Commit d86fc407 authored by Kristian Høgsberg's avatar Kristian Høgsberg

2004-05-17 Kristian Høgsberg <krh@redhat.com>

	Remove base64 encoding, replace with hex encoding. Original patch
	from trow@ximian.com, added error handling.

	* dbus/dbus-string.c (_dbus_string_base64_encode)
	(_dbus_string_base64_decode): Remove.
	(_dbus_string_hex_decode): Add end_return argument so we can
	distinguish between OOM and invalid hex encoding.
	(_dbus_string_test): Remove base64 tests and add test case for
	invalid hex.

	* dbus/dbus-keyring.c, dbus/dbus-auth-script.c, dbus/dbus-auth.c:
	Replace base64 with hex.

	* test/data/auth/invalid-hex-encoding.auth-script: New test case
	for invalid hex encoded data in auth protocol.
parent 91605d68
2004-05-17 Kristian Høgsberg <krh@redhat.com>
Remove base64 encoding, replace with hex encoding. Original patch
from trow@ximian.com, added error handling.
* dbus/dbus-string.c (_dbus_string_base64_encode)
(_dbus_string_base64_decode): Remove.
(_dbus_string_hex_decode): Add end_return argument so we can
distinguish between OOM and invalid hex encoding.
(_dbus_string_test): Remove base64 tests and add test case for
invalid hex.
* dbus/dbus-keyring.c, dbus/dbus-auth-script.c, dbus/dbus-auth.c:
Replace base64 with hex.
* test/data/auth/invalid-hex-encoding.auth-script: New test case
for invalid hex encoded data in auth protocol.
2004-05-17 Olivier Andrieu <oliv__a@users.sourceforge.net>
* dbus/dbus-connection.c (check_for_reply_unlocked): plug a memory
......
......@@ -366,12 +366,12 @@ _dbus_auth_script_run (const DBusString *filename)
goto out;
}
/* Replace USERID_BASE64 with our username in base64 */
/* Replace USERID_HEX with our username in hex */
{
int where;
if (_dbus_string_find (&to_send, 0,
"USERID_BASE64", &where))
"USERID_HEX", &where))
{
DBusString username;
......@@ -391,12 +391,12 @@ _dbus_auth_script_run (const DBusString *filename)
goto out;
}
_dbus_string_delete (&to_send, where, strlen ("USERID_BASE64"));
_dbus_string_delete (&to_send, where, strlen ("USERID_HEX"));
if (!_dbus_string_base64_encode (&username, 0,
&to_send, where))
if (!_dbus_string_hex_encode (&username, 0,
&to_send, where))
{
_dbus_warn ("no memory to subst USERID_BASE64\n");
_dbus_warn ("no memory to subst USERID_HEX\n");
_dbus_string_free (&username);
_dbus_string_free (&to_send);
goto out;
......@@ -405,7 +405,7 @@ _dbus_auth_script_run (const DBusString *filename)
_dbus_string_free (&username);
}
else if (_dbus_string_find (&to_send, 0,
"USERNAME_BASE64", &where))
"USERNAME_HEX", &where))
{
DBusString username;
const DBusString *u;
......@@ -427,12 +427,12 @@ _dbus_auth_script_run (const DBusString *filename)
goto out;
}
_dbus_string_delete (&to_send, where, strlen ("USERNAME_BASE64"));
_dbus_string_delete (&to_send, where, strlen ("USERNAME_HEX"));
if (!_dbus_string_base64_encode (&username, 0,
&to_send, where))
if (!_dbus_string_hex_encode (&username, 0,
&to_send, where))
{
_dbus_warn ("no memory to subst USERNAME_BASE64\n");
_dbus_warn ("no memory to subst USERNAME_HEX\n");
_dbus_string_free (&username);
_dbus_string_free (&to_send);
goto out;
......
......@@ -586,8 +586,8 @@ sha1_handle_first_client_response (DBusAuth *auth,
"DATA "))
goto out;
if (!_dbus_string_base64_encode (&tmp2, 0, &auth->outgoing,
_dbus_string_get_length (&auth->outgoing)))
if (!_dbus_string_hex_encode (&tmp2, 0, &auth->outgoing,
_dbus_string_get_length (&auth->outgoing)))
goto out;
if (!_dbus_string_append (&auth->outgoing,
......@@ -734,9 +734,9 @@ handle_client_initial_response_cookie_sha1_mech (DBusAuth *auth,
if (!_dbus_username_from_current_process (&username))
goto out_0;
if (!_dbus_string_base64_encode (username, 0,
response,
_dbus_string_get_length (response)))
if (!_dbus_string_hex_encode (username, 0,
response,
_dbus_string_get_length (response)))
goto out_0;
retval = TRUE;
......@@ -919,9 +919,9 @@ handle_client_data_cookie_sha1_mech (DBusAuth *auth,
if (!_dbus_string_append (&auth->outgoing, "DATA "))
goto out_6;
if (!_dbus_string_base64_encode (&tmp, 0,
&auth->outgoing,
_dbus_string_get_length (&auth->outgoing)))
if (!_dbus_string_hex_encode (&tmp, 0,
&auth->outgoing,
_dbus_string_get_length (&auth->outgoing)))
{
_dbus_string_set_length (&auth->outgoing, old_len);
goto out_6;
......@@ -1091,9 +1091,9 @@ handle_client_initial_response_external_mech (DBusAuth *auth,
_dbus_getuid ()))
goto failed;
if (!_dbus_string_base64_encode (&plaintext, 0,
response,
_dbus_string_get_length (response)))
if (!_dbus_string_hex_encode (&plaintext, 0,
response,
_dbus_string_get_length (response)))
goto failed;
_dbus_string_free (&plaintext);
......@@ -1248,9 +1248,9 @@ process_auth (DBusAuth *auth,
}
else
{
int i;
int i, end;
DBusString mech;
DBusString base64_response;
DBusString hex_response;
DBusString decoded_response;
_dbus_string_find_blank (args, 0, &i);
......@@ -1258,7 +1258,7 @@ process_auth (DBusAuth *auth,
if (!_dbus_string_init (&mech))
return FALSE;
if (!_dbus_string_init (&base64_response))
if (!_dbus_string_init (&hex_response))
{
_dbus_string_free (&mech);
return FALSE;
......@@ -1267,20 +1267,30 @@ process_auth (DBusAuth *auth,
if (!_dbus_string_init (&decoded_response))
{
_dbus_string_free (&mech);
_dbus_string_free (&base64_response);
_dbus_string_free (&hex_response);
return FALSE;
}
if (!_dbus_string_copy_len (args, 0, i, &mech, 0))
goto failed;
if (!_dbus_string_copy (args, i, &base64_response, 0))
_dbus_string_skip_blank (args, i, &i);
if (!_dbus_string_copy (args, i, &hex_response, 0))
goto failed;
if (!_dbus_string_base64_decode (&base64_response, 0,
&decoded_response, 0))
goto failed;
if (!_dbus_string_hex_decode (&hex_response, 0, &end,
&decoded_response, 0))
goto failed;
if (_dbus_string_get_length (&hex_response) != end)
{
if (!_dbus_string_append (&auth->outgoing,
"ERROR \"Invalid hex encoding\"\r\n"))
goto failed;
goto out;
}
auth->mech = find_mech (&mech, auth->allowed_mechs);
if (auth->mech != NULL)
{
......@@ -1300,8 +1310,9 @@ process_auth (DBusAuth *auth,
goto failed;
}
out:
_dbus_string_free (&mech);
_dbus_string_free (&base64_response);
_dbus_string_free (&hex_response);
_dbus_string_free (&decoded_response);
return TRUE;
......@@ -1309,7 +1320,7 @@ process_auth (DBusAuth *auth,
failed:
auth->mech = NULL;
_dbus_string_free (&mech);
_dbus_string_free (&base64_response);
_dbus_string_free (&hex_response);
_dbus_string_free (&decoded_response);
return FALSE;
}
......@@ -1349,6 +1360,8 @@ process_data_server (DBusAuth *auth,
const DBusString *command,
const DBusString *args)
{
int end;
if (auth->mech != NULL)
{
DBusString decoded;
......@@ -1356,10 +1369,20 @@ process_data_server (DBusAuth *auth,
if (!_dbus_string_init (&decoded))
return FALSE;
if (!_dbus_string_base64_decode (args, 0, &decoded, 0))
{
if (!_dbus_string_hex_decode (args, 0, &end, &decoded, 0))
{
_dbus_string_free (&decoded);
return FALSE;
return FALSE;
}
if (_dbus_string_get_length (args) != end)
{
_dbus_string_free (&decoded);
if (!_dbus_string_append (&auth->outgoing,
"ERROR \"Invalid hex encoding\"\r\n"))
return FALSE;
return TRUE;
}
#ifdef DBUS_ENABLE_VERBOSE_MODE
......@@ -1632,6 +1655,8 @@ process_data_client (DBusAuth *auth,
const DBusString *command,
const DBusString *args)
{
int end;
if (auth->mech != NULL)
{
DBusString decoded;
......@@ -1639,10 +1664,20 @@ process_data_client (DBusAuth *auth,
if (!_dbus_string_init (&decoded))
return FALSE;
if (!_dbus_string_base64_decode (args, 0, &decoded, 0))
if (!_dbus_string_hex_decode (args, 0, &end, &decoded, 0))
{
_dbus_string_free (&decoded);
return FALSE;
return FALSE;
}
if (_dbus_string_get_length (args) != end)
{
_dbus_string_free (&decoded);
if (!_dbus_string_append (&auth->outgoing,
"ERROR \"Invalid hex encoding\"\r\n"))
return FALSE;
return TRUE;
}
#ifdef DBUS_ENABLE_VERBOSE_MODE
......
......@@ -91,7 +91,7 @@ message_from_error (const char *error)
else if (strcmp (error, DBUS_ERROR_DISCONNECTED) == 0)
return "Disconnected.";
else if (strcmp (error, DBUS_ERROR_INVALID_ARGS) == 0)
return "Invalid argumemts.";
return "Invalid arguments.";
else if (strcmp (error, DBUS_ERROR_NO_REPLY) == 0)
return "Did not get a reply message.";
else if (strcmp (error, DBUS_ERROR_FILE_NOT_FOUND) == 0)
......
......@@ -474,6 +474,7 @@ _dbus_keyring_reload (DBusKeyring *keyring,
int id;
long timestamp;
int len;
int end;
DBusKey *new;
/* Don't load more than the max. */
......@@ -542,13 +543,20 @@ _dbus_keyring_reload (DBusKeyring *keyring,
keys[n_keys-1].id = id;
keys[n_keys-1].creation_time = timestamp;
if (!_dbus_string_hex_decode (&line, next,
&keys[n_keys-1].secret,
0))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
goto out;
}
if (!_dbus_string_hex_decode (&line, next, &end,
&keys[n_keys-1].secret, 0))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
goto out;
}
if (_dbus_string_get_length (&line) != end)
{
_dbus_verbose ("invalid hex encoding in keyring file\n");
_dbus_string_free (&keys[n_keys - 1].secret);
n_keys -= 1;
continue;
}
}
_dbus_verbose ("Successfully loaded %d existing keys\n",
......
This diff is collapsed.
......@@ -202,20 +202,13 @@ dbus_bool_t _dbus_string_pop_line (DBusString *source,
DBusString *dest);
void _dbus_string_delete_first_word (DBusString *str);
void _dbus_string_delete_leading_blanks (DBusString *str);
dbus_bool_t _dbus_string_base64_encode (const DBusString *source,
int start,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_base64_decode (const DBusString *source,
int start,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_hex_encode (const DBusString *source,
int start,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_hex_decode (const DBusString *source,
int start,
int *end_return,
DBusString *dest,
int insert_at);
dbus_bool_t _dbus_string_validate_ascii (const DBusString *str,
......
......@@ -118,10 +118,6 @@
- recursive dispatch, see dbus_connection_dispatch()
- the auth protocol may as well use hex encoding instead of
base64, then we can dump the base64 implementation and
save some bloat.
- Better error checking for bogus configuration files. Currently if a
configuration file tries to include itself the bus crashes on start. We
should probably have a check against this.
......@@ -911,7 +911,7 @@
<title>DATA Command</title>
<para>
The DATA command may come from either client or server, and simply
contains a base64-encoded block of data to be interpreted
contains a hex-encoded block of data to be interpreted
according to the SASL mechanism in use.
</para>
<para>
......
......@@ -135,7 +135,7 @@
## this tests a successful auth of type EXTERNAL
SERVER
SEND 'AUTH EXTERNAL USERNAME_BASE64'
SEND 'AUTH EXTERNAL USERNAME_HEX'
EXPECT_COMMAND OK
EXPECT_STATE WAITING_FOR_INPUT
SEND 'BEGIN'
......
......@@ -9,7 +9,7 @@ INCLUDES=-I$(top_srcdir) $(DBUS_TEST_CFLAGS)
if DBUS_BUILD_TESTS
TEST_BINARIES=test-service unbase64 break-loader spawn-test test-segfault test-exit test-sleep-forever
TEST_BINARIES=test-service break-loader spawn-test test-segfault test-exit test-sleep-forever
else
TEST_BINARIES=
endif
......@@ -27,9 +27,6 @@ test_service_SOURCES= \
test-utils.c \
test-utils.h
unbase64_SOURCES= \
unbase64.c
break_loader_SOURCES= \
break-loader.c
......@@ -51,7 +48,6 @@ decode_gcov_SOURCES= \
TEST_LIBS=$(DBUS_TEST_LIBS) $(top_builddir)/dbus/libdbus-convenience.la
test_service_LDADD=$(TEST_LIBS)
unbase64_LDADD=$(TEST_LIBS)
break_loader_LDADD= $(TEST_LIBS)
spawn_test_LDADD=$(TEST_LIBS)
decode_gcov_LDADD=$(TEST_LIBS)
......
## this tests canceling EXTERNAL
SERVER
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND OK
EXPECT_STATE WAITING_FOR_INPUT
SEND 'CANCEL'
......@@ -9,7 +9,7 @@ EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
## now start over and see if it works
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND OK
EXPECT_STATE WAITING_FOR_INPUT
SEND 'BEGIN'
......
......@@ -2,7 +2,7 @@
SERVER
NO_CREDENTIALS
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
......@@ -2,7 +2,7 @@
SERVER
ROOT_CREDENTIALS
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND OK
EXPECT_STATE WAITING_FOR_INPUT
SEND 'BEGIN'
......
......@@ -2,7 +2,7 @@
SERVER
SILLY_CREDENTIALS
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
## this tests a successful auth of type EXTERNAL
SERVER
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND OK
EXPECT_STATE WAITING_FOR_INPUT
SEND 'BEGIN'
......
## this tests that we have the expected extra bytes at the end
SERVER
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND OK
EXPECT_STATE WAITING_FOR_INPUT
SEND 'BEGIN\r\nHello'
......
......@@ -4,30 +4,30 @@ SERVER
NO_CREDENTIALS
# 1
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
# 2
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
# 3
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
# 4
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
# 5
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_COMMAND REJECTED
EXPECT_STATE WAITING_FOR_INPUT
# 6
SEND 'AUTH EXTERNAL USERID_BASE64'
SEND 'AUTH EXTERNAL USERID_HEX'
EXPECT_STATE NEED_DISCONNECT
## this tests an invalid hex encoding followed by successful authentication
SERVER
SEND 'AUTH EXTERNAL willy'
EXPECT_COMMAND ERROR
EXPECT_STATE WAITING_FOR_INPUT
#include <dbus/dbus.h>
#define DBUS_COMPILATION /* cheat and use string etc. */
#include <dbus/dbus-string.h>
#include <dbus/dbus-sysdeps.h>
#include <dbus/dbus-internals.h>
#undef DBUS_COMPILATION
#include <stdio.h>
int
main (int argc,
char **argv)
{
DBusString contents;
DBusString decoded;
DBusString filename;
const char *s;
DBusError error;
if (argc < 2)
{
fprintf (stderr, "Give the file to decode as an argument\n");
return 1;
}
_dbus_string_init_const (&filename, argv[1]);
if (!_dbus_string_init (&contents))
return 1;
if (!_dbus_string_init (&decoded))
return 1;
dbus_error_init (&error);
if (!_dbus_file_get_contents (&contents, &filename, &error))
{
fprintf (stderr, "Failed to load file: %s\n", error.message);
dbus_error_free (&error);
return 1;
}
if (!_dbus_string_base64_decode (&contents, 0,
&decoded, 0))
return 1;
s = _dbus_string_get_const_data (&decoded);
fputs (s, stdout);
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment