From d1b814308e0af48112dcdfea0172999c801772e1 Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Wed, 21 Feb 2018 00:56:15 +0100 Subject: [PATCH] message: verify validity of all header fields Make sure sender, destination, interface, member, and error_name are all according to the spec. Signed-off-by: Tom Gundersen --- src/dbus/message.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/dbus/message.c b/src/dbus/message.c index 76787db2..b7700b36 100644 --- a/src/dbus/message.c +++ b/src/dbus/message.c @@ -239,36 +239,48 @@ static int message_parse_header(Message *message, MessageMetadata *metadata) { if (!strcmp(metadata->fields.interface, "org.freedesktop.DBus.Local")) return MESSAGE_E_INVALID_HEADER; - /* XXX: invalid interfaces are rejected */ + if (!dbus_validate_interface(metadata->fields.interface, strlen(metadata->fields.interface))) + return MESSAGE_E_INVALID_HEADER; break; case DBUS_MESSAGE_FIELD_MEMBER: c_dvar_read(&v, ")", c_dvar_type_s, &metadata->fields.member); - /* XXX: invalid members are rejected */ + if (!dbus_validate_member(metadata->fields.member, strlen(metadata->fields.member))) + return MESSAGE_E_INVALID_HEADER; break; case DBUS_MESSAGE_FIELD_ERROR_NAME: c_dvar_read(&v, ")", c_dvar_type_s, &metadata->fields.error_name); - /* XXX: Invalid error-names are rejected */ + + if (!dbus_validate_error_name(metadata->fields.error_name, strlen(metadata->fields.error_name))) + return MESSAGE_E_INVALID_HEADER; + break; case DBUS_MESSAGE_FIELD_REPLY_SERIAL: c_dvar_read(&v, ")", c_dvar_type_u, &metadata->fields.reply_serial); + if (!metadata->fields.reply_serial) return MESSAGE_E_INVALID_HEADER; + break; case DBUS_MESSAGE_FIELD_DESTINATION: c_dvar_read(&v, ")", c_dvar_type_s, &metadata->fields.destination); - /* XXX: Invalid bus-names are rejected */ + + if (!dbus_validate_name(metadata->fields.destination, strlen(metadata->fields.destination))) + return MESSAGE_E_INVALID_HEADER; + break; case DBUS_MESSAGE_FIELD_SENDER: c_dvar_read(&v, ")", c_dvar_type_s, &metadata->fields.sender); - /* XXX: Invalid bus-names are rejected */ + + if (!dbus_validate_name(metadata->fields.sender, strlen(metadata->fields.sender))) + return MESSAGE_E_INVALID_HEADER; /* cache sender in case it needs to be stitched out */ message->original_sender = (void *)metadata->fields.sender;