D-Bus 1.13.18
dbus-marshal-validate.c
1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2/* dbus-marshal-validate.c Validation routines for marshaled data
3 *
4 * Copyright (C) 2005 Red Hat, Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 *
22 */
23
24#include <config.h>
25#include "dbus-internals.h"
26#include "dbus-marshal-validate.h"
27#include "dbus-marshal-recursive.h"
28#include "dbus-marshal-basic.h"
29#include "dbus-signature.h"
30#include "dbus-string.h"
31
52 int type_pos,
53 int len)
54{
55 const unsigned char *p;
56 const unsigned char *end;
57 int last;
58 int struct_depth;
59 int array_depth;
60 int dict_entry_depth;
61 DBusValidity result;
62
63 int element_count;
64 DBusList *element_count_stack;
65
66 result = DBUS_VALID;
67 element_count_stack = NULL;
68
69 if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0)))
70 {
72 goto out;
73 }
74
75 _dbus_assert (type_str != NULL);
76 _dbus_assert (type_pos < _DBUS_INT32_MAX - len);
77 _dbus_assert (len >= 0);
78 _dbus_assert (type_pos >= 0);
79
81 {
82 result = DBUS_INVALID_SIGNATURE_TOO_LONG;
83 goto out;
84 }
85
86 p = _dbus_string_get_const_udata_len (type_str, type_pos, 0);
87
88 end = _dbus_string_get_const_udata_len (type_str, type_pos + len, 0);
89 struct_depth = 0;
90 array_depth = 0;
91 dict_entry_depth = 0;
92 last = DBUS_TYPE_INVALID;
93
94 while (p != end)
95 {
96 switch (*p)
97 {
98 case DBUS_TYPE_BYTE:
100 case DBUS_TYPE_INT16:
101 case DBUS_TYPE_UINT16:
102 case DBUS_TYPE_INT32:
103 case DBUS_TYPE_UINT32:
105 case DBUS_TYPE_INT64:
106 case DBUS_TYPE_UINT64:
107 case DBUS_TYPE_DOUBLE:
108 case DBUS_TYPE_STRING:
112 break;
113
114 case DBUS_TYPE_ARRAY:
115 array_depth += 1;
116 if (array_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
117 {
118 result = DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION;
119 goto out;
120 }
121 break;
122
124 struct_depth += 1;
125
126 if (struct_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
127 {
128 result = DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION;
129 goto out;
130 }
131
132 if (!_dbus_list_append (&element_count_stack,
134 {
136 goto out;
137 }
138
139 break;
140
142 if (struct_depth == 0)
143 {
144 result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
145 goto out;
146 }
147
148 if (last == DBUS_STRUCT_BEGIN_CHAR)
149 {
150 result = DBUS_INVALID_STRUCT_HAS_NO_FIELDS;
151 goto out;
152 }
153
154 _dbus_list_pop_last (&element_count_stack);
155
156 struct_depth -= 1;
157 break;
158
160 if (last != DBUS_TYPE_ARRAY)
161 {
162 result = DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY;
163 goto out;
164 }
165
166 dict_entry_depth += 1;
167
168 if (dict_entry_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH)
169 {
170 result = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION;
171 goto out;
172 }
173
174 if (!_dbus_list_append (&element_count_stack,
176 {
178 goto out;
179 }
180
181 break;
182
184 if (dict_entry_depth == 0)
185 {
186 result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
187 goto out;
188 }
189
190 dict_entry_depth -= 1;
191
192 element_count =
193 _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
194
195 if (element_count != 2)
196 {
197 if (element_count == 0)
198 result = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS;
199 else if (element_count == 1)
200 result = DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD;
201 else
202 result = DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS;
203
204 goto out;
205 }
206 break;
207
208 case DBUS_TYPE_STRUCT: /* doesn't appear in signatures */
209 case DBUS_TYPE_DICT_ENTRY: /* ditto */
210 default:
211 result = DBUS_INVALID_UNKNOWN_TYPECODE;
212 goto out;
213 }
214
215 if (*p != DBUS_TYPE_ARRAY &&
218 {
219 element_count =
220 _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
221
222 ++element_count;
223
224 if (!_dbus_list_append (&element_count_stack,
225 _DBUS_INT_TO_POINTER (element_count)))
226 {
228 goto out;
229 }
230 }
231
232 if (array_depth > 0)
233 {
234 if (*p == DBUS_TYPE_ARRAY && p != end)
235 {
236 const unsigned char *p1;
237 p1 = p + 1;
238 if (*p1 == DBUS_STRUCT_END_CHAR ||
240 {
241 result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
242 goto out;
243 }
244 }
245 else
246 {
247 array_depth = 0;
248 }
249 }
250
251 if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
252 {
253 if (!(dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
254 {
255 result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
256 goto out;
257 }
258 }
259
260 last = *p;
261 ++p;
262 }
263
264
265 if (array_depth > 0)
266 {
267 result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE;
268 goto out;
269 }
270
271 if (struct_depth > 0)
272 {
273 result = DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED;
274 goto out;
275 }
276
277 if (dict_entry_depth > 0)
278 {
279 result = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED;
280 goto out;
281 }
282
286
287 result = DBUS_VALID;
288
289out:
290 _dbus_list_clear (&element_count_stack);
291 return result;
292}
293
294/* note: this function is also used to validate the header's values,
295 * since the header is a valid body with a particular signature.
296 */
297static DBusValidity
298validate_body_helper (DBusTypeReader *reader,
299 int byte_order,
300 dbus_bool_t walk_reader_to_end,
301 int total_depth,
302 const unsigned char *p,
303 const unsigned char *end,
304 const unsigned char **new_p)
305{
306 int current_type;
307
308 /* The spec allows arrays and structs to each nest 32, for total
309 * nesting of 2*32. We want to impose the same limit on "dynamic"
310 * value nesting (not visible in the signature) which is introduced
311 * by DBUS_TYPE_VARIANT.
312 */
313 if (total_depth > (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2))
314 {
315 return DBUS_INVALID_NESTED_TOO_DEEPLY;
316 }
317
318 while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID)
319 {
320 const unsigned char *a;
321 int alignment;
322
323#if 0
324 _dbus_verbose (" validating value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
325 _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
326 (int) (end - p));
327#endif
328
329 /* Guarantee that p has one byte to look at */
330 if (p == end)
331 return DBUS_INVALID_NOT_ENOUGH_DATA;
332
333 switch (current_type)
334 {
335 case DBUS_TYPE_BYTE:
336 ++p;
337 break;
338
340 case DBUS_TYPE_INT16:
341 case DBUS_TYPE_UINT16:
342 case DBUS_TYPE_INT32:
343 case DBUS_TYPE_UINT32:
345 case DBUS_TYPE_INT64:
346 case DBUS_TYPE_UINT64:
347 case DBUS_TYPE_DOUBLE:
348 alignment = _dbus_type_get_alignment (current_type);
349 a = _DBUS_ALIGN_ADDRESS (p, alignment);
350 if (a >= end)
351 return DBUS_INVALID_NOT_ENOUGH_DATA;
352 while (p != a)
353 {
354 if (*p != '\0')
355 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
356 ++p;
357 }
358
359 if (current_type == DBUS_TYPE_BOOLEAN)
360 {
361 dbus_uint32_t v;
362
363 if (p + 4 > end)
364 return DBUS_INVALID_NOT_ENOUGH_DATA;
365
366 v = _dbus_unpack_uint32 (byte_order, p);
367
368 if (!(v == 0 || v == 1))
369 return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
370 }
371
372 p += alignment;
373 break;
374
375 case DBUS_TYPE_ARRAY:
376 case DBUS_TYPE_STRING:
378 {
379 dbus_uint32_t claimed_len;
380
381 a = _DBUS_ALIGN_ADDRESS (p, 4);
382 if (a + 4 > end)
383 return DBUS_INVALID_NOT_ENOUGH_DATA;
384 while (p != a)
385 {
386 if (*p != '\0')
387 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
388 ++p;
389 }
390
391 claimed_len = _dbus_unpack_uint32 (byte_order, p);
392 p += 4;
393
394 /* p may now be == end */
395 _dbus_assert (p <= end);
396
397 if (current_type == DBUS_TYPE_ARRAY)
398 {
399 int array_elem_type = _dbus_type_reader_get_element_type (reader);
400
401 if (!dbus_type_is_valid (array_elem_type))
402 {
403 return DBUS_INVALID_UNKNOWN_TYPECODE;
404 }
405
406 alignment = _dbus_type_get_alignment (array_elem_type);
407
408 a = _DBUS_ALIGN_ADDRESS (p, alignment);
409
410 /* a may now be == end */
411 if (a > end)
412 return DBUS_INVALID_NOT_ENOUGH_DATA;
413
414 while (p != a)
415 {
416 if (*p != '\0')
417 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
418 ++p;
419 }
420 }
421
422 if (claimed_len > (unsigned long) (end - p))
423 return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS;
424
425 if (current_type == DBUS_TYPE_OBJECT_PATH)
426 {
427 DBusString str;
428 _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
429 if (!_dbus_validate_path (&str, 0,
430 _dbus_string_get_length (&str)))
431 return DBUS_INVALID_BAD_PATH;
432
433 p += claimed_len;
434 }
435 else if (current_type == DBUS_TYPE_STRING)
436 {
437 DBusString str;
438 _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
439 if (!_dbus_string_validate_utf8 (&str, 0,
440 _dbus_string_get_length (&str)))
441 return DBUS_INVALID_BAD_UTF8_IN_STRING;
442
443 p += claimed_len;
444 }
445 else if (current_type == DBUS_TYPE_ARRAY && claimed_len > 0)
446 {
447 DBusTypeReader sub;
448 DBusValidity validity;
449 const unsigned char *array_end;
450 int array_elem_type;
451
452 if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH)
453 return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM;
454
455 /* Remember that the reader is types only, so we can't
456 * use it to iterate over elements. It stays the same
457 * for all elements.
458 */
459 _dbus_type_reader_recurse (reader, &sub);
460
461 array_end = p + claimed_len;
462
463 array_elem_type = _dbus_type_reader_get_element_type (reader);
464
465 /* avoid recursive call to validate_body_helper if this is an array
466 * of fixed-size elements
467 */
468 if (dbus_type_is_fixed (array_elem_type))
469 {
470 /* bools need to be handled differently, because they can
471 * have an invalid value
472 */
473 if (array_elem_type == DBUS_TYPE_BOOLEAN)
474 {
475 dbus_uint32_t v;
476 alignment = _dbus_type_get_alignment (array_elem_type);
477
478 while (p < array_end)
479 {
480 v = _dbus_unpack_uint32 (byte_order, p);
481
482 if (!(v == 0 || v == 1))
483 return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE;
484
485 p += alignment;
486 }
487 }
488
489 else
490 {
491 p = array_end;
492 }
493 }
494
495 else
496 {
497 while (p < array_end)
498 {
499 validity = validate_body_helper (&sub, byte_order, FALSE,
500 total_depth + 1,
501 p, end, &p);
502 if (validity != DBUS_VALID)
503 return validity;
504 }
505 }
506
507 if (p != array_end)
508 return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
509 }
510
511 /* check nul termination */
512 if (current_type != DBUS_TYPE_ARRAY)
513 {
514 if (p == end)
515 return DBUS_INVALID_NOT_ENOUGH_DATA;
516
517 if (*p != '\0')
518 return DBUS_INVALID_STRING_MISSING_NUL;
519 ++p;
520 }
521 }
522 break;
523
525 {
526 dbus_uint32_t claimed_len;
527 DBusString str;
528 DBusValidity validity;
529
530 claimed_len = *p;
531 ++p;
532
533 /* 1 is for nul termination */
534 if (claimed_len + 1 > (unsigned long) (end - p))
535 return DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
536
537 _dbus_string_init_const_len (&str, (const char *) p, claimed_len);
538 validity =
540 _dbus_string_get_length (&str));
541
542 if (validity != DBUS_VALID)
543 return validity;
544
545 p += claimed_len;
546
547 _dbus_assert (p < end);
548 if (*p != DBUS_TYPE_INVALID)
549 return DBUS_INVALID_SIGNATURE_MISSING_NUL;
550
551 ++p;
552
553 _dbus_verbose ("p = %p end = %p claimed_len %u\n", p, end, claimed_len);
554 }
555 break;
556
558 {
559 /* 1 byte sig len, sig typecodes, align to
560 * contained-type-boundary, values.
561 */
562
563 /* In addition to normal signature validation, we need to be sure
564 * the signature contains only a single (possibly container) type.
565 */
566 dbus_uint32_t claimed_len;
567 DBusString sig;
568 DBusTypeReader sub;
569 DBusValidity validity;
570 int contained_alignment;
571 int contained_type;
572 DBusValidity reason;
573
574 claimed_len = *p;
575 ++p;
576
577 /* + 1 for nul */
578 if (claimed_len + 1 > (unsigned long) (end - p))
579 return DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS;
580
581 _dbus_string_init_const_len (&sig, (const char *) p, claimed_len);
582 reason = _dbus_validate_signature_with_reason (&sig, 0,
583 _dbus_string_get_length (&sig));
584 if (!(reason == DBUS_VALID))
585 {
587 return reason;
588 else
589 return DBUS_INVALID_VARIANT_SIGNATURE_BAD;
590 }
591
592 p += claimed_len;
593
594 if (*p != DBUS_TYPE_INVALID)
595 return DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL;
596 ++p;
597
598 contained_type = _dbus_first_type_in_signature (&sig, 0);
599 if (contained_type == DBUS_TYPE_INVALID)
600 return DBUS_INVALID_VARIANT_SIGNATURE_EMPTY;
601
602 contained_alignment = _dbus_type_get_alignment (contained_type);
603
604 a = _DBUS_ALIGN_ADDRESS (p, contained_alignment);
605 if (a > end)
606 return DBUS_INVALID_NOT_ENOUGH_DATA;
607 while (p != a)
608 {
609 if (*p != '\0')
610 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
611 ++p;
612 }
613
614 _dbus_type_reader_init_types_only (&sub, &sig, 0);
615
617
618 validity = validate_body_helper (&sub, byte_order, FALSE,
619 total_depth + 1,
620 p, end, &p);
621 if (validity != DBUS_VALID)
622 return validity;
623
624 if (_dbus_type_reader_next (&sub))
625 return DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES;
626
628 }
629 break;
630
632 case DBUS_TYPE_STRUCT:
633 {
634 DBusTypeReader sub;
635 DBusValidity validity;
636
637 a = _DBUS_ALIGN_ADDRESS (p, 8);
638 if (a > end)
639 return DBUS_INVALID_NOT_ENOUGH_DATA;
640 while (p != a)
641 {
642 if (*p != '\0')
643 return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL;
644 ++p;
645 }
646
647 _dbus_type_reader_recurse (reader, &sub);
648
649 validity = validate_body_helper (&sub, byte_order, TRUE,
650 total_depth + 1,
651 p, end, &p);
652 if (validity != DBUS_VALID)
653 return validity;
654 }
655 break;
656
657 default:
658 _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
659 break;
660 }
661
662#if 0
663 _dbus_verbose (" validated value of type %s type reader %p type_pos %d p %p end %p %d remain\n",
664 _dbus_type_to_string (current_type), reader, reader->type_pos, p, end,
665 (int) (end - p));
666#endif
667
668 if (p > end)
669 {
670 _dbus_verbose ("not enough data!!! p = %p end = %p end-p = %d\n",
671 p, end, (int) (end - p));
672 return DBUS_INVALID_NOT_ENOUGH_DATA;
673 }
674
675 if (walk_reader_to_end)
676 _dbus_type_reader_next (reader);
677 else
678 break;
679 }
680
681 if (new_p)
682 *new_p = p;
683
684 return DBUS_VALID;
685}
686
709 int expected_signature_start,
710 int byte_order,
711 int *bytes_remaining,
712 const DBusString *value_str,
713 int value_pos,
714 int len)
715{
716 DBusTypeReader reader;
717 const unsigned char *p;
718 const unsigned char *end;
719 DBusValidity validity;
720
721 _dbus_assert (len >= 0);
722 _dbus_assert (value_pos >= 0);
723 _dbus_assert (value_pos <= _dbus_string_get_length (value_str) - len);
724
725 _dbus_verbose ("validating body from pos %d len %d sig '%s'\n",
726 value_pos, len, _dbus_string_get_const_data_len (expected_signature,
727 expected_signature_start,
728 0));
729
731 expected_signature, expected_signature_start);
732
733 p = _dbus_string_get_const_udata_len (value_str, value_pos, len);
734 end = p + len;
735
736 validity = validate_body_helper (&reader, byte_order, TRUE, 0, p, end, &p);
737 if (validity != DBUS_VALID)
738 return validity;
739
740 if (bytes_remaining)
741 {
742 *bytes_remaining = end - p;
743 return DBUS_VALID;
744 }
745 else if (p < end)
747 else
748 {
749 _dbus_assert (p == end);
750 return DBUS_VALID;
751 }
752}
753
758#define VALID_INITIAL_NAME_CHARACTER(c) \
759 ( ((c) >= 'A' && (c) <= 'Z') || \
760 ((c) >= 'a' && (c) <= 'z') || \
761 ((c) == '_') )
762
767#define VALID_NAME_CHARACTER(c) \
768 ( ((c) >= '0' && (c) <= '9') || \
769 ((c) >= 'A' && (c) <= 'Z') || \
770 ((c) >= 'a' && (c) <= 'z') || \
771 ((c) == '_') )
772
791 int start,
792 int len)
793{
794 const unsigned char *s;
795 const unsigned char *end;
796 const unsigned char *last_slash;
797
798 _dbus_assert (start >= 0);
799 _dbus_assert (len >= 0);
800 _dbus_assert (start <= _dbus_string_get_length (str));
801
802 if (len > _dbus_string_get_length (str) - start)
803 return FALSE;
804
805 if (len == 0)
806 return FALSE;
807
808 s = _dbus_string_get_const_udata (str) + start;
809 end = s + len;
810
811 if (*s != '/')
812 return FALSE;
813 last_slash = s;
814 ++s;
815
816 while (s != end)
817 {
818 if (*s == '/')
819 {
820 if ((s - last_slash) < 2)
821 return FALSE; /* no empty path components allowed */
822
823 last_slash = s;
824 }
825 else
826 {
827 if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
828 return FALSE;
829 }
830
831 ++s;
832 }
833
834 if ((end - last_slash) < 2 &&
835 len > 1)
836 return FALSE; /* trailing slash not allowed unless the string is "/" */
837
838 return TRUE;
839}
840
841const char *
842_dbus_validity_to_error_message (DBusValidity validity)
843{
844 switch (validity)
845 {
846 case DBUS_VALIDITY_UNKNOWN_OOM_ERROR: return "Out of memory";
847 case DBUS_INVALID_FOR_UNKNOWN_REASON: return "Unknown reason";
848 case DBUS_VALID_BUT_INCOMPLETE: return "Valid but incomplete";
849 case DBUS_VALIDITY_UNKNOWN: return "Validity unknown";
850 case DBUS_VALID: return "Valid";
851 case DBUS_INVALID_UNKNOWN_TYPECODE: return "Unknown typecode";
852 case DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE: return "Missing array element type";
853 case DBUS_INVALID_SIGNATURE_TOO_LONG: return "Signature is too long";
854 case DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION: return "Exceeded maximum array recursion";
855 case DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION: return "Exceeded maximum struct recursion";
856 case DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED: return "Struct ended but not started";
857 case DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED: return "Struct started but not ended";
858 case DBUS_INVALID_STRUCT_HAS_NO_FIELDS: return "Struct has no fields";
859 case DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL: return "Alignment padding not null";
860 case DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE: return "Boolean is not zero or one";
861 case DBUS_INVALID_NOT_ENOUGH_DATA: return "Not enough data";
862 case DBUS_INVALID_TOO_MUCH_DATA: return "Too much data";
863 case DBUS_INVALID_BAD_BYTE_ORDER: return "Bad byte order";
864 case DBUS_INVALID_BAD_PROTOCOL_VERSION: return "Bad protocol version";
865 case DBUS_INVALID_BAD_MESSAGE_TYPE: return "Bad message type";
866 case DBUS_INVALID_BAD_SERIAL: return "Bad serial";
867 case DBUS_INVALID_INSANE_FIELDS_ARRAY_LENGTH: return "Insane fields array length";
868 case DBUS_INVALID_INSANE_BODY_LENGTH: return "Insane body length";
869 case DBUS_INVALID_MESSAGE_TOO_LONG: return "Message too long";
870 case DBUS_INVALID_HEADER_FIELD_CODE: return "Header field code";
871 case DBUS_INVALID_HEADER_FIELD_HAS_WRONG_TYPE: return "Header field has wrong type";
872 case DBUS_INVALID_USES_LOCAL_INTERFACE: return "Uses local interface";
873 case DBUS_INVALID_USES_LOCAL_PATH: return "Uses local path";
874 case DBUS_INVALID_HEADER_FIELD_APPEARS_TWICE: return "Header field appears twice";
875 case DBUS_INVALID_BAD_DESTINATION: return "Bad destination";
876 case DBUS_INVALID_BAD_INTERFACE: return "Bad interface";
877 case DBUS_INVALID_BAD_MEMBER: return "Bad member";
878 case DBUS_INVALID_BAD_ERROR_NAME: return "Bad error name";
879 case DBUS_INVALID_BAD_SENDER: return "Bad sender";
880 case DBUS_INVALID_MISSING_PATH: return "Missing path";
881 case DBUS_INVALID_MISSING_INTERFACE: return "Missing interface";
882 case DBUS_INVALID_MISSING_MEMBER: return "Missing member";
883 case DBUS_INVALID_MISSING_ERROR_NAME: return "Missing error name";
884 case DBUS_INVALID_MISSING_REPLY_SERIAL: return "Missing reply serial";
885 case DBUS_INVALID_LENGTH_OUT_OF_BOUNDS: return "Length out of bounds";
886 case DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM: return "Array length exceeds maximum";
887 case DBUS_INVALID_BAD_PATH: return "Bad path";
888 case DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Signature length out of bounds";
889 case DBUS_INVALID_BAD_UTF8_IN_STRING: return "Bad utf8 in string";
890 case DBUS_INVALID_ARRAY_LENGTH_INCORRECT: return "Array length incorrect";
891 case DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS: return "Variant signature length out of bounds";
892 case DBUS_INVALID_VARIANT_SIGNATURE_BAD: return "Variant signature bad";
893 case DBUS_INVALID_VARIANT_SIGNATURE_EMPTY: return "Variant signature empty";
894 case DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES: return "Variant signature specifies multiple values";
895 case DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL: return "Variant signature missing nul";
896 case DBUS_INVALID_STRING_MISSING_NUL: return "String missing nul";
897 case DBUS_INVALID_SIGNATURE_MISSING_NUL: return "Signature missing nul";
898 case DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION: return "Exceeded maximum dict entry recursion";
899 case DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED: return "Dict entry ended but not started";
900 case DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED: return "Dict entry started but not ended";
901 case DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS: return "Dict entry has no fields";
902 case DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD: return "Dict entry has only one field";
903 case DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS: return "Dict entry has too many fields";
904 case DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY: return "Dict entry not inside array";
905 case DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE: return "Dict key must be basic type";
906 case DBUS_INVALID_MISSING_UNIX_FDS: return "Unix file descriptor missing";
907 case DBUS_INVALID_NESTED_TOO_DEEPLY: return "Variants cannot be used to create a hugely recursive tree of values";
908 case DBUS_VALIDITY_LAST:
909 default:
910 return "Invalid";
911 }
912}
913
929 int start,
930 int len)
931{
932 const unsigned char *s;
933 const unsigned char *end;
934 const unsigned char *iface;
935 const unsigned char *last_dot;
936
937 _dbus_assert (start >= 0);
938 _dbus_assert (len >= 0);
939 _dbus_assert (start <= _dbus_string_get_length (str));
940
941 if (len > _dbus_string_get_length (str) - start)
942 return FALSE;
943
944 if (len > DBUS_MAXIMUM_NAME_LENGTH)
945 return FALSE;
946
947 if (len == 0)
948 return FALSE;
949
950 last_dot = NULL;
951 iface = _dbus_string_get_const_udata (str) + start;
952 end = iface + len;
953 s = iface;
954
955 /* check special cases of first char so it doesn't have to be done
956 * in the loop. Note we know len > 0
957 */
958 if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
959 return FALSE;
960 else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
961 return FALSE;
962 else
963 ++s;
964
965 while (s != end)
966 {
967 if (*s == '.')
968 {
969 if (_DBUS_UNLIKELY ((s + 1) == end))
970 return FALSE;
971 else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*(s + 1))))
972 return FALSE;
973 last_dot = s;
974 ++s; /* we just validated the next char, so skip two */
975 }
976 else if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
977 {
978 return FALSE;
979 }
980
981 ++s;
982 }
983
984 if (_DBUS_UNLIKELY (last_dot == NULL))
985 return FALSE;
986
987 return TRUE;
988}
989
1005 int start,
1006 int len)
1007{
1008 const unsigned char *s;
1009 const unsigned char *end;
1010 const unsigned char *member;
1011
1012 _dbus_assert (start >= 0);
1013 _dbus_assert (len >= 0);
1014 _dbus_assert (start <= _dbus_string_get_length (str));
1015
1016 if (len > _dbus_string_get_length (str) - start)
1017 return FALSE;
1018
1019 if (len > DBUS_MAXIMUM_NAME_LENGTH)
1020 return FALSE;
1021
1022 if (len == 0)
1023 return FALSE;
1024
1025 member = _dbus_string_get_const_udata (str) + start;
1026 end = member + len;
1027 s = member;
1028
1029 /* check special cases of first char so it doesn't have to be done
1030 * in the loop. Note we know len > 0
1031 */
1032
1033 if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s)))
1034 return FALSE;
1035 else
1036 ++s;
1037
1038 while (s != end)
1039 {
1040 if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s)))
1041 {
1042 return FALSE;
1043 }
1044
1045 ++s;
1046 }
1047
1048 return TRUE;
1049}
1050
1066 int start,
1067 int len)
1068{
1069 /* Same restrictions as interface name at the moment */
1070 return _dbus_validate_interface (str, start, len);
1071}
1072
1077#define VALID_INITIAL_BUS_NAME_CHARACTER(c) \
1078 ( ((c) >= 'A' && (c) <= 'Z') || \
1079 ((c) >= 'a' && (c) <= 'z') || \
1080 ((c) == '_') || ((c) == '-'))
1081
1086#define VALID_BUS_NAME_CHARACTER(c) \
1087 ( ((c) >= '0' && (c) <= '9') || \
1088 ((c) >= 'A' && (c) <= 'Z') || \
1089 ((c) >= 'a' && (c) <= 'z') || \
1090 ((c) == '_') || ((c) == '-'))
1091
1092static dbus_bool_t
1093_dbus_validate_bus_name_full (const DBusString *str,
1094 int start,
1095 int len,
1096 dbus_bool_t is_namespace)
1097{
1098 const unsigned char *s;
1099 const unsigned char *end;
1100 const unsigned char *iface;
1101 const unsigned char *last_dot;
1102
1103 _dbus_assert (start >= 0);
1104 _dbus_assert (len >= 0);
1105 _dbus_assert (start <= _dbus_string_get_length (str));
1106
1107 if (len > _dbus_string_get_length (str) - start)
1108 return FALSE;
1109
1110 if (len > DBUS_MAXIMUM_NAME_LENGTH)
1111 return FALSE;
1112
1113 if (len == 0)
1114 return FALSE;
1115
1116 last_dot = NULL;
1117 iface = _dbus_string_get_const_udata (str) + start;
1118 end = iface + len;
1119 s = iface;
1120
1121 /* check special cases of first char so it doesn't have to be done
1122 * in the loop. Note we know len > 0
1123 */
1124 if (*s == ':')
1125 {
1126 /* unique name */
1127 ++s;
1128 while (s != end)
1129 {
1130 if (*s == '.')
1131 {
1132 if (_DBUS_UNLIKELY ((s + 1) == end))
1133 return FALSE;
1134 if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
1135 return FALSE;
1136 ++s; /* we just validated the next char, so skip two */
1137 }
1138 else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1139 {
1140 return FALSE;
1141 }
1142
1143 ++s;
1144 }
1145
1146 return TRUE;
1147 }
1148 else if (_DBUS_UNLIKELY (*s == '.')) /* disallow starting with a . */
1149 return FALSE;
1150 else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*s)))
1151 return FALSE;
1152 else
1153 ++s;
1154
1155 while (s != end)
1156 {
1157 if (*s == '.')
1158 {
1159 if (_DBUS_UNLIKELY ((s + 1) == end))
1160 return FALSE;
1161 else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*(s + 1))))
1162 return FALSE;
1163 last_dot = s;
1164 ++s; /* we just validated the next char, so skip two */
1165 }
1166 else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s)))
1167 {
1168 return FALSE;
1169 }
1170
1171 ++s;
1172 }
1173
1174 if (!is_namespace && _DBUS_UNLIKELY (last_dot == NULL))
1175 return FALSE;
1176
1177 return TRUE;
1178}
1179
1195 int start,
1196 int len)
1197{
1198 return _dbus_validate_bus_name_full (str, start, len, FALSE);
1199}
1200
1216 int start,
1217 int len)
1218{
1219 return _dbus_validate_bus_name_full (str, start, len, TRUE);
1220}
1221
1225DEFINE_DBUS_NAME_CHECK(interface)
1229DEFINE_DBUS_NAME_CHECK(error_name)
1231DEFINE_DBUS_NAME_CHECK(bus_name)
1234
1235
1237/* tests in dbus-marshal-validate-util.c */
#define _DBUS_INT_TO_POINTER(integer)
Safely stuffs an integer into a pointer, to be extracted later with _DBUS_POINTER_TO_INT.
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
#define _DBUS_POINTER_TO_INT(pointer)
Safely casts a void* to an integer; should only be used on void* that actually contain integers,...
#define _DBUS_INT32_MAX
Maximum value of type "int32".
void * _dbus_list_pop_last(DBusList **list)
Removes the last value in the list and returns it.
Definition: dbus-list.c:700
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
Definition: dbus-list.c:543
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
Definition: dbus-list.c:271
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void _dbus_type_reader_recurse(DBusTypeReader *reader, DBusTypeReader *sub)
Initialize a new reader pointing to the first type and corresponding value that's a child of the curr...
DBusValidity
This is primarily used in unit testing, so we can verify that each invalid message is invalid for the...
DBusValidity _dbus_validate_signature_with_reason(const DBusString *type_str, int type_pos, int len)
Verifies that the range of type_str from type_pos to type_end is a valid signature.
#define VALID_NAME_CHARACTER(c)
Determine wether the given character is valid as a second or later character in a name.
#define VALID_INITIAL_BUS_NAME_CHARACTER(c)
Determine wether the given character is valid as the first character in a bus name.
#define VALID_BUS_NAME_CHARACTER(c)
Determine wether the given character is valid as a second or later character in a bus name.
int _dbus_type_get_alignment(int typecode)
Gets the alignment requirement for the given type; will be 1, 4, or 8.
#define DEFINE_DBUS_NAME_CHECK(what)
Define a name check to be used in _dbus_return_if_fail() statements.
void _dbus_type_reader_init_types_only(DBusTypeReader *reader, const DBusString *type_str, int type_pos)
Like _dbus_type_reader_init() but the iteration is over the signature, not over values.
dbus_bool_t _dbus_validate_error_name(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid error name in the D-Bus protocol.
dbus_uint32_t _dbus_unpack_uint32(int byte_order, const unsigned char *data)
Unpacks a 32 bit unsigned integer from a data pointer.
int _dbus_first_type_in_signature(const DBusString *str, int pos)
Get the first type in the signature.
int _dbus_type_reader_get_element_type(const DBusTypeReader *reader)
Gets the type of an element of the array the reader is currently pointing to.
dbus_bool_t _dbus_validate_member(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid member name in the D-Bus protocol.
dbus_bool_t _dbus_type_reader_next(DBusTypeReader *reader)
Skip to the next value on this "level".
dbus_bool_t _dbus_validate_bus_namespace(const DBusString *str, int start, int len)
Checks that the given range of the string is a prefix of a valid bus name in the D-Bus protocol.
#define VALID_INITIAL_NAME_CHARACTER(c)
Determine wether the given character is valid as the first character in a name.
dbus_bool_t _dbus_validate_path(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid object path name in the D-Bus protocol.
dbus_bool_t _dbus_validate_interface(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid interface name in the D-Bus protocol.
const char * _dbus_type_to_string(int typecode)
Returns a string describing the given type.
DBusValidity _dbus_validate_body_with_reason(const DBusString *expected_signature, int expected_signature_start, int byte_order, int *bytes_remaining, const DBusString *value_str, int value_pos, int len)
Verifies that the range of value_str from value_pos to value_end is a legitimate value of type expect...
int _dbus_type_reader_get_current_type(const DBusTypeReader *reader)
Gets the type of the value the reader is currently pointing to; or for a types-only reader gets the t...
dbus_bool_t _dbus_validate_bus_name(const DBusString *str, int start, int len)
Checks that the given range of the string is a valid bus name in the D-Bus protocol.
@ DBUS_VALIDITY_UNKNOWN_OOM_ERROR
can't determine validity due to OOM
@ DBUS_INVALID_TOO_MUCH_DATA
trailing junk makes it invalid
@ DBUS_VALID
the data is valid
#define DBUS_TYPE_SIGNATURE
Type code marking a D-Bus type signature.
#define DBUS_MAXIMUM_SIGNATURE_LENGTH
This one is 255 so it fits in a byte.
#define DBUS_DICT_ENTRY_END_CHAR
Code marking the end of a dict entry type in a type signature.
#define DBUS_TYPE_OBJECT_PATH
Type code marking a D-Bus object path.
#define DBUS_TYPE_BYTE
Type code marking an 8-bit unsigned integer.
Definition: dbus-protocol.h:66
#define DBUS_TYPE_INT16
Type code marking a 16-bit signed integer.
Definition: dbus-protocol.h:74
#define DBUS_TYPE_VARIANT
Type code marking a D-Bus variant type.
#define DBUS_MAXIMUM_ARRAY_LENGTH
Max length of a marshaled array in bytes (64M, 2^26) We use signed int for lengths so must be INT_MAX...
#define DBUS_TYPE_INT32
Type code marking a 32-bit signed integer.
Definition: dbus-protocol.h:82
#define DBUS_TYPE_UNIX_FD
Type code marking a unix file descriptor.
#define DBUS_TYPE_BOOLEAN
Type code marking a boolean.
Definition: dbus-protocol.h:70
#define DBUS_STRUCT_BEGIN_CHAR
Code marking the start of a struct type in a type signature.
#define DBUS_TYPE_STRING
Type code marking a UTF-8 encoded, nul-terminated Unicode string.
#define DBUS_MAXIMUM_NAME_LENGTH
Max length in bytes of a bus name, interface, or member (not object path, paths are unlimited).
#define DBUS_TYPE_ARRAY
Type code marking a D-Bus array type.
#define DBUS_TYPE_INVALID
Type code that is never equal to a legitimate type code.
Definition: dbus-protocol.h:60
#define DBUS_MAXIMUM_TYPE_RECURSION_DEPTH
Depth of recursion in the type tree.
#define DBUS_TYPE_INT64
Type code marking a 64-bit signed integer.
Definition: dbus-protocol.h:90
#define DBUS_TYPE_DOUBLE
Type code marking an 8-byte double in IEEE 754 format.
Definition: dbus-protocol.h:98
#define DBUS_TYPE_UINT64
Type code marking a 64-bit unsigned integer.
Definition: dbus-protocol.h:94
#define DBUS_TYPE_DICT_ENTRY
Type code used to represent a dict entry; however, this type code does not appear in type signatures,...
#define DBUS_DICT_ENTRY_BEGIN_CHAR
Code marking the start of a dict entry type in a type signature.
#define DBUS_TYPE_UINT16
Type code marking a 16-bit unsigned integer.
Definition: dbus-protocol.h:78
#define DBUS_TYPE_STRUCT
STRUCT and DICT_ENTRY are sort of special since their codes can't appear in a type string,...
#define DBUS_STRUCT_END_CHAR
Code marking the end of a struct type in a type signature.
#define DBUS_TYPE_UINT32
Type code marking a 32-bit unsigned integer.
Definition: dbus-protocol.h:86
dbus_bool_t dbus_type_is_basic(int typecode)
A "basic type" is a somewhat arbitrary concept, but the intent is to include those types that are ful...
dbus_bool_t dbus_type_is_fixed(int typecode)
Tells you whether values of this type can change length if you set them to some other value.
dbus_bool_t dbus_type_is_valid(int typecode)
Return TRUE if the argument is a valid typecode.
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
Definition: dbus-string.c:2605
void _dbus_string_init_const_len(DBusString *str, const char *value, int len)
Initializes a constant string with a length.
Definition: dbus-string.c:217
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:35
A node in a linked list.
Definition: dbus-list.h:35
The type reader is an iterator for reading values from a block of values.
int type_pos
current position in signature