dbus library calls abort() if it got a non-expected type passed to it.
---
src/agent-connman.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 86 insertions(+), 3 deletions(-)
diff --git a/src/agent-connman.c b/src/agent-connman.c
index 2d714b5..381fd25 100644
--- a/src/agent-connman.c
+++ b/src/agent-connman.c
@@ -54,6 +54,34 @@ static bool check_reply_has_dict(DBusMessage *reply)
return false;
}
+static bool check_message_is_basic_type(DBusMessageIter *entry)
+{
+ int type = dbus_message_iter_get_arg_type(entry);
+ switch (type) {
+ case DBUS_TYPE_BYTE:
+ case DBUS_TYPE_BOOLEAN:
+ case DBUS_TYPE_INT16:
+ case DBUS_TYPE_UINT16:
+ case DBUS_TYPE_INT32:
+ case DBUS_TYPE_UINT32:
+ case DBUS_TYPE_INT64:
+ case DBUS_TYPE_UINT64:
+ case DBUS_TYPE_DOUBLE:
+ case DBUS_TYPE_STRING:
+ case DBUS_TYPE_OBJECT_PATH:
+ case DBUS_TYPE_SIGNATURE:
+ case DBUS_TYPE_UNIX_FD:
+ return true;
+
+ case DBUS_TYPE_VARIANT:
+ case DBUS_TYPE_ARRAY:
+ case DBUS_TYPE_STRUCT:
+ case DBUS_TYPE_DICT_ENTRY:
+ default:
+ return false;
+ }
+}
+
struct request_input_reply {
struct connman_service *service;
struct connman_peer *peer;
@@ -110,7 +138,14 @@ static void request_input_passphrase_reply(DBusMessage
*reply, void *user_data)
if (dbus_message_iter_get_arg_type(&entry)
!= DBUS_TYPE_VARIANT)
break;
+
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &identity);
} else if (g_str_equal(key, "Passphrase")) {
@@ -118,7 +153,14 @@ static void request_input_passphrase_reply(DBusMessage
*reply, void *user_data)
if (dbus_message_iter_get_arg_type(&entry)
!= DBUS_TYPE_VARIANT)
break;
+
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &passphrase);
} else if (g_str_equal(key, "WPS")) {
@@ -128,7 +170,14 @@ static void request_input_passphrase_reply(DBusMessage
*reply, void *user_data)
if (dbus_message_iter_get_arg_type(&entry)
!= DBUS_TYPE_VARIANT)
break;
+
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &wpspin);
break;
} else if (g_str_equal(key, "Name")) {
@@ -136,7 +185,14 @@ static void request_input_passphrase_reply(DBusMessage
*reply, void *user_data)
if (dbus_message_iter_get_arg_type(&entry)
!= DBUS_TYPE_VARIANT)
break;
+
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &name);
name_len = strlen(name);
} else if (g_str_equal(key, "SSID")) {
@@ -144,16 +200,25 @@ static void request_input_passphrase_reply(DBusMessage
*reply, void *user_data)
dbus_message_iter_next(&entry);
if (dbus_message_iter_get_arg_type(&entry)
- != DBUS_TYPE_VARIANT)
+ != DBUS_TYPE_VARIANT) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
break;
+ }
dbus_message_iter_recurse(&entry, &value);
if (dbus_message_iter_get_arg_type(&value)
- != DBUS_TYPE_ARRAY)
+ != DBUS_TYPE_ARRAY) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
break;
+ }
dbus_message_iter_recurse(&value, &array_iter);
if (dbus_message_iter_get_arg_type(&array_iter)
- != DBUS_TYPE_BYTE)
+ != DBUS_TYPE_BYTE) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
break;
+ }
dbus_message_iter_get_fixed_array(&array_iter, &name,
&name_len);
}
@@ -401,7 +466,14 @@ static void request_input_login_reply(DBusMessage *reply,
void *user_data)
if (dbus_message_iter_get_arg_type(&entry)
!= DBUS_TYPE_VARIANT)
break;
+
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &username);
} else if (g_str_equal(key, "Password")) {
@@ -410,6 +482,12 @@ static void request_input_login_reply(DBusMessage *reply,
void *user_data)
DBUS_TYPE_VARIANT)
break;
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ values_received = false;
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &password);
}
@@ -718,6 +796,11 @@ static void request_peer_authorization_reply(DBusMessage
*reply,
!= DBUS_TYPE_VARIANT)
break;
dbus_message_iter_recurse(&entry, &value);
+ if (!check_message_is_basic_type(&value)) {
+ error = CONNMAN_ERROR_INTERFACE
".InvalidArguments";
+ break;
+ }
+
dbus_message_iter_get_basic(&value, &wpspin);
break;
}
--
1.9.1
_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
