Re: [PATCH v3] agent-connman: Type check dbus messages for dbus_message_iter_get_basic

Mon, 07 Sep 2015 03:08:22 -0700 

        Hi,

On Mon, 2015-09-07 at 09:56 +0200, Marcus Folkesson wrote:
> dbus library calls abort() if it got a non-expected type passed to it.
> ---
> Changelog:
> v3: Fix embarrassing typo
> v2: Check against specific type instead of all basic types
> 
>  src/agent-connman.c | 63 
> ++++++++++++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 60 insertions(+), 3 deletions(-)
> 
> diff --git a/src/agent-connman.c b/src/agent-connman.c
> index 2d714b5..341e253 100644
> --- a/src/agent-connman.c
> +++ b/src/agent-connman.c
> @@ -110,7 +110,14 @@ static void request_input_passphrase_reply(DBusMessage 
> *reply, void *user_data)
>                       if (dbus_message_iter_get_arg_type(&entry)
>                                                       != DBUS_TYPE_VARIANT)
>                               break;
> +
>                       dbus_message_iter_recurse(&entry, &value);
> +                     if (dbus_message_iter_get_arg_type(&entry) != 
> DBUS_TYPE_STRING) {
> +                             error = CONNMAN_ERROR_INTERFACE 
> ".InvalidArguments";
> +                             values_received = false;
> +                             break;
> +                     }
> +
>                       dbus_message_iter_get_basic(&value, &identity);

Down here the basic value we're extracting is from &value, which should
be the one tested for DBUS_TYPE_STRING. But the DBUS_TYPE_STRING test
was conducted on &entry above, which is always false as the &entry is a
DBUS_TYPE_VARIANT.

>  
>               } else if (g_str_equal(key, "Passphrase")) {
> @@ -118,7 +125,14 @@ static void request_input_passphrase_reply(DBusMessage 
> *reply, void *user_data)
>                       if (dbus_message_iter_get_arg_type(&entry)
>                                                       != DBUS_TYPE_VARIANT)
>                               break;

The already existing error handling skips entries that are not variants,
so it should also have error set. Can you add this to the patch?

Looking at the code, values_received is not very useful either here or
in src/service.c request_input_cb(), so I was thinking it need not be
touched at all but rather removed in some upcoming future patch set.

A few lines below, wps = true should be set only if WPS information was
successfully received. Can you add this to the patch also?

Cheers,

        Patrik

_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Reply via email to