diff options
author | Havoc Pennington <hp@redhat.com> | 2003-03-02 17:34:30 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2003-03-02 17:34:30 +0000 |
commit | f7d96bdf80129d95cf33f26a778ce2c94a818bd0 (patch) | |
tree | f1df8da8c12b134a5ab5e06eab9951394754b69b /dbus/dbus-marshal.c | |
parent | 7584a7bdccc6c7cf9f3d11c315f088794729b7e4 (diff) |
2003-03-02 Havoc Pennington <hp@pobox.com>
* test/break-loader.c (randomly_set_extreme_ints): add test that
sets really huge and small integers
* dbus/dbus-marshal.c (_dbus_marshal_validate_arg): add check
that length of boolean array fits in the string, and that
string has room for boolean value in single-bool case.
* dbus/dbus-message-builder.c (_dbus_message_data_load): add
optional value to "ALIGN" command which is what to fill the
alignment with.
* test/data/valid-messages/no-padding.message: add regression
test for the message padding problem
Diffstat (limited to 'dbus/dbus-marshal.c')
-rw-r--r-- | dbus/dbus-marshal.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/dbus/dbus-marshal.c b/dbus/dbus-marshal.c index b199561b..f78757fd 100644 --- a/dbus/dbus-marshal.c +++ b/dbus/dbus-marshal.c @@ -997,7 +997,9 @@ _dbus_marshal_get_arg_end_pos (const DBusString *str, * Demarshals and validates a length; returns < 0 if the validation * fails. The length is required to be small enough that * len*sizeof(double) will not overflow, and small enough to fit in a - * signed integer. + * signed integer. DOES NOT check whether the length points + * beyond the end of the string, because it doesn't know the + * size of array elements. * * @param str the string * @param byte_order the byte order @@ -1012,6 +1014,8 @@ demarshal_and_validate_len (const DBusString *str, { int align_4 = _DBUS_ALIGN_VALUE (pos, 4); unsigned int len; + + _dbus_assert (new_pos != NULL); if ((align_4 + 4) >= _dbus_string_get_length (str)) { @@ -1116,6 +1120,12 @@ _dbus_marshal_validate_arg (const DBusString *str, { unsigned char c; + if (2 > _dbus_string_get_length (str) - pos) + { + _dbus_verbose ("no room for boolean value\n"); + return FALSE; + } + c = _dbus_string_get_byte (str, pos + 1); if (c != 0 && c != 1) @@ -1184,6 +1194,12 @@ _dbus_marshal_validate_arg (const DBusString *str, if (len < 0) return FALSE; + if (len > _dbus_string_get_length (str) - pos) + { + _dbus_verbose ("boolean array length outside length of the message\n"); + return FALSE; + } + i = 0; while (i < len) { |