case DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED: return "Dict entry started but not ended";
901  case DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS: return "Dict entry has no fields";
902  case DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD: return "Dict entry has only one field";
903  case DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS: return "Dict entry has too many fields";
904  case DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY: return "Dict entry not inside array";
905  case DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE: return "Dict key must be basic type";
906  case DBUS_INVALID_MISSING_UNIX_FDS: return "Unix file descriptor missing";
907  case DBUS_INVALID_NESTED_TOO_DEEPLY: return "Variants cannot be used to create a hugely recursive tree of values";
908  case DBUS_VALIDITY_LAST:
909  default:
910  return "Invalid";
911  }
912 }
913 
929  int start,
930  int len)
931 {
932  const unsigned char *s;
933  const unsigned char *end;
934  const unsigned char *iface;
935  const unsigned char *last_dot;
936 
937  _dbus_assert (start >= 0);
938  _dbus_assert (len >= 0);
939  _dbus_assert (start <= _dbus_string_get_length (str));
940 
941  if (len > _dbus_string_get_length (str) - start)
942  return FALSE;
943 
944  if (len > DBUS_MAXIMUM_NAME_LENGTH)
945  return FALSE;
946 
947  if (len == 0)
948  return FALSE;
949 
950  last_dot = NULL;
951  iface = _dbus_string_get_const_udata (str) + start;
952  end = iface + len;
953  s = iface;
954 
955  /* check special cases of first char so it doesn't have to be done
956  * in the loop. Note we know len > 0
957  */
958  if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
959  return FALSE;
960  else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
961  return FALSE;
962  else
963  ++s;
964 
965  while (s != end)
966  {
967  if (*s == '.')
968  {
969  if (_DBUS_UNLIKELY ((s + 1) == end))
970  return FALSE;
971  else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*(s + 1))))
972  return FALSE;
973  last_dot = s;
974  ++s; /* we just validated the next char, so skip two */
975  }
976  else if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
977  {
978  return FALSE;
979  }
980 
981  ++s;
982  }
983 
984  if (_DBUS_UNLIKELY (last_dot == NULL))
985  return FALSE;
986 
987  return TRUE;
988 }
989 
1005  int start,
1006  int len)
1007 {
1008  const unsigned char *s;
1009  const unsigned char *end;
1010  const unsigned char *member;
1011 
1012  _dbus_assert (start >= 0);
1013  _dbus_assert (len >= 0);
1014  _dbus_assert (start <= _dbus_string_get_length (str));
1015 
1016  if (len > _dbus_string_get_length (str) - start)
1017  return FALSE;
1018 
1019  if (len > DBUS_MAXIMUM_NAME_LENGTH)
1020  return FALSE;
1021 
1022  if (len == 0)
1023  return FALSE;
1024 
1025  member = _dbus_string_get_const_udata (str) + start;
1026  end = member + len;
1027  s = member;
1028 
1029  /* check special cases of first char so it doesn't have to be done
1030  * in the loop. Note we know len > 0
1031  */
1032 
1033  if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
1034  return FALSE;
1035  else
1036  ++s;
1037 
1038  while (s != end)
1039  {
1040  if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
1041  {
1042  return FALSE;
1043  }
1044 
1045  ++s;
1046  }
1047 
1048  return TRUE;
1049 }
1050 
1066  int start,
1067  int len)
1068 {
1069  /* Same restrictions as interface name at the moment */
1070  return _dbus_validate_interface (str, start, len);
1071 }
1072 
1077 #define VALID_INITIAL_BUS_NAME_CHARACTER(c) \
1078  ( ((c) >= 'A' && (c) <= 'Z') || \
1079  ((c) >= 'a' && (c) <= 'z') || \
1080  ((c) == '_') || ((c) == '-'))
1081 
1086 #define VALID_BUS_NAME_CHARACTER(c) \
1087  ( ((c) >= '0' && (c) <= '9') || \
1088  ((c) >= 'A' && (c) <= 'Z') || \
1089  ((c) >= 'a' && (c) <= 'z') || \
1090  ((c) == '_') || ((c) == '-'))
1091 
1092 static dbus_bool_t
1093 _dbus_validate_bus_name_full (const DBusString *str,
1094  int start,
1095  int len,
1096  dbus_bool_t is_namespace)
1097 {
1098  const unsigned char *s;
1099  const unsigned char *end;
1100  const unsigned char *iface;
1101  const unsigned char *last_dot;
1102 
1103  _dbus_assert (start >= 0);
1104  _dbus_assert (len >= 0);
1105  _dbus_assert (start <= _dbus_string_get_length (str));
1106 
1107  if (len > _dbus_string_get_length (str) - start)
1108  return FALSE;
1109 
1110  if (len > DBUS_MAXIMUM_NAME_LENGTH)
1111  return FALSE;
1112 
1113  if (len == 0)
1114  return FALSE;
1115 
1116  last_dot = NULL;
1117  iface = _dbus_string_get_const_udata (str) + start;
1118  end = iface + len;
1119  s = iface;
1120 
1121  /* check special cases of first char so it doesn't have to be done
1122  * in the loop. Note we know len > 0
1123  */
1124  if (*s == ':')
1125  {
1126  /* unique name */
1127  ++s;
1128  while (s != end)
1129  {
1130  if (*s == '.')
1131  {
1132  if (_DBUS_UNLIKELY ((s + 1) == end))
1133  return FALSE;
1134  if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
1135  return FALSE;
1136  ++s; /* we just validated the next char, so skip two */
1137  }
1138  else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1139  {
1140  return FALSE;
1141  }
1142 
1143  ++s;
1144  }
1145 
1146  return TRUE;
1147  }
1148  else if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
1149  return FALSE;
1150  else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*s)))
1151  return FALSE;
1152  else
1153  ++s;
1154 
1155  while (s != end)
1156  {
1157  if (*s == '.')
1158  {
1159  if (_DBUS_UNLIKELY ((s + 1) == end))
1160  return FALSE;
1161  else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*(s + 1))))
1162  return FALSE;
1163  last_dot = s;
1164  ++s; /* we just validated the next char, so skip two */
1165  }
1166  else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1167  {
1168  return FALSE;
1169  }
1170 
1171  ++s;
1172  }
1173 
1174  if (!is_namespace && _DBUS_UNLIKELY (last_dot == NULL))
1175  return FALSE;
1176 
1177  return TRUE;
1178 }
1179 
1195  int start,
1196  int len)
1197 {
1198  return _dbus_validate_bus_name_full (str, start, len, FALSE);
1199 }
1200 
1216  int start,
1217  int len)
1218 {
1219  return _dbus_validate_bus_name_full (str, start, len, TRUE);
1220 }
1221 
1225 DEFINE_DBUS_NAME_CHECK(interface)
1227 DEFINE_DBUS_NAME_CHECK(member)
1229 DEFINE_DBUS_NAME_CHECK(error_name)
1231 DEFINE_DBUS_NAME_CHECK(bus_name)
1234 
1235 
1237 /* tests in dbus-marshal-validate-util.c */
dbus_bool_t dbus_type_is_fixed(int typecode)
Tells you whether values of this type can change length if you set them to some other value...
DBusValidity _dbus_validate_body_with_reason(const DBusString *expected_signature, int expected_signature_start, int byte_order, int *bytes_remaining, const DBusString *value_str, int value_pos, int len)
Verifies that the range of value_str from value_pos to value_end is a legitimate value of type expect...
#define DBUS_TYPE_UINT16
Type code marking a 16-bit unsigned integer.
Definition: dbus-protocol.h:78
#define NULL
A null pointer, defined appropriately for C or C++.
#define DBUS_MAXIMUM_NAME_LENGTH
Max length in bytes of a bus name, interface, or member (not object path, paths are unlimited)...
trailing junk makes it invalid
void * _dbus_list_pop_last(DBusList **list)
Removes the last value in the list and returns it.
Definition: dbus-list.c:700
int _dbus_first_type_in_signature(const DBusString *str, int pos)
Get the first type in the signature.
void _dbus_type_reader_recurse(DBusTypeReader *reader, DBusTypeReader *sub)
Initialize a new reader pointing to the first type and corresponding value that&#39;s a child of the curr...
#define DBUS_TYPE_STRUCT
STRUCT and DICT_ENTRY are sort of special since their codes can&#39;t appear in a type string...
#define DBUS_MAXIMUM_TYPE_RECURSION_DEPTH
Depth of recursion in the type tree.
#define DBUS_TYPE_DICT_ENTRY
Type code used to represent a dict entry; however, this type code does not appear in type signatures...
#define DBUS_TYPE_STRING
Type code marking a UTF-8 encoded, nul-terminated Unicode string.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
int type_pos
current position in signature
#define _DBUS_INT_TO_POINTER(integer)
Safely stuffs an integer into a pointer, to be extracted later with _DBUS_POINTER_TO_INT.
#define DBUS_TYPE_BYTE
Type code marking an 8-bit unsigned integer.
Definition: dbus-protocol.h:66
dbus_bool_t _dbus_validate_interface(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid interface name in the D-Bus protocol.
void _dbus_type_reader_init_types_only(DBusTypeReader *reader, const DBusString *type_str, int type_pos)
Like _dbus_type_reader_init() but the iteration is over the signature, not over values.
#define DBUS_DICT_ENTRY_BEGIN_CHAR
Code marking the start of a dict entry type in a type signature.
DBusValidity
This is primarily used in unit testing, so we can verify that each invalid message is invalid for the...
#define DBUS_STRUCT_END_CHAR
Code marking the end of a struct type in a type signature.
#define DBUS_TYPE_DOUBLE
Type code marking an 8-byte double in IEEE 754 format.
Definition: dbus-protocol.h:98
dbus_bool_t _dbus_validate_member(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid member name in the D-Bus protocol.
#define DBUS_TYPE_ARRAY
Type code marking a D-Bus array type.
#define DBUS_TYPE_INT64
Type code marking a 64-bit signed integer.
Definition: dbus-protocol.h:90
dbus_bool_t _dbus_validate_path(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid object path name in the D-Bus protocol...
dbus_bool_t _dbus_validate_error_name(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid error name in the D-Bus protocol.
dbus_uint32_t _dbus_unpack_uint32(int byte_order, const unsigned char *data)
Unpacks a 32 bit unsigned integer from a data pointer.
dbus_bool_t dbus_type_is_basic(int typecode)
A "basic type" is a somewhat arbitrary concept, but the intent is to include those types that are ful...
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:35
can&#39;t determine validity due to OOM
#define VALID_BUS_NAME_CHARACTER(c)
Determine wether the given character is valid as a second or later character in a bus name...
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
Definition: dbus-list.c:271
#define DBUS_TYPE_INT32
Type code marking a 32-bit signed integer.
Definition: dbus-protocol.h:82
#define DBUS_MAXIMUM_SIGNATURE_LENGTH
This one is 255 so it fits in a byte.
dbus_bool_t _dbus_type_reader_next(DBusTypeReader *reader)
Skip to the next value on this "level".
dbus_bool_t _dbus_validate_bus_namespace(const DBusString *str, int start, int len)
Checks that the given range of the string is a prefix of a valid bus name in the D-Bus protocol...
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
Definition: dbus-string.c:2572
#define _DBUS_POINTER_TO_INT(pointer)
Safely casts a void* to an integer; should only be used on void* that actually contain integers...
#define DBUS_TYPE_SIGNATURE
Type code marking a D-Bus type signature.
dbus_bool_t _dbus_validate_bus_name(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid bus name in the D-Bus protocol.
#define DBUS_TYPE_UINT64
Type code marking a 64-bit unsigned integer.
Definition: dbus-protocol.h:94
#define DBUS_STRUCT_BEGIN_CHAR
Code marking the start of a struct type in a type signature.
#define DBUS_TYPE_VARIANT
Type code marking a D-Bus variant type.
#define DEFINE_DBUS_NAME_CHECK(what)
Define a name check to be used in _dbus_return_if_fail() statements.
#define DBUS_TYPE_UINT32
Type code marking a 32-bit unsigned integer.
Definition: dbus-protocol.h:86
#define VALID_INITIAL_NAME_CHARACTER(c)
Determine wether the given character is valid as the first character in a name.
the data is valid
#define VALID_NAME_CHARACTER(c)
Determine wether the given character is valid as a second or later character in a name...
The type reader is an iterator for reading values from a block of values.
#define TRUE
Expands to "1".
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
#define DBUS_TYPE_OBJECT_PATH
Type code marking a D-Bus object path.
#define DBUS_TYPE_UNIX_FD
Type code marking a unix file descriptor.
#define DBUS_TYPE_INVALID
Type code that is never equal to a legitimate type code.
Definition: dbus-protocol.h:60
DBusValidity _dbus_validate_signature_with_reason(const DBusString *type_str, int type_pos, int len)
Verifies that the range of type_str from type_pos to type_end is a valid signature.
#define DBUS_MAXIMUM_ARRAY_LENGTH
Max length of a marshaled array in bytes (64M, 2^26) We use signed int for lengths so must be INT_MAX...
A node in a linked list.
Definition: dbus-list.h:34
#define DBUS_TYPE_INT16
Type code marking a 16-bit signed integer.
Definition: dbus-protocol.h:74
#define DBUS_TYPE_BOOLEAN
Type code marking a boolean.
Definition: dbus-protocol.h:70
int _dbus_type_reader_get_element_type(const DBusTypeReader *reader)
Gets the type of an element of the array the reader is currently pointing to.
#define _DBUS_INT32_MAX
Maximum value of type "int32".
int _dbus_type_reader_get_current_type(const DBusTypeReader *reader)
Gets the type of the value the reader is currently pointing to; or for a types-only reader gets the t...
#define FALSE
Expands to "0".
#define DBUS_DICT_ENTRY_END_CHAR
Code marking the end of a dict entry type in a type signature.
const char * _dbus_type_to_string(int typecode)
Returns a string describing the given type.
int _dbus_type_get_alignment(int typecode)
Gets the alignment requirement for the given type; will be 1, 4, or 8.
void _dbus_string_init_const_len(DBusString *str, const char *value, int len)
Initializes a constant string with a length.
Definition: dbus-string.c:210
#define VALID_INITIAL_BUS_NAME_CHARACTER(c)
Determine wether the given character is valid as the first character in a bus name.
dbus_bool_t dbus_type_is_valid(int typecode)
Return TRUE if the argument is a valid typecode.
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
Definition: dbus-list.c:543