On Thu, Sep 03, 2015 at 04:29:21PM +0200, Marcus Folkesson wrote:
> dbus library calls abort() if it got a non-expected type passed to it.
> ---
> src/agent-connman.c | 89
> +++++++++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 86 insertions(+), 3 deletions(-)
>
> diff --git a/src/agent-connman.c b/src/agent-connman.c
> index 2d714b5..381fd25 100644
> --- a/src/agent-connman.c
> +++ b/src/agent-connman.c
> @@ -54,6 +54,34 @@ static bool check_reply_has_dict(DBusMessage *reply)
> return false;
> }
>
> +static bool check_message_is_basic_type(DBusMessageIter *entry)
> +{
> + int type = dbus_message_iter_get_arg_type(entry);
> + switch (type) {
> + case DBUS_TYPE_BYTE:
> + case DBUS_TYPE_BOOLEAN:
> + case DBUS_TYPE_INT16:
> + case DBUS_TYPE_UINT16:
> + case DBUS_TYPE_INT32:
> + case DBUS_TYPE_UINT32:
> + case DBUS_TYPE_INT64:
> + case DBUS_TYPE_UINT64:
> + case DBUS_TYPE_DOUBLE:
> + case DBUS_TYPE_STRING:
> + case DBUS_TYPE_OBJECT_PATH:
> + case DBUS_TYPE_SIGNATURE:
> + case DBUS_TYPE_UNIX_FD:
> + return true;
> +
> + case DBUS_TYPE_VARIANT:
> + case DBUS_TYPE_ARRAY:
> + case DBUS_TYPE_STRUCT:
> + case DBUS_TYPE_DICT_ENTRY:
> + default:
> + return false;
> + }
> +}
> +
> struct request_input_reply {
> struct connman_service *service;
> struct connman_peer *peer;
> @@ -110,7 +138,14 @@ static void request_input_passphrase_reply(DBusMessage
> *reply, void *user_data)
> if (dbus_message_iter_get_arg_type(&entry)
> != DBUS_TYPE_VARIANT)
> break;
> +
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &identity);
>
> } else if (g_str_equal(key, "Passphrase")) {
> @@ -118,7 +153,14 @@ static void request_input_passphrase_reply(DBusMessage
> *reply, void *user_data)
> if (dbus_message_iter_get_arg_type(&entry)
> != DBUS_TYPE_VARIANT)
> break;
> +
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &passphrase);
>
> } else if (g_str_equal(key, "WPS")) {
> @@ -128,7 +170,14 @@ static void request_input_passphrase_reply(DBusMessage
> *reply, void *user_data)
> if (dbus_message_iter_get_arg_type(&entry)
> != DBUS_TYPE_VARIANT)
> break;
> +
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &wpspin);
> break;
> } else if (g_str_equal(key, "Name")) {
> @@ -136,7 +185,14 @@ static void request_input_passphrase_reply(DBusMessage
> *reply, void *user_data)
> if (dbus_message_iter_get_arg_type(&entry)
> != DBUS_TYPE_VARIANT)
> break;
> +
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &name);
> name_len = strlen(name);
> } else if (g_str_equal(key, "SSID")) {
> @@ -144,16 +200,25 @@ static void request_input_passphrase_reply(DBusMessage
> *reply, void *user_data)
>
> dbus_message_iter_next(&entry);
> if (dbus_message_iter_get_arg_type(&entry)
> - != DBUS_TYPE_VARIANT)
> + != DBUS_TYPE_VARIANT) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> break;
> + }
> dbus_message_iter_recurse(&entry, &value);
> if (dbus_message_iter_get_arg_type(&value)
> - != DBUS_TYPE_ARRAY)
> + != DBUS_TYPE_ARRAY) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> break;
> + }
> dbus_message_iter_recurse(&value, &array_iter);
> if (dbus_message_iter_get_arg_type(&array_iter)
> - != DBUS_TYPE_BYTE)
> + != DBUS_TYPE_BYTE) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> break;
> + }
> dbus_message_iter_get_fixed_array(&array_iter, &name,
> &name_len);
> }
> @@ -401,7 +466,14 @@ static void request_input_login_reply(DBusMessage
> *reply, void *user_data)
> if (dbus_message_iter_get_arg_type(&entry)
> != DBUS_TYPE_VARIANT)
> break;
> +
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &username);
>
> } else if (g_str_equal(key, "Password")) {
> @@ -410,6 +482,12 @@ static void request_input_login_reply(DBusMessage
> *reply, void *user_data)
> DBUS_TYPE_VARIANT)
> break;
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + values_received = false;
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &password);
> }
>
> @@ -718,6 +796,11 @@ static void request_peer_authorization_reply(DBusMessage
> *reply,
> != DBUS_TYPE_VARIANT)
> break;
> dbus_message_iter_recurse(&entry, &value);
> + if (!check_message_is_basic_type(&value)) {
> + error = CONNMAN_ERROR_INTERFACE
> ".InvalidArguments";
> + break;
> + }
> +
> dbus_message_iter_get_basic(&value, &wpspin);
> break;
> }
> --
> 1.9.1
>
Just saw a patch from jhannika posted on the channel:
jgke.fi/dump/typecheck.patch
It practically to the same thing.
Cheers,
Marcus Folkesson
_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
