From 94a4a847bc4b0e2871fd1db258796cd09de07afb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 6 Nov 2015 20:54:13 +0100
Subject: sbus: Check string arguments for valid UTF-8 strings

libdbus abort()s when a string argument is not valid UTF-8. Since the
arguments sometimes come from untrusted sources, it's better to check
the string validity explicitly.
---
 src/sbus/sssd_dbus_request.c | 45 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

(limited to 'src/sbus/sssd_dbus_request.c')

diff --git a/src/sbus/sssd_dbus_request.c b/src/sbus/sssd_dbus_request.c
index 552bb5da8..9a116eff2 100644
--- a/src/sbus/sssd_dbus_request.c
+++ b/src/sbus/sssd_dbus_request.c
@@ -19,6 +19,7 @@
 */
 
 #include "util/util.h"
+#include "util/sss_utf8.h"
 #include "sbus/sssd_dbus.h"
 #include "sbus/sssd_dbus_private.h"
 
@@ -96,23 +97,65 @@ int sbus_request_finish(struct sbus_request *dbus_req,
     return talloc_free(dbus_req);
 }
 
+static int sbus_request_valist_check(va_list va, int first_arg_type)
+{
+    int ret = EOK;
+#ifdef HAVE_DBUSBASICVALUE
+    int type;
+    va_list va_check;
+    const DBusBasicValue *value;
+    bool ok;
+
+    va_copy(va_check, va);
+
+    type = first_arg_type;
+    while (type != DBUS_TYPE_INVALID) {
+        value = va_arg(va_check, const DBusBasicValue*);
+
+        if (type == DBUS_TYPE_STRING) {
+             ok = sss_utf8_check((const uint8_t *) value->str,
+                                  strlen(value->str));
+             if (!ok) {
+                 DEBUG(SSSDBG_CRIT_FAILURE,
+                       "String argument is not valid UTF-8\n");
+                 ret = EINVAL;
+                 break;
+             }
+        }
+        type = va_arg(va_check, int);
+    }
+
+    va_end(va_check);
+#endif /* HAVE_DBUSBASICVALUE */
+    return ret;
+}
+
 int sbus_request_return_and_finish(struct sbus_request *dbus_req,
                                    int first_arg_type,
                                    ...)
 {
     DBusMessage *reply;
+    DBusError error = DBUS_ERROR_INIT;
     dbus_bool_t dbret;
     va_list va;
     int ret;
 
+    va_start(va, first_arg_type);
+    ret = sbus_request_valist_check(va, first_arg_type);
+    if (ret != EOK) {
+        va_end(va);
+        dbus_set_error_const(&error, DBUS_ERROR_INVALID_ARGS, INTERNAL_ERROR);
+        return sbus_request_fail_and_finish(dbus_req, &error);
+    }
+
     reply = dbus_message_new_method_return(dbus_req->message);
     if (!reply) {
+        va_end(va);
         DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory allocating DBus message\n");
         sbus_request_finish(dbus_req, NULL);
         return ENOMEM;
     }
 
-    va_start(va, first_arg_type);
     dbret = dbus_message_append_args_valist(reply, first_arg_type, va);
     va_end(va);
 
-- 
cgit