Commit d4b870e7 authored by Havoc Pennington's avatar Havoc Pennington

2002-12-11 Havoc Pennington <hp@pobox.com>

	* dbus/dbus-types.h: add dbus_unichar

	* dbus/dbus-internals.c (_dbus_verbose): use _dbus_getenv

	* dbus/dbus-connection.c (dbus_connection_send_message): return
	TRUE on success

	* dbus/dbus-transport.c: include dbus-watch.h

	* dbus/dbus-connection.c: include dbus-message-internal.h

	* HACKING: add file with coding guidelines stuff.

	* dbus/dbus-string.h, dbus/dbus-string.c: Encapsulate all string
	handling here, for security purposes (as in vsftpd). Not actually
	using this class yet.

	* dbus/dbus-sysdeps.h, dbus/dbus-sysdeps.c: Encapsulate all
	system/libc usage here, as in vsftpd, for ease of auditing (and
	should also simplify portability). Haven't actually moved all the
	system/libc usage into here yet.
parent 652aa5e1
2002-12-11 Havoc Pennington <hp@pobox.com>
* dbus/dbus-types.h: add dbus_unichar
* dbus/dbus-internals.c (_dbus_verbose): use _dbus_getenv
* dbus/dbus-connection.c (dbus_connection_send_message): return
TRUE on success
* dbus/dbus-transport.c: include dbus-watch.h
* dbus/dbus-connection.c: include dbus-message-internal.h
* HACKING: add file with coding guidelines stuff.
* dbus/dbus-string.h, dbus/dbus-string.c: Encapsulate all string
handling here, for security purposes (as in vsftpd). Not actually
using this class yet.
* dbus/dbus-sysdeps.h, dbus/dbus-sysdeps.c: Encapsulate all
system/libc usage here, as in vsftpd, for ease of auditing (and
should also simplify portability). Haven't actually moved all the
system/libc usage into here yet.
2002-11-25 Havoc Pennington <hp@pobox.com>
* dbus/dbus-internals.c (_dbus_verbose): fix to not
......
The guidelines in this file are the ideals; it's better to send a
not-fully-following-guidelines patch than no patch at all, though. We
can always polish it up.
Mailing list
===
The D-BUS mailing list is message-bus-list@freedesktop.org; discussion
of patches, etc. should go there.
Security
===
Most of D-BUS is security sensitive. Guidelines related to that:
- avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(),
strstr(), strtok(), or any of this stuff. Use DBusString.
If DBusString doesn't have the feature you need, add it
to DBusString.
There are some exceptions, for example
if your strings are just used to index a hash table
and you don't do any parsing/modification of them, perhaps
DBusString is wasteful and wouldn't help much. But definitely
if you're doing any parsing, reallocation, etc. use DBusString.
- do not include system headers outside of dbus-memory.c,
dbus-sysdeps.c, and other places where they are already
included. This gives us one place to audit all external
dependencies on features in libc, etc.
- do not use libc features that are "complicated"
and may contain security holes. For example, you probably shouldn't
try to use regcomp() to compile an untrusted regular expression.
Regular expressions are just too complicated, and there are many
different libc's out there.
- we need to design the message bus daemon (and any similar features)
to use limited privileges, run in a chroot jail, and so on.
http://vsftpd.beasts.org/ has other good security suggestions.
Coding Style
===
- The C library uses GNU coding conventions, with GLib-like
extensions (e.g. lining up function arguments). The
Qt wrapper uses KDE coding conventions.
- Write docs for all non-static functions and structs and so on. try
"doxygen Doxyfile" prior to commit and be sure there are no
warnings printed.
- All external interfaces (network protocols, file formats, etc.)
should have documented specifications sufficient to allow an
alternative implementation to be written. Our implementation should
be strict about specification compliance (should not for example
heuristically parse a file and accept not-well-formed
data). Avoiding heuristics is also important for security reasons;
if it looks funny, ignore it (or exit, or disconnect).
......@@ -48,7 +48,11 @@ libdbus_convenience_la_SOURCES= \
dbus-internals.c \
dbus-internals.h \
dbus-list.c \
dbus-list.h
dbus-list.h \
dbus-string.c \
dbus-string.h \
dbus-sysdeps.c \
dbus-sysdeps.h
libdbus_1_la_LIBADD= $(DBUS_CLIENT_LIBS) libdbus-convenience.la
## don't export symbols that start with "_" (we use this
......
......@@ -27,6 +27,7 @@
#include "dbus-watch.h"
#include "dbus-connection-internal.h"
#include "dbus-list.h"
#include "dbus-message-internal.h"
/**
* @defgroup DBusConnection DBusConnection
......@@ -465,6 +466,8 @@ dbus_connection_send_message (DBusConnection *connection,
if (connection->n_outgoing == 1)
_dbus_transport_messages_pending (connection->transport,
connection->n_outgoing);
return TRUE;
}
/**
......
......@@ -1405,4 +1405,4 @@ _dbus_hash_test (void)
return TRUE;
}
#endif
#endif /* DBUS_BUILD_TESTS */
......@@ -164,7 +164,7 @@ _dbus_verbose (const char *format,
if (!initted)
{
verbose = getenv ("DBUS_VERBOSE") != NULL;
verbose = _dbus_getenv ("DBUS_VERBOSE") != NULL;
initted = TRUE;
if (!verbose)
return;
......
......@@ -32,8 +32,7 @@
#include <dbus/dbus-memory.h>
#include <dbus/dbus-types.h>
#include <dbus/dbus-errors.h>
#include <stdlib.h> /* for abort() */
#include <string.h> /* just so it's there in every file */
#include <dbus/dbus-sysdeps.h>
DBUS_BEGIN_DECLS;
......@@ -52,7 +51,7 @@ do { \
{ \
_dbus_warn ("Assertion failed \"%s\" file \"%s\" line %d\n", \
#condition, __FILE__, __LINE__); \
abort (); \
_dbus_abort (); \
} \
} while (0)
......@@ -60,10 +59,10 @@ do { \
do { \
_dbus_warn ("File \"%s\" line %d should not have been reached: %s\n", \
__FILE__, __LINE__, (explanation)); \
abort (); \
_dbus_abort (); \
} while (0)
#define _DBUS_N_ELEMENTS(array) (sizeof ((array)) / sizeof ((array)[0]))
#define _DBUS_N_ELEMENTS(array) ((int) (sizeof ((array)) / sizeof ((array)[0])))
#define _DBUS_POINTER_TO_INT(pointer) ((long)(pointer))
#define _DBUS_INT_TO_POINTER(integer) ((void*)((long)(integer)))
......
This diff is collapsed.
/* -*- mode: C; c-file-style: "gnu" -*- */
/* dbus-string.h String utility class (internal to D-BUS implementation)
*
* Copyright (C) 2002 Red Hat, Inc.
*
* Licensed under the Academic Free License version 1.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#ifndef DBUS_STRING_H
#define DBUS_STRING_H
#include <dbus/dbus-internals.h>
#include <dbus/dbus-memory.h>
#include <dbus/dbus-types.h>
DBUS_BEGIN_DECLS;
typedef struct DBusString DBusString;
struct DBusString
{
void *dummy1; /**< placeholder */
int dummy2; /**< placeholder */
int dummy3; /**< placeholder */
int dummy4; /**< placeholder */
unsigned int dummy5 : 1; /** placeholder */
unsigned int dummy6 : 1; /** placeholder */
unsigned int dummy7 : 1; /** placeholder */
};
dbus_bool_t _dbus_string_init (DBusString *str,
int max_length);
void _dbus_string_init_const (DBusString *str,
const char *value);
void _dbus_string_free (DBusString *str);
void _dbus_string_lock (DBusString *str);
void _dbus_string_get_data (DBusString *str,
char **data_return);
void _dbus_string_get_const_data (const DBusString *str,
const char **data_return);
void _dbus_string_get_data_len (DBusString *str,
char **data_return,
int start,
int len);
void _dbus_string_get_const_data_len (const DBusString *str,
const char **data_return,
int start,
int len);
dbus_bool_t _dbus_string_steal_data (DBusString *str,
char **data_return);
dbus_bool_t _dbus_string_steal_data_len (DBusString *str,
char **data_return,
int start,
int len);
int _dbus_string_get_length (const DBusString *str);
dbus_bool_t _dbus_string_lengthen (DBusString *str,
int additional_length);
void _dbus_string_shorten (DBusString *str,
int length_to_remove);
dbus_bool_t _dbus_string_set_length (DBusString *str,
int length);
dbus_bool_t _dbus_string_append (DBusString *str,
const char *buffer);
dbus_bool_t _dbus_string_append_len (DBusString *str,
const char *buffer,
int len);
dbus_bool_t _dbus_string_append_int (DBusString *str,
long value);
dbus_bool_t _dbus_string_append_double (DBusString *str,
double value);
dbus_bool_t _dbus_string_append_byte (DBusString *str,
unsigned char byte);
dbus_bool_t _dbus_string_append_unichar (DBusString *str,
dbus_unichar_t ch);
void _dbus_string_delete (DBusString *str,
int start,
int len);
dbus_bool_t _dbus_string_move (DBusString *source,
int start,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_copy (const DBusString *source,
int start,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_move_len (DBusString *source,
int start,
int len,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_copy_len (const DBusString *source,
int start,
int len,
DBusString *dest,
int insert_at);
void _dbus_string_get_unichar (const DBusString *str,
int start,
dbus_unichar_t *ch_return,
int *end_return);
dbus_bool_t _dbus_string_parse_int (const DBusString *str,
int start,
long *value_return,
int *end_return);
dbus_bool_t _dbus_string_parse_double (const DBusString *str,
int start,
double *value,
int *end_return);
DBUS_END_DECLS;
#endif /* DBUS_STRING_H */
/* -*- mode: C; c-file-style: "gnu" -*- */
/* dbus-sysdeps.c Wrappers around system/libc features (internal to D-BUS implementation)
*
* Copyright (C) 2002 Red Hat, Inc.
*
* Licensed under the Academic Free License version 1.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#include "dbus-sysdeps.h"
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
/**
* @addtogroup DBusInternalsUtils
* @{
*/
/**
* Aborts the program with SIGABRT (dumping core).
*/
void
_dbus_abort (void)
{
abort ();
_exit (1); /* in case someone manages to ignore SIGABRT */
}
/**
* Wrapper for getenv().
*
* @param varname name of environment variable
* @returns value of environment variable or #NULL if unset
*/
const char*
_dbus_getenv (const char *varname)
{
return getenv (varname);
}
/** @} */
/**
* @addtogroup DBusString
*
* @{
*/
/**
* Appends an integer to a DBusString.
*
* @param str the string
* @param value the integer value
* @returns #FALSE if not enough memory or other failure.
*/
dbus_bool_t
_dbus_string_append_int (DBusString *str,
long value)
{
/* this calculation is from comp.lang.c faq */
#define MAX_LONG_LEN ((sizeof (long) * 8 + 2) / 3 + 1) /* +1 for '-' */
int orig_len;
int i;
char *buf;
orig_len = _dbus_string_get_length (str);
if (!_dbus_string_lengthen (str, MAX_LONG_LEN))
return FALSE;
_dbus_string_get_data_len (str, &buf, orig_len, MAX_LONG_LEN);
snprintf (buf, MAX_LONG_LEN, "%ld", value);
i = 0;
while (*buf)
{
++buf;
++i;
}
_dbus_string_shorten (str, MAX_LONG_LEN - i);
return TRUE;
}
/**
* Appends a double to a DBusString.
*
* @param str the string
* @param value the floating point value
* @returns #FALSE if not enough memory or other failure.
*/
dbus_bool_t
_dbus_string_append_double (DBusString *str,
double value)
{
#define MAX_DOUBLE_LEN 64 /* this is completely made up :-/ */
int orig_len;
char *buf;
int i;
orig_len = _dbus_string_get_length (str);
if (!_dbus_string_lengthen (str, MAX_DOUBLE_LEN))
return FALSE;
_dbus_string_get_data_len (str, &buf, orig_len, MAX_DOUBLE_LEN);
snprintf (buf, MAX_LONG_LEN, "%g", value);
i = 0;
while (*buf)
{
++buf;
++i;
}
_dbus_string_shorten (str, MAX_DOUBLE_LEN - i);
return TRUE;
}
/**
* Parses an integer contained in a DBusString. Either return parameter
* may be #NULL if you aren't interested in it. The integer is parsed
* and stored in value_return. Return parameters are not initialized
* if the function returns #FALSE.
*
* @param str the string
* @param start the byte index of the start of the integer
* @param value_return return location of the integer value or #NULL
* @param end_return return location of the end of the integer, or #NULL
* @returns #TRUE on success
*/
dbus_bool_t
_dbus_string_parse_int (const DBusString *str,
int start,
long *value_return,
int *end_return)
{
long v;
const char *p;
char *end;
_dbus_string_get_const_data_len (str, &p, start,
_dbus_string_get_length (str) - start);
end = NULL;
errno = 0;
v = strtol (p, &end, 0);
if (end == NULL || end == p || errno != 0)
return FALSE;
if (value_return)
*value_return = v;
if (end_return)
*end_return = (end - p);
return TRUE;
}
/**
* Parses a floating point number contained in a DBusString. Either
* return parameter may be #NULL if you aren't interested in it. The
* integer is parsed and stored in value_return. Return parameters are
* not initialized if the function returns #FALSE.
*
* @todo this function is currently locale-dependent. Should
* ask alexl to relicense g_ascii_strtod() code and put that in
* here instead, so it's locale-independent.
*
* @param str the string
* @param start the byte index of the start of the float
* @param value_return return location of the float value or #NULL
* @param end_return return location of the end of the float, or #NULL
* @returns #TRUE on success
*/
dbus_bool_t
_dbus_string_parse_double (const DBusString *str,
int start,
double *value_return,
int *end_return)
{
double v;
const char *p;
char *end;
_dbus_warn ("_dbus_string_parse_double() needs to be made locale-independent\n");
_dbus_string_get_const_data_len (str, &p, start,
_dbus_string_get_length (str) - start);
end = NULL;
errno = 0;
v = strtod (p, &end);
if (end == NULL || end == p || errno != 0)
return FALSE;
if (value_return)
*value_return = v;
if (end_return)
*end_return = (end - p);
return TRUE;
}
/** @} end of DBusString */
/* -*- mode: C; c-file-style: "gnu" -*- */
/* dbus-sysdeps.h Wrappers around system/libc features (internal to D-BUS implementation)
*
* Copyright (C) 2002 Red Hat, Inc.
*
* Licensed under the Academic Free License version 1.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#ifndef DBUS_SYSDEPS_H
#define DBUS_SYSDEPS_H
#include <dbus/dbus-string.h>
/* this is perhaps bogus, but strcmp() etc. are faster if we use the
* stuff straight out of string.h, so have this here for now.
*/
#include <string.h>
DBUS_BEGIN_DECLS;
/* The idea of this file is to encapsulate everywhere that we're
* relying on external libc features, for ease of security
* auditing. The idea is from vsftpd. This also gives us a chance to
* make things more convenient to use, e.g. by reading into a
* DBusString. Operating system headers aren't intended to be used
* outside of this file and a limited number of others (such as
* dbus-memory.c)
*/
void _dbus_abort (void);
const char* _dbus_getenv (const char *varname);
DBUS_END_DECLS;
#endif /* DBUS_SYSDEPS_H */
......@@ -29,6 +29,11 @@ int
main (int argc,
char **argv)
{
printf ("%s: running string tests\n", argv[0]);
if (!_dbus_string_test ())
return 1;
printf ("%s: running linked list tests\n", argv[0]);
if (!_dbus_list_test ())
return 1;
......
......@@ -26,7 +26,8 @@
#include <dbus/dbus-types.h>
dbus_bool_t _dbus_hash_test (void);
dbus_bool_t _dbus_list_test (void);
dbus_bool_t _dbus_hash_test (void);
dbus_bool_t _dbus_list_test (void);
dbus_bool_t _dbus_string_test (void);
#endif /* DBUS_TEST_H */
......@@ -24,6 +24,7 @@
#include "dbus-transport-protected.h"
#include "dbus-transport-unix.h"
#include "dbus-connection-internal.h"
#include "dbus-watch.h"
/**
* @defgroup DBusTransport DBusTransport object
......
......@@ -27,10 +27,10 @@
#ifndef DBUS_TYPES_H
#define DBUS_TYPES_H
typedef unsigned int dbus_bool_t;
typedef unsigned int dbus_uint32_t;
typedef int dbus_int32_t;
typedef unsigned int dbus_bool_t;
typedef unsigned int dbus_uint32_t;
typedef int dbus_int32_t;
typedef dbus_uint32_t dbus_unichar_t;
/* Normally docs are in .c files, but there isn't a .c file for this. */
/**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment