diff options
| author | Kristian Høgsberg <krh@redhat.com> | 2004-05-17 22:19:04 +0000 |
|---|---|---|
| committer | Kristian Høgsberg <krh@redhat.com> | 2004-05-17 22:19:04 +0000 |
| commit | d86fc4071ccb8590d922e3456c5c80c0f7bb9d6f (patch) | |
| tree | 7ed880494686d9290ad1f9ded6230459e2e7269a | |
| parent | 91605d6899e8f21a6adf7f2fc87cfe07d399875f (diff) | |
| download | dbus-d86fc4071ccb8590d922e3456c5c80c0f7bb9d6f.tar.gz | |
2004-05-17 Kristian Høgsberg <krh@redhat.com>
Remove base64 encoding, replace with hex encoding. Original patch
from trow@ximian.com, added error handling.
* dbus/dbus-string.c (_dbus_string_base64_encode)
(_dbus_string_base64_decode): Remove.
(_dbus_string_hex_decode): Add end_return argument so we can
distinguish between OOM and invalid hex encoding.
(_dbus_string_test): Remove base64 tests and add test case for
invalid hex.
* dbus/dbus-keyring.c, dbus/dbus-auth-script.c, dbus/dbus-auth.c:
Replace base64 with hex.
* test/data/auth/invalid-hex-encoding.auth-script: New test case
for invalid hex encoded data in auth protocol.
| -rw-r--r-- | ChangeLog | 18 | ||||
| -rw-r--r-- | dbus/dbus-auth-script.c | 22 | ||||
| -rw-r--r-- | dbus/dbus-auth.c | 89 | ||||
| -rw-r--r-- | dbus/dbus-errors.c | 2 | ||||
| -rw-r--r-- | dbus/dbus-keyring.c | 22 | ||||
| -rw-r--r-- | dbus/dbus-string.c | 478 | ||||
| -rw-r--r-- | dbus/dbus-string.h | 9 | ||||
| -rw-r--r-- | doc/TODO | 4 | ||||
| -rw-r--r-- | doc/dbus-specification.xml | 2 | ||||
| -rw-r--r-- | doc/dbus-test-plan.xml | 2 | ||||
| -rw-r--r-- | test/Makefile.am | 6 | ||||
| -rw-r--r-- | test/data/auth/cancel.auth-script | 4 | ||||
| -rw-r--r-- | test/data/auth/external-failed.auth-script | 2 | ||||
| -rw-r--r-- | test/data/auth/external-root.auth-script | 2 | ||||
| -rw-r--r-- | test/data/auth/external-silly.auth-script | 2 | ||||
| -rw-r--r-- | test/data/auth/external-successful.auth-script | 2 | ||||
| -rw-r--r-- | test/data/auth/extra-bytes.auth-script | 2 | ||||
| -rw-r--r-- | test/data/auth/fail-after-n-attempts.auth-script | 12 | ||||
| -rw-r--r-- | test/data/auth/invalid-hex-encoding.auth-script | 6 | ||||
| -rw-r--r-- | test/unbase64.c | 50 |
20 files changed, 156 insertions, 580 deletions
@@ -1,3 +1,21 @@ +2004-05-17 Kristian Høgsberg <krh@redhat.com> + + Remove base64 encoding, replace with hex encoding. Original patch + from trow@ximian.com, added error handling. + + * dbus/dbus-string.c (_dbus_string_base64_encode) + (_dbus_string_base64_decode): Remove. + (_dbus_string_hex_decode): Add end_return argument so we can + distinguish between OOM and invalid hex encoding. + (_dbus_string_test): Remove base64 tests and add test case for + invalid hex. + + * dbus/dbus-keyring.c, dbus/dbus-auth-script.c, dbus/dbus-auth.c: + Replace base64 with hex. + + * test/data/auth/invalid-hex-encoding.auth-script: New test case + for invalid hex encoded data in auth protocol. + 2004-05-17 Olivier Andrieu <oliv__a@users.sourceforge.net> * dbus/dbus-connection.c (check_for_reply_unlocked): plug a memory diff --git a/dbus/dbus-auth-script.c b/dbus/dbus-auth-script.c index f3154c92..0c6426db 100644 --- a/dbus/dbus-auth-script.c +++ b/dbus/dbus-auth-script.c @@ -366,12 +366,12 @@ _dbus_auth_script_run (const DBusString *filename) goto out; } - /* Replace USERID_BASE64 with our username in base64 */ + /* Replace USERID_HEX with our username in hex */ { int where; if (_dbus_string_find (&to_send, 0, - "USERID_BASE64", &where)) + "USERID_HEX", &where)) { DBusString username; @@ -391,12 +391,12 @@ _dbus_auth_script_run (const DBusString *filename) goto out; } - _dbus_string_delete (&to_send, where, strlen ("USERID_BASE64")); + _dbus_string_delete (&to_send, where, strlen ("USERID_HEX")); - if (!_dbus_string_base64_encode (&username, 0, - &to_send, where)) + if (!_dbus_string_hex_encode (&username, 0, + &to_send, where)) { - _dbus_warn ("no memory to subst USERID_BASE64\n"); + _dbus_warn ("no memory to subst USERID_HEX\n"); _dbus_string_free (&username); _dbus_string_free (&to_send); goto out; @@ -405,7 +405,7 @@ _dbus_auth_script_run (const DBusString *filename) _dbus_string_free (&username); } else if (_dbus_string_find (&to_send, 0, - "USERNAME_BASE64", &where)) + "USERNAME_HEX", &where)) { DBusString username; const DBusString *u; @@ -427,12 +427,12 @@ _dbus_auth_script_run (const DBusString *filename) goto out; } - _dbus_string_delete (&to_send, where, strlen ("USERNAME_BASE64")); + _dbus_string_delete (&to_send, where, strlen ("USERNAME_HEX")); - if (!_dbus_string_base64_encode (&username, 0, - &to_send, where)) + if (!_dbus_string_hex_encode (&username, 0, + &to_send, where)) { - _dbus_warn ("no memory to subst USERNAME_BASE64\n"); + _dbus_warn ("no memory to subst USERNAME_HEX\n"); _dbus_string_free (&username); _dbus_string_free (&to_send); goto out; diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c index 6d3dfcc9..726091a6 100644 --- a/dbus/dbus-auth.c +++ b/dbus/dbus-auth.c @@ -586,8 +586,8 @@ sha1_handle_first_client_response (DBusAuth *auth, "DATA ")) goto out; - if (!_dbus_string_base64_encode (&tmp2, 0, &auth->outgoing, - _dbus_string_get_length (&auth->outgoing))) + if (!_dbus_string_hex_encode (&tmp2, 0, &auth->outgoing, + _dbus_string_get_length (&auth->outgoing))) goto out; if (!_dbus_string_append (&auth->outgoing, @@ -734,9 +734,9 @@ handle_client_initial_response_cookie_sha1_mech (DBusAuth *auth, if (!_dbus_username_from_current_process (&username)) goto out_0; - if (!_dbus_string_base64_encode (username, 0, - response, - _dbus_string_get_length (response))) + if (!_dbus_string_hex_encode (username, 0, + response, + _dbus_string_get_length (response))) goto out_0; retval = TRUE; @@ -919,9 +919,9 @@ handle_client_data_cookie_sha1_mech (DBusAuth *auth, if (!_dbus_string_append (&auth->outgoing, "DATA ")) goto out_6; - if (!_dbus_string_base64_encode (&tmp, 0, - &auth->outgoing, - _dbus_string_get_length (&auth->outgoing))) + if (!_dbus_string_hex_encode (&tmp, 0, + &auth->outgoing, + _dbus_string_get_length (&auth->outgoing))) { _dbus_string_set_length (&auth->outgoing, old_len); goto out_6; @@ -1091,9 +1091,9 @@ handle_client_initial_response_external_mech (DBusAuth *auth, _dbus_getuid ())) goto failed; - if (!_dbus_string_base64_encode (&plaintext, 0, - response, - _dbus_string_get_length (response))) + if (!_dbus_string_hex_encode (&plaintext, 0, + response, + _dbus_string_get_length (response))) goto failed; _dbus_string_free (&plaintext); @@ -1248,9 +1248,9 @@ process_auth (DBusAuth *auth, } else { - int i; + int i, end; DBusString mech; - DBusString base64_response; + DBusString hex_response; DBusString decoded_response; _dbus_string_find_blank (args, 0, &i); @@ -1258,7 +1258,7 @@ process_auth (DBusAuth *auth, if (!_dbus_string_init (&mech)) return FALSE; - if (!_dbus_string_init (&base64_response)) + if (!_dbus_string_init (&hex_response)) { _dbus_string_free (&mech); return FALSE; @@ -1267,20 +1267,30 @@ process_auth (DBusAuth *auth, if (!_dbus_string_init (&decoded_response)) { _dbus_string_free (&mech); - _dbus_string_free (&base64_response); + _dbus_string_free (&hex_response); return FALSE; } if (!_dbus_string_copy_len (args, 0, i, &mech, 0)) goto failed; - if (!_dbus_string_copy (args, i, &base64_response, 0)) + _dbus_string_skip_blank (args, i, &i); + if (!_dbus_string_copy (args, i, &hex_response, 0)) goto failed; - if (!_dbus_string_base64_decode (&base64_response, 0, - &decoded_response, 0)) - goto failed; - + if (!_dbus_string_hex_decode (&hex_response, 0, &end, + &decoded_response, 0)) + goto failed; + + if (_dbus_string_get_length (&hex_response) != end) + { + if (!_dbus_string_append (&auth->outgoing, + "ERROR \"Invalid hex encoding\"\r\n")) + goto failed; + + goto out; + } + auth->mech = find_mech (&mech, auth->allowed_mechs); if (auth->mech != NULL) { @@ -1300,8 +1310,9 @@ process_auth (DBusAuth *auth, goto failed; } + out: _dbus_string_free (&mech); - _dbus_string_free (&base64_response); + _dbus_string_free (&hex_response); _dbus_string_free (&decoded_response); return TRUE; @@ -1309,7 +1320,7 @@ process_auth (DBusAuth *auth, failed: auth->mech = NULL; _dbus_string_free (&mech); - _dbus_string_free (&base64_response); + _dbus_string_free (&hex_response); _dbus_string_free (&decoded_response); return FALSE; } @@ -1349,6 +1360,8 @@ process_data_server (DBusAuth *auth, const DBusString *command, const DBusString *args) { + int end; + if (auth->mech != NULL) { DBusString decoded; @@ -1356,10 +1369,20 @@ process_data_server (DBusAuth *auth, if (!_dbus_string_init (&decoded)) return FALSE; - if (!_dbus_string_base64_decode (args, 0, &decoded, 0)) - { + if (!_dbus_string_hex_decode (args, 0, &end, &decoded, 0)) + { _dbus_string_free (&decoded); - return FALSE; + return FALSE; + } + + if (_dbus_string_get_length (args) != end) + { + _dbus_string_free (&decoded); + if (!_dbus_string_append (&auth->outgoing, + "ERROR \"Invalid hex encoding\"\r\n")) + return FALSE; + + return TRUE; } #ifdef DBUS_ENABLE_VERBOSE_MODE @@ -1632,6 +1655,8 @@ process_data_client (DBusAuth *auth, const DBusString *command, const DBusString *args) { + int end; + if (auth->mech != NULL) { DBusString decoded; @@ -1639,10 +1664,20 @@ process_data_client (DBusAuth *auth, if (!_dbus_string_init (&decoded)) return FALSE; - if (!_dbus_string_base64_decode (args, 0, &decoded, 0)) + if (!_dbus_string_hex_decode (args, 0, &end, &decoded, 0)) { _dbus_string_free (&decoded); - return FALSE; + return FALSE; + } + + if (_dbus_string_get_length (args) != end) + { + _dbus_string_free (&decoded); + if (!_dbus_string_append (&auth->outgoing, + "ERROR \"Invalid hex encoding\"\r\n")) + return FALSE; + + return TRUE; } #ifdef DBUS_ENABLE_VERBOSE_MODE diff --git a/dbus/dbus-errors.c b/dbus/dbus-errors.c index 07f42e3e..2a7dd853 100644 --- a/dbus/dbus-errors.c +++ b/dbus/dbus-errors.c @@ -91,7 +91,7 @@ message_from_error (const char *error) else if (strcmp (error, DBUS_ERROR_DISCONNECTED) == 0) return "Disconnected."; else if (strcmp (error, DBUS_ERROR_INVALID_ARGS) == 0) - return "Invalid argumemts."; + return "Invalid arguments."; else if (strcmp (error, DBUS_ERROR_NO_REPLY) == 0) return "Did not get a reply message."; else if (strcmp (error, DBUS_ERROR_FILE_NOT_FOUND) == 0) diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 68178b15..92989b8d 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -474,6 +474,7 @@ _dbus_keyring_reload (DBusKeyring *keyring, int id; long timestamp; int len; + int end; DBusKey *new; /* Don't load more than the max. */ @@ -542,13 +543,20 @@ _dbus_keyring_reload (DBusKeyring *keyring, keys[n_keys-1].id = id; keys[n_keys-1].creation_time = timestamp; - if (!_dbus_string_hex_decode (&line, next, - &keys[n_keys-1].secret, - 0)) - { - dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); - goto out; - } + if (!_dbus_string_hex_decode (&line, next, &end, + &keys[n_keys-1].secret, 0)) + { + dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); + goto out; + } + + if (_dbus_string_get_length (&line) != end) + { + _dbus_verbose ("invalid hex encoding in keyring file\n"); + _dbus_string_free (&keys[n_keys - 1].secret); + n_keys -= 1; + continue; + } } _dbus_verbose ("Successfully loaded %d existing keys\n", diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c index 6a83398d..8820273d 100644 --- a/dbus/dbus-string.c +++ b/dbus/dbus-string.c @@ -2125,400 +2125,6 @@ _dbus_string_ends_with_c_str (const DBusString *a, return TRUE; } -static const signed char base64_table[] = { - /* 0 */ 'A', - /* 1 */ 'B', - /* 2 */ 'C', - /* 3 */ 'D', - /* 4 */ 'E', - /* 5 */ 'F', - /* 6 */ 'G', - /* 7 */ 'H', - /* 8 */ 'I', - /* 9 */ 'J', - /* 10 */ 'K', - /* 11 */ 'L', - /* 12 */ 'M', - /* 13 */ 'N', - /* 14 */ 'O', - /* 15 */ 'P', - /* 16 */ 'Q', - /* 17 */ 'R', - /* 18 */ 'S', - /* 19 */ 'T', - /* 20 */ 'U', - /* 21 */ 'V', - /* 22 */ 'W', - /* 23 */ 'X', - /* 24 */ 'Y', - /* 25 */ 'Z', - /* 26 */ 'a', - /* 27 */ 'b', - /* 28 */ 'c', - /* 29 */ 'd', - /* 30 */ 'e', - /* 31 */ 'f', - /* 32 */ 'g', - /* 33 */ 'h', - /* 34 */ 'i', - /* 35 */ 'j', - /* 36 */ 'k', - /* 37 */ 'l', - /* 38 */ 'm', - /* 39 */ 'n', - /* 40 */ 'o', - /* 41 */ 'p', - /* 42 */ 'q', - /* 43 */ 'r', - /* 44 */ 's', - /* 45 */ 't', - /* 46 */ 'u', - /* 47 */ 'v', - /* 48 */ 'w', - /* 49 */ 'x', - /* 50 */ 'y', - /* 51 */ 'z', - /* 52 */ '0', - /* 53 */ '1', - /* 54 */ '2', - /* 55 */ '3', - /* 56 */ '4', - /* 57 */ '5', - /* 58 */ '6', - /* 59 */ '7', - /* 60 */ '8', - /* 61 */ '9', - /* 62 */ '+', - /* 63 */ '/' -}; - -/** The minimum char that's a valid char in Base64-encoded text */ -#define UNBASE64_MIN_CHAR (43) -/** The maximum char that's a valid char in Base64-encoded text */ -#define UNBASE64_MAX_CHAR (122) -/** Must subtract this from a char's integer value before offsetting - * into unbase64_table - */ -#define UNBASE64_TABLE_OFFSET UNBASE64_MIN_CHAR -static const signed char unbase64_table[] = { - /* 43 + */ 62, - /* 44 , */ -1, - /* 45 - */ -1, - /* 46 . */ -1, - /* 47 / */ 63, - /* 48 0 */ 52, - /* 49 1 */ 53, - /* 50 2 */ 54, - /* 51 3 */ 55, - /* 52 4 */ 56, - /* 53 5 */ 57, - /* 54 6 */ 58, - /* 55 7 */ 59, - /* 56 8 */ 60, - /* 57 9 */ 61, - /* 58 : */ -1, - /* 59 ; */ -1, - /* 60 < */ -1, - /* 61 = */ -1, - /* 62 > */ -1, - /* 63 ? */ -1, - /* 64 @ */ -1, - /* 65 A */ 0, - /* 66 B */ 1, - /* 67 C */ 2, - /* 68 D */ 3, - /* 69 E */ 4, - /* 70 F */ 5, - /* 71 G */ 6, - /* 72 H */ 7, - /* 73 I */ 8, - /* 74 J */ 9, - /* 75 K */ 10, - /* 76 L */ 11, - /* 77 M */ 12, - /* 78 N */ 13, - /* 79 O */ 14, - /* 80 P */ 15, - /* 81 Q */ 16, - /* 82 R */ 17, - /* 83 S */ 18, - /* 84 T */ 19, - /* 85 U */ 20, - /* 86 V */ 21, - /* 87 W */ 22, - /* 88 X */ 23, - /* 89 Y */ 24, - /* 90 Z */ 25, - /* 91 [ */ -1, - /* 92 \ */ -1, - /* 93 ] */ -1, - /* 94 ^ */ -1, - /* 95 _ */ -1, - /* 96 ` */ -1, - /* 97 a */ 26, - /* 98 b */ 27, - /* 99 c */ 28, - /* 100 d */ 29, - /* 101 e */ 30, - /* 102 f */ 31, - /* 103 g */ 32, - /* 104 h */ 33, - /* 105 i */ 34, - /* 106 j */ 35, - /* 107 k */ 36, - /* 108 l */ 37, - /* 109 m */ 38, - /* 110 n */ 39, - /* 111 o */ 40, - /* 112 p */ 41, - /* 113 q */ 42, - /* 114 r */ 43, - /* 115 s */ 44, - /* 116 t */ 45, - /* 117 u */ 46, - /* 118 v */ 47, - /* 119 w */ 48, - /* 120 x */ 49, - /* 121 y */ 50, - /* 122 z */ 51 -}; - -/** - * Encodes a string using Base64, as documented in RFC 2045. - * - * @param source the string to encode - * @param start byte index to start encoding - * @param dest string where encoded data should be placed - * @param insert_at where to place encoded data - * @returns #TRUE if encoding was successful, #FALSE if no memory etc. - */ -dbus_bool_t -_dbus_string_base64_encode (const DBusString *source, - int start, - DBusString *dest, - int insert_at) -{ - int source_len; - unsigned int dest_len; /* unsigned for overflow checks below */ - const unsigned char *s; - unsigned char *d; - const unsigned char *triplet_end; - const unsigned char *final_end; - DBUS_STRING_COPY_PREAMBLE (source, start, dest, insert_at); - _dbus_assert (source != dest); - - /* For each 24 bits (3 bytes) of input, we have 4 bytes of - * output. - */ - source_len = real_source->len - start; - dest_len = (source_len / 3) * 4; - if (source_len % 3 != 0) - dest_len += 4; - - if (dest_len > (unsigned int) real_dest->max_length) - return FALSE; - - if (source_len == 0) - return TRUE; - - if (!open_gap (dest_len, real_dest, insert_at)) - return FALSE; - - d = real_dest->str + insert_at; - s = real_source->str + start; - final_end = real_source->str + (start + source_len); - triplet_end = final_end - (source_len % 3); - _dbus_assert (triplet_end <= final_end); - _dbus_assert ((final_end - triplet_end) < 3); - -#define ENCODE_64(v) (base64_table[ (unsigned char) (v) ]) -#define SIX_BITS_MASK (0x3f) - _dbus_assert (SIX_BITS_MASK < _DBUS_N_ELEMENTS (base64_table)); - - while (s != triplet_end) - { - unsigned int triplet; - - triplet = s[2] | (s[1] << 8) | (s[0] << 16); - - /* Encode each 6 bits. */ - - *d++ = ENCODE_64 (triplet >> 18); - *d++ = ENCODE_64 ((triplet >> 12) & SIX_BITS_MASK); - *d++ = ENCODE_64 ((triplet >> 6) & SIX_BITS_MASK); - *d++ = ENCODE_64 (triplet & SIX_BITS_MASK); - - s += 3; - } - - switch (final_end - triplet_end) - { - case 2: - { - unsigned int doublet; - - doublet = s[1] | (s[0] << 8); - - *d++ = ENCODE_64 (doublet >> 12); - *d++ = ENCODE_64 ((doublet >> 6) & SIX_BITS_MASK); - *d++ = ENCODE_64 (doublet & SIX_BITS_MASK); - *d++ = '='; - } - break; - case 1: - { - unsigned int singlet; - - singlet = s[0]; - - *d++ = ENCODE_64 ((singlet >> 6) & SIX_BITS_MASK); - *d++ = ENCODE_64 (singlet & SIX_BITS_MASK); - *d++ = '='; - *d++ = '='; - } - break; - case 0: - break; - } - - _dbus_assert (d == (real_dest->str + (insert_at + dest_len))); - - return TRUE; -} - -/** - * Decodes a string from Base64, as documented in RFC 2045. - * - * @todo sort out the AUDIT comment in here. The case it mentions - * ("====" or "x===") is not allowed in correct base64, so need to - * decide what to do with that kind of input. Probably ignore it - * since we ignore any other junk seen. - * - * @param source the string to decode - * @param start byte index to start decode - * @param dest string where decoded data should be placed - * @param insert_at where to place decoded data - * @returns #TRUE if decoding was successful, #FALSE if no memory etc. - */ -dbus_bool_t -_dbus_string_base64_decode (const DBusString *source, - int start, - DBusString *dest, - int insert_at) -{ - int source_len; - const char *s; - const char *end; - DBusString result; - unsigned int triplet = 0; - int sextet_count; - int pad_count; - DBUS_STRING_COPY_PREAMBLE (source, start, dest, insert_at); - _dbus_assert (source != dest); - - source_len = real_source->len - start; - s = real_source->str + start; - end = real_source->str + source_len; - - if (source_len == 0) - return TRUE; - - if (!_dbus_string_init (&result)) - return FALSE; - - pad_count = 0; - sextet_count = 0; - while (s != end) - { - /* The idea is to just skip anything that isn't - * a base64 char - it's allowed to have whitespace, - * newlines, etc. in here. We also ignore trailing - * base64 chars, though that's suspicious. - */ - - if (*s >= UNBASE64_MIN_CHAR && - *s <= UNBASE64_MAX_CHAR) - { - if (*s == '=') - { - /* '=' is padding, doesn't represent additional data - * but does increment our count. - */ - pad_count += 1; - sextet_count += 1; - } - else - { - int val; - - val = unbase64_table[(*s) - UNBASE64_TABLE_OFFSET]; - - if (val >= 0) - { - triplet <<= 6; - triplet |= (unsigned int) val; - sextet_count += 1; - } - } - - if (sextet_count == 4) - { - /* no pad = 3 bytes, 1 pad = 2 bytes, 2 pad = 1 byte */ - - - /* AUDIT: Comment doesn't mention 4 pad => 0, - * 3 pad => 1 byte, though the code should - * work fine if those are the required outputs. - * - * I assume that the spec requires dropping - * the top two bits of, say, ///= which is > 2 - * bytes worth of bits. (Or otherwise, you couldn't - * actually represent 2 byte sequences. - */ - - if (pad_count < 1) - { - if (!_dbus_string_append_byte (&result, - triplet >> 16)) - goto failed; - } - - if (pad_count < 2) - { - if (!_dbus_string_append_byte (&result, - (triplet >> 8) & 0xff)) - goto failed; - } - - if (!_dbus_string_append_byte (&result, - triplet & 0xff)) - goto failed; - - sextet_count = 0; - pad_count = 0; - triplet = 0; - } - } - - ++s; - } - - if (!_dbus_string_move (&result, 0, dest, insert_at)) - { - _dbus_string_free (&result); - return FALSE; - } - - _dbus_string_free (&result); - - return TRUE; - - failed: - _dbus_string_free (&result); - - return FALSE; -} - /** * Encodes a string in hex, the way MD5 and SHA-1 are usually * encoded. (Each byte is two hex digits.) @@ -2583,13 +2189,15 @@ _dbus_string_hex_encode (const DBusString *source, * * @param source the string to decode * @param start byte index to start decode + * @param end_return return location of the end of the hex data, or #NULL * @param dest string where decoded data should be placed * @param insert_at where to place decoded data - * @returns #TRUE if decoding was successful, #FALSE if no memory etc. + * @returns #TRUE if decoding was successful, #FALSE if no memory. */ dbus_bool_t _dbus_string_hex_decode (const DBusString *source, int start, + int *end_return, DBusString *dest, int insert_at) { @@ -2672,17 +2280,14 @@ _dbus_string_hex_decode (const DBusString *source, val = 15; break; default: - val = 0; - _dbus_verbose ("invalid character '%c' in hex encoded text\n", - *p); - goto out; + goto done; } if (high_bits) { if (!_dbus_string_append_byte (&result, val << 4)) - goto out; + goto out; } else { @@ -2703,9 +2308,13 @@ _dbus_string_hex_decode (const DBusString *source, ++p; } + done: if (!_dbus_string_move (&result, 0, dest, insert_at)) goto out; + if (end_return) + *end_return = p - (const unsigned char*) _dbus_string_get_const_data (source); + retval = TRUE; out: @@ -3228,60 +2837,13 @@ test_max_len (DBusString *str, } static void -test_base64_roundtrip (const unsigned char *data, - int len) -{ - DBusString orig; - DBusString encoded; - DBusString decoded; - - if (len < 0) - len = strlen (data); - - if (!_dbus_string_init (&orig)) - _dbus_assert_not_reached ("could not init string"); - - if (!_dbus_string_init (&encoded)) - _dbus_assert_not_reached ("could not init string"); - - if (!_dbus_string_init (&decoded)) - _dbus_assert_not_reached ("could not init string"); - - if (!_dbus_string_append_len (&orig, data, len)) - _dbus_assert_not_reached ("couldn't append orig data"); - - if (!_dbus_string_base64_encode (&orig, 0, &encoded, 0)) - _dbus_assert_not_reached ("could not encode"); - - if (!_dbus_string_base64_decode (&encoded, 0, &decoded, 0)) - _dbus_assert_not_reached ("could not decode"); - - if (!_dbus_string_equal (&orig, &decoded)) - { - const char *s; - - printf ("Original string %d bytes encoded %d bytes decoded %d bytes\n", - _dbus_string_get_length (&orig), - _dbus_string_get_length (&encoded), - _dbus_string_get_length (&decoded)); - printf ("Original: %s\n", data); - s = _dbus_string_get_const_data (&decoded); - printf ("Decoded: %s\n", s); - _dbus_assert_not_reached ("original string not the same as string decoded from base64"); - } - - _dbus_string_free (&orig); - _dbus_string_free (&encoded); - _dbus_string_free (&decoded); -} - -static void test_hex_roundtrip (const unsigned char *data, int len) { DBusString orig; DBusString encoded; DBusString decoded; + int end; if (len < 0) len = strlen (data); @@ -3301,9 +2863,11 @@ test_hex_roundtrip (const unsigned char *data, if (!_dbus_string_hex_encode (&orig, 0, &encoded, 0)) _dbus_assert_not_reached ("could not encode"); - if (!_dbus_string_hex_decode (&encoded, 0, &decoded, 0)) + if (!_dbus_string_hex_decode (&encoded, 0, &end, &decoded, 0)) _dbus_assert_not_reached ("could not decode"); + _dbus_assert (_dbus_string_get_length (&encoded) == end); + if (!_dbus_string_equal (&orig, &decoded)) { const char *s; @@ -3315,7 +2879,7 @@ test_hex_roundtrip (const unsigned char *data, printf ("Original: %s\n", data); s = _dbus_string_get_const_data (&decoded); printf ("Decoded: %s\n", s); - _dbus_assert_not_reached ("original string not the same as string decoded from base64"); + _dbus_assert_not_reached ("original string not the same as string decoded from hex"); } _dbus_string_free (&orig); @@ -3867,8 +3431,18 @@ _dbus_string_test (void) _dbus_string_free (&str); - /* Base 64 and Hex encoding */ - test_roundtrips (test_base64_roundtrip); + /* Hex encoding */ + _dbus_string_init_const (&str, "cafebabe, this is a bogus hex string"); + if (!_dbus_string_init (&other)) + _dbus_assert_not_reached ("could not init string"); + + if (!_dbus_string_hex_decode (&str, 0, &end, &other, 0)) + _dbus_assert_not_reached ("deccoded bogus hex string with no error"); + + _dbus_assert (end == 8); + + _dbus_string_free (&other); + test_roundtrips (test_hex_roundtrip); /* Path validation */ diff --git a/dbus/dbus-string.h b/dbus/dbus-string.h index 00d12a3e..1499e0cc 100644 --- a/dbus/dbus-string.h +++ b/dbus/dbus-string.h @@ -202,20 +202,13 @@ dbus_bool_t _dbus_string_pop_line (DBusString *source, DBusString *dest); void _dbus_string_delete_first_word (DBusString *str); void _dbus_string_delete_leading_blanks (DBusString *str); -dbus_bool_t _dbus_string_base64_encode (const DBusString *source, - int start, - DBusString *dest, - int insert_at); -dbus_bool_t _dbus_string_base64_decode (const DBusString *source, - int start, - DBusString *dest, - int insert_at); dbus_bool_t _dbus_string_hex_encode (const DBusString *source, int start, DBusString *dest, int insert_at); dbus_bool_t _dbus_string_hex_decode (const DBusString *source, int start, + int *end_return, DBusString *dest, int insert_at); dbus_bool_t _dbus_string_validate_ascii (const DBusString *str, @@ -118,10 +118,6 @@ - recursive dispatch, see dbus_connection_dispatch() - - the auth protocol may as well use hex encoding instead of - base64, then we can dump the base64 implementation and - save some bloat. - - Better error checking for bogus configuration files. Currently if a configuration file tries to include itself the bus crashes on start. We should probably have a check against this. diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 7a09a5cf..aacb480a 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -911,7 +911,7 @@ <title>DATA Command</title> <para> The DATA command may come from either client or server, and simply - contains a base64-encoded block of data to be interpreted + contains a hex-encoded block of data to be interpreted according to the SASL mechanism in use. </para> <para> diff --git a/doc/dbus-test-plan.xml b/doc/dbus-test-plan.xml index bcb9b3e6..b69f9405 100644 --- a/doc/dbus-test-plan.xml +++ b/doc/dbus-test-plan.xml @@ -135,7 +135,7 @@ ## this tests a successful auth of type EXTERNAL SERVER - SEND 'AUTH EXTERNAL USERNAME_BASE64' + SEND 'AUTH EXTERNAL USERNAME_HEX' EXPECT_COMMAND OK EXPECT_STATE WAITING_FOR_INPUT SEND 'BEGIN' diff --git a/test/Makefile.am b/test/Makefile.am index 53170a2b..387456a3 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -9,7 +9,7 @@ INCLUDES=-I$(top_srcdir) $(DBUS_TEST_CFLAGS) if DBUS_BUILD_TESTS -TEST_BINARIES=test-service unbase64 break-loader spawn-test test-segfault test-exit test-sleep-forever +TEST_BINARIES=test-service break-loader spawn-test test-segfault test-exit test-sleep-forever else TEST_BINARIES= endif @@ -27,9 +27,6 @@ test_service_SOURCES= \ test-utils.c \ test-utils.h -unbase64_SOURCES= \ - unbase64.c - break_loader_SOURCES= \ break-loader.c @@ -51,7 +48,6 @@ decode_gcov_SOURCES= \ TEST_LIBS=$(DBUS_TEST_LIBS) $(top_builddir)/dbus/libdbus-convenience.la test_service_LDADD=$(TEST_LIBS) -unbase64_LDADD=$(TEST_LIBS) break_loader_LDADD= $(TEST_LIBS) spawn_test_LDADD=$(TEST_LIBS) decode_gcov_LDADD=$(TEST_LIBS) diff --git a/test/data/auth/cancel.auth-script b/test/data/auth/cancel.auth-script index a99c6128..f2c519aa 100644 --- a/test/data/auth/cancel.auth-script +++ b/test/data/auth/cancel.auth-script @@ -1,7 +1,7 @@ ## this tests canceling EXTERNAL SERVER -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND OK EXPECT_STATE WAITING_FOR_INPUT SEND 'CANCEL' @@ -9,7 +9,7 @@ EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT ## now start over and see if it works -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND OK EXPECT_STATE WAITING_FOR_INPUT SEND 'BEGIN' diff --git a/test/data/auth/external-failed.auth-script b/test/data/auth/external-failed.auth-script index 8f0d1aa9..b11ee9c5 100644 --- a/test/data/auth/external-failed.auth-script +++ b/test/data/auth/external-failed.auth-script @@ -2,7 +2,7 @@ SERVER NO_CREDENTIALS -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT diff --git a/test/data/auth/external-root.auth-script b/test/data/auth/external-root.auth-script index c126067c..b0189719 100644 --- a/test/data/auth/external-root.auth-script +++ b/test/data/auth/external-root.auth-script @@ -2,7 +2,7 @@ SERVER ROOT_CREDENTIALS -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND OK EXPECT_STATE WAITING_FOR_INPUT SEND 'BEGIN' diff --git a/test/data/auth/external-silly.auth-script b/test/data/auth/external-silly.auth-script index cbfef8fd..8ac0688a 100644 --- a/test/data/auth/external-silly.auth-script +++ b/test/data/auth/external-silly.auth-script @@ -2,7 +2,7 @@ SERVER SILLY_CREDENTIALS -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT diff --git a/test/data/auth/external-successful.auth-script b/test/data/auth/external-successful.auth-script index 02ecdc08..128d3294 100644 --- a/test/data/auth/external-successful.auth-script +++ b/test/data/auth/external-successful.auth-script @@ -1,7 +1,7 @@ ## this tests a successful auth of type EXTERNAL SERVER -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND OK EXPECT_STATE WAITING_FOR_INPUT SEND 'BEGIN' diff --git a/test/data/auth/extra-bytes.auth-script b/test/data/auth/extra-bytes.auth-script index 0bd705dc..cd1e01d2 100644 --- a/test/data/auth/extra-bytes.auth-script +++ b/test/data/auth/extra-bytes.auth-script @@ -1,7 +1,7 @@ ## this tests that we have the expected extra bytes at the end SERVER -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND OK EXPECT_STATE WAITING_FOR_INPUT SEND 'BEGIN\r\nHello' diff --git a/test/data/auth/fail-after-n-attempts.auth-script b/test/data/auth/fail-after-n-attempts.auth-script index ae3b907a..a56f182b 100644 --- a/test/data/auth/fail-after-n-attempts.auth-script +++ b/test/data/auth/fail-after-n-attempts.auth-script @@ -4,30 +4,30 @@ SERVER NO_CREDENTIALS # 1 -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT # 2 -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT # 3 -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT # 4 -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT # 5 -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_COMMAND REJECTED EXPECT_STATE WAITING_FOR_INPUT # 6 -SEND 'AUTH EXTERNAL USERID_BASE64' +SEND 'AUTH EXTERNAL USERID_HEX' EXPECT_STATE NEED_DISCONNECT diff --git a/test/data/auth/invalid-hex-encoding.auth-script b/test/data/auth/invalid-hex-encoding.auth-script new file mode 100644 index 00000000..1f15c436 --- /dev/null +++ b/test/data/auth/invalid-hex-encoding.auth-script @@ -0,0 +1,6 @@ +## this tests an invalid hex encoding followed by successful authentication + +SERVER +SEND 'AUTH EXTERNAL willy' +EXPECT_COMMAND ERROR +EXPECT_STATE WAITING_FOR_INPUT diff --git a/test/unbase64.c b/test/unbase64.c deleted file mode 100644 index 2dc232f3..00000000 --- a/test/unbase64.c +++ /dev/null @@ -1,50 +0,0 @@ -#include <dbus/dbus.h> -#define DBUS_COMPILATION /* cheat and use string etc. */ -#include <dbus/dbus-string.h> -#include <dbus/dbus-sysdeps.h> -#include <dbus/dbus-internals.h> -#undef DBUS_COMPILATION -#include <stdio.h> - -int -main (int argc, - char **argv) -{ - DBusString contents; - DBusString decoded; - DBusString filename; - const char *s; - DBusError error; - - if (argc < 2) - { - fprintf (stderr, "Give the file to decode as an argument\n"); - return 1; - } - - _dbus_string_init_const (&filename, argv[1]); - - if (!_dbus_string_init (&contents)) - return 1; - - if (!_dbus_string_init (&decoded)) - return 1; - - dbus_error_init (&error); - if (!_dbus_file_get_contents (&contents, &filename, &error)) - { - fprintf (stderr, "Failed to load file: %s\n", error.message); - dbus_error_free (&error); - return 1; - } - - if (!_dbus_string_base64_decode (&contents, 0, - &decoded, 0)) - return 1; - - s = _dbus_string_get_const_data (&decoded); - - fputs (s, stdout); - - return 0; -} |