From 605eaef7dd54a3d66a0b4ec40fd59859869340d5 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 14 Jul 2011 13:00:38 +0100 Subject: [PATCH 2/3] Add dbus-syntax.[ch] --- cmake/dbus/CMakeLists.txt | 2 + dbus/Makefile.am | 2 + dbus/dbus-syntax.c | 309 +++++++++++++++++++++++++++++++++++++++++++++ dbus/dbus-syntax.h | 58 +++++++++ dbus/dbus.h | 1 + 5 files changed, 372 insertions(+), 0 deletions(-) create mode 100644 dbus/dbus-syntax.c create mode 100644 dbus/dbus-syntax.h diff --git a/cmake/dbus/CMakeLists.txt b/cmake/dbus/CMakeLists.txt index 4399081..1f136fa 100644 --- a/cmake/dbus/CMakeLists.txt +++ b/cmake/dbus/CMakeLists.txt @@ -21,6 +21,7 @@ set (dbusinclude_HEADERS ${DBUS_DIR}/dbus-server.h ${DBUS_DIR}/dbus-shared.h ${DBUS_DIR}/dbus-signature.h + ${DBUS_DIR}/dbus-syntax.h ${DBUS_DIR}/dbus-threads.h ${DBUS_DIR}/dbus-types.h dbus-arch-deps.h @@ -52,6 +53,7 @@ set (DBUS_LIB_SOURCES ${DBUS_DIR}/dbus-server-debug-pipe.c ${DBUS_DIR}/dbus-sha.c ${DBUS_DIR}/dbus-signature.c + ${DBUS_DIR}/dbus-syntax.c ${DBUS_DIR}/dbus-timeout.c ${DBUS_DIR}/dbus-threads.c ${DBUS_DIR}/dbus-transport.c diff --git a/dbus/Makefile.am b/dbus/Makefile.am index 094773c..6f20cf2 100644 --- a/dbus/Makefile.am +++ b/dbus/Makefile.am @@ -123,6 +123,7 @@ dbusinclude_HEADERS= \ dbus-server.h \ dbus-shared.h \ dbus-signature.h \ + dbus-syntax.h \ dbus-threads.h \ dbus-types.h @@ -176,6 +177,7 @@ DBUS_LIB_SOURCES= \ dbus-sha.c \ dbus-sha.h \ dbus-signature.c \ + dbus-syntax.c \ dbus-timeout.c \ dbus-timeout.h \ dbus-threads-internal.h \ diff --git a/dbus/dbus-syntax.c b/dbus/dbus-syntax.c new file mode 100644 index 0000000..4792287 --- /dev/null +++ b/dbus/dbus-syntax.c @@ -0,0 +1,309 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ +/* dbus-syntax.c - utility functions for strings with special syntax + * + * Author: Simon McVittie + * Copyright © 2011 Nokia Corporation + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#include +#include "dbus-syntax.h" + +#include "dbus-internals.h" +#include "dbus-marshal-validate.h" +#include "dbus-shared.h" + +/** + * @defgroup DBusSyntax Utility functions for strings with special syntax + * @ingroup DBus + * @brief Parsing D-Bus type signatures + * @{ + */ + +/** + * Check an object path for validity. Remember that #NULL can always + * be passed instead of a DBusError *, if you don't care about having + * an error name and message. + * + * This function is suitable for validating C strings, but is not suitable + * for validating untrusted data from a network unless the string's length + * is also checked, since it assumes that the string ends at the first zero + * byte according to normal C conventions. + * + * @param path a potentially invalid object path, which must not be #NULL + * @param error error return + * @returns #TRUE if path is valid + */ +dbus_bool_t +dbus_validate_path (const char *path, + DBusError *error) +{ + DBusString str; + int len; + + _dbus_return_val_if_fail (path != NULL, FALSE); + + _dbus_string_init_const (&str, path); + len = _dbus_string_get_length (&str); + + /* In general, it ought to be valid... */ + if (_DBUS_LIKELY (_dbus_validate_path (&str, 0, len))) + return TRUE; + + /* slow path: string is invalid, find out why */ + + if (!_dbus_string_validate_utf8 (&str, 0, len)) + { + /* don't quote the actual string here, since a DBusError also needs to + * be valid UTF-8 */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Object path was not valid UTF-8"); + return FALSE; + } + + /* FIXME: later, diagnose exactly how it was invalid */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Object path was not valid: '%s'", path); + return FALSE; +} + +/** + * Check an interface name for validity. Remember that #NULL can always + * be passed instead of a DBusError *, if you don't care about having + * an error name and message. + * + * This function is suitable for validating C strings, but is not suitable + * for validating untrusted data from a network unless the string's length + * is also checked, since it assumes that the string ends at the first zero + * byte according to normal C conventions. + * + * @param path a potentially invalid interface name, which must not be #NULL + * @param error error return + * @returns #TRUE if name is valid + */ +dbus_bool_t +dbus_validate_interface (const char *name, + DBusError *error) +{ + DBusString str; + int len; + + _dbus_return_val_if_fail (name != NULL, FALSE); + + _dbus_string_init_const (&str, name); + len = _dbus_string_get_length (&str); + + /* In general, it ought to be valid... */ + if (_DBUS_LIKELY (_dbus_validate_interface (&str, 0, len))) + return TRUE; + + /* slow path: string is invalid, find out why */ + + if (!_dbus_string_validate_utf8 (&str, 0, len)) + { + /* don't quote the actual string here, since a DBusError also needs to + * be valid UTF-8 */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Interface name was not valid UTF-8"); + return FALSE; + } + + /* FIXME: later, diagnose exactly how it was invalid */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Interface name was not valid: '%s'", name); + return FALSE; +} + +/** + * Check a member (method/signal) name for validity. Remember that #NULL + * can always be passed instead of a DBusError *, if you don't care about + * having an error name and message. + * + * This function is suitable for validating C strings, but is not suitable + * for validating untrusted data from a network unless the string's length + * is also checked, since it assumes that the string ends at the first zero + * byte according to normal C conventions. + * + * @param path a potentially invalid member name, which must not be #NULL + * @param error error return + * @returns #TRUE if name is valid + */ +dbus_bool_t +dbus_validate_member (const char *name, + DBusError *error) +{ + DBusString str; + int len; + + _dbus_return_val_if_fail (name != NULL, FALSE); + + _dbus_string_init_const (&str, name); + len = _dbus_string_get_length (&str); + + /* In general, it ought to be valid... */ + if (_DBUS_LIKELY (_dbus_validate_member (&str, 0, len))) + return TRUE; + + /* slow path: string is invalid, find out why */ + + if (!_dbus_string_validate_utf8 (&str, 0, len)) + { + /* don't quote the actual string here, since a DBusError also needs to + * be valid UTF-8 */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Member name was not valid UTF-8"); + return FALSE; + } + + /* FIXME: later, diagnose exactly how it was invalid */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Member name was not valid: '%s'", name); + return FALSE; +} + +/** + * Check an error name for validity. Remember that #NULL + * can always be passed instead of a DBusError *, if you don't care about + * having an error name and message. + * + * This function is suitable for validating C strings, but is not suitable + * for validating untrusted data from a network unless the string's length + * is also checked, since it assumes that the string ends at the first zero + * byte according to normal C conventions. + * + * @param path a potentially invalid error name, which must not be #NULL + * @param error error return + * @returns #TRUE if name is valid + */ +dbus_bool_t +dbus_validate_error_name (const char *name, + DBusError *error) +{ + DBusString str; + int len; + + _dbus_return_val_if_fail (name != NULL, FALSE); + + _dbus_string_init_const (&str, name); + len = _dbus_string_get_length (&str); + + /* In general, it ought to be valid... */ + if (_DBUS_LIKELY (_dbus_validate_error_name (&str, 0, len))) + return TRUE; + + /* slow path: string is invalid, find out why */ + + if (!_dbus_string_validate_utf8 (&str, 0, len)) + { + /* don't quote the actual string here, since a DBusError also needs to + * be valid UTF-8 */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Error name was not valid UTF-8"); + return FALSE; + } + + /* FIXME: later, diagnose exactly how it was invalid */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Error name was not valid: '%s'", name); + return FALSE; +} + +/** + * Check a bus name for validity. Remember that #NULL + * can always be passed instead of a DBusError *, if you don't care about + * having an error name and message. + * + * This function is suitable for validating C strings, but is not suitable + * for validating untrusted data from a network unless the string's length + * is also checked, since it assumes that the string ends at the first zero + * byte according to normal C conventions. + * + * @param path a potentially invalid bus name, which must not be #NULL + * @param error error return + * @returns #TRUE if name is valid + */ +dbus_bool_t +dbus_validate_bus_name (const char *name, + DBusError *error) +{ + DBusString str; + int len; + + _dbus_return_val_if_fail (name != NULL, FALSE); + + _dbus_string_init_const (&str, name); + len = _dbus_string_get_length (&str); + + /* In general, it ought to be valid... */ + if (_DBUS_LIKELY (_dbus_validate_bus_name (&str, 0, len))) + return TRUE; + + /* slow path: string is invalid, find out why */ + + if (!_dbus_string_validate_utf8 (&str, 0, len)) + { + /* don't quote the actual string here, since a DBusError also needs to + * be valid UTF-8 */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Bus name was not valid UTF-8"); + return FALSE; + } + + /* FIXME: later, diagnose exactly how it was invalid */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Bus name was not valid: '%s'", name); + return FALSE; +} + +/** + * Check a string for validity. Strings on D-Bus must be valid UTF-8. + * Remember that #NULL can always be passed instead of a DBusError *, + * if you don't care about having an error name and message. + * + * This function is suitable for validating C strings, but is not suitable + * for validating untrusted data from a network unless the string's length + * is also checked, since it assumes that the string ends at the first zero + * byte according to normal C conventions. + * + * @param alleged_utf8 a string to be checked, which must not be #NULL + * @param error error return + * @returns #TRUE if alleged_utf8 is valid UTF-8 + */ +dbus_bool_t +dbus_validate_utf8 (const char *alleged_utf8, + DBusError *error) +{ + DBusString str; + + _dbus_return_val_if_fail (alleged_utf8 != NULL, FALSE); + + _dbus_string_init_const (&str, alleged_utf8); + + if (_DBUS_LIKELY (_dbus_string_validate_utf8 (&str, 0, + _dbus_string_get_length (&str)))) + return TRUE; + + /* don't quote the actual string here, since a DBusError also needs to + * be valid UTF-8 */ + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "String was not valid UTF-8"); + return FALSE; +} + +/** @} */ /* end of group */ diff --git a/dbus/dbus-syntax.h b/dbus/dbus-syntax.h new file mode 100644 index 0000000..daf20f0 --- /dev/null +++ b/dbus/dbus-syntax.h @@ -0,0 +1,58 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ +/* dbus-syntax.h - utility functions for strings with special syntax + * + * Author: Simon McVittie + * Copyright © 2011 Nokia Corporation + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ +#if !defined (DBUS_INSIDE_DBUS_H) && !defined (DBUS_COMPILATION) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef DBUS_SYNTAX_H +#define DBUS_SYNTAX_H + +#include +#include +#include + +DBUS_BEGIN_DECLS + +DBUS_EXPORT +dbus_bool_t dbus_validate_path (const char *path, + DBusError *error); +DBUS_EXPORT +dbus_bool_t dbus_validate_interface (const char *name, + DBusError *error); +DBUS_EXPORT +dbus_bool_t dbus_validate_member (const char *name, + DBusError *error); +DBUS_EXPORT +dbus_bool_t dbus_validate_error_name (const char *name, + DBusError *error); +DBUS_EXPORT +dbus_bool_t dbus_validate_bus_name (const char *name, + DBusError *error); +DBUS_EXPORT +dbus_bool_t dbus_validate_utf8 (const char *alleged_utf8, + DBusError *error); + +DBUS_END_DECLS + +#endif /* multiple-inclusion guard */ diff --git a/dbus/dbus.h b/dbus/dbus.h index 1f09950..932ceab 100644 --- a/dbus/dbus.h +++ b/dbus/dbus.h @@ -39,6 +39,7 @@ #include #include #include +#include #include #include -- 1.7.5.4