1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
|
/*
* Copyright (C) 2013-2015 Kay Sievers
* Copyright (C) 2013-2015 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Copyright (C) 2013-2015 Daniel Mack <daniel@zonque.org>
* Copyright (C) 2013-2015 David Herrmann <dh.herrmann@gmail.com>
* Copyright (C) 2013-2015 Linux Foundation
* Copyright (C) 2014-2015 Djalal Harouni <tixxdz@opendz.org>
*
* kdbus is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation; either version 2.1 of the License, or (at
* your option) any later version.
*/
#include <linux/ctype.h>
#include <linux/fs.h>
#include <linux/string.h>
#include "item.h"
#include "limits.h"
#include "util.h"
/*
* This verifies the string at position @str with size @size is properly
* zero-terminated and does not contain a 0-byte but at the end.
*/
static bool kdbus_str_valid(const char *str, size_t size)
{
return size > 0 && memchr(str, '\0', size) == str + size - 1;
}
/**
* kdbus_item_validate_name() - validate an item containing a name
* @item: Item to validate
*
* Return: zero on success or an negative error code on failure
*/
int kdbus_item_validate_name(const struct kdbus_item *item)
{
const char *name = item->str;
unsigned int i;
size_t len;
if (item->size < KDBUS_ITEM_HEADER_SIZE + 2)
return -EINVAL;
if (item->size > KDBUS_ITEM_HEADER_SIZE +
KDBUS_SYSNAME_MAX_LEN + 1)
return -ENAMETOOLONG;
if (!kdbus_str_valid(name, KDBUS_ITEM_PAYLOAD_SIZE(item)))
return -EINVAL;
len = strlen(name);
if (len == 0)
return -EINVAL;
for (i = 0; i < len; i++) {
if (isalpha(name[i]))
continue;
if (isdigit(name[i]))
continue;
if (name[i] == '_')
continue;
if (i > 0 && i + 1 < len && (name[i] == '-' || name[i] == '.'))
continue;
return -EINVAL;
}
return 0;
}
/**
* kdbus_item_validate() - validate a single item
* @item: item to validate
*
* Return: 0 if item is valid, negative error code if not.
*/
int kdbus_item_validate(const struct kdbus_item *item)
{
size_t payload_size = KDBUS_ITEM_PAYLOAD_SIZE(item);
size_t l;
int ret;
BUILD_BUG_ON(KDBUS_ITEM_HEADER_SIZE !=
sizeof(struct kdbus_item_header));
if (item->size < KDBUS_ITEM_HEADER_SIZE)
return -EINVAL;
switch (item->type) {
case KDBUS_ITEM_NEGOTIATE:
if (payload_size % sizeof(u64) != 0)
return -EINVAL;
break;
case KDBUS_ITEM_PAYLOAD_VEC:
case KDBUS_ITEM_PAYLOAD_OFF:
if (payload_size != sizeof(struct kdbus_vec))
return -EINVAL;
if (item->vec.size == 0 || item->vec.size > SIZE_MAX)
return -EINVAL;
break;
case KDBUS_ITEM_PAYLOAD_MEMFD:
if (payload_size != sizeof(struct kdbus_memfd))
return -EINVAL;
if (item->memfd.size == 0 || item->memfd.size > SIZE_MAX)
return -EINVAL;
if (item->memfd.fd < 0)
return -EBADF;
break;
case KDBUS_ITEM_FDS:
if (payload_size % sizeof(int) != 0)
return -EINVAL;
break;
case KDBUS_ITEM_CANCEL_FD:
if (payload_size != sizeof(int))
return -EINVAL;
break;
case KDBUS_ITEM_BLOOM_PARAMETER:
if (payload_size != sizeof(struct kdbus_bloom_parameter))
return -EINVAL;
break;
case KDBUS_ITEM_BLOOM_FILTER:
/* followed by the bloom-mask, depends on the bloom-size */
if (payload_size < sizeof(struct kdbus_bloom_filter))
return -EINVAL;
break;
case KDBUS_ITEM_BLOOM_MASK:
/* size depends on bloom-size of bus */
break;
case KDBUS_ITEM_CONN_DESCRIPTION:
case KDBUS_ITEM_MAKE_NAME:
ret = kdbus_item_validate_name(item);
if (ret < 0)
return ret;
break;
case KDBUS_ITEM_ATTACH_FLAGS_SEND:
case KDBUS_ITEM_ATTACH_FLAGS_RECV:
case KDBUS_ITEM_ID:
case KDBUS_ITEM_DST_ID:
if (payload_size != sizeof(u64))
return -EINVAL;
break;
case KDBUS_ITEM_TIMESTAMP:
if (payload_size != sizeof(struct kdbus_timestamp))
return -EINVAL;
break;
case KDBUS_ITEM_CREDS:
if (payload_size != sizeof(struct kdbus_creds))
return -EINVAL;
break;
case KDBUS_ITEM_AUXGROUPS:
if (payload_size % sizeof(u32) != 0)
return -EINVAL;
break;
case KDBUS_ITEM_NAME:
case KDBUS_ITEM_DST_NAME:
case KDBUS_ITEM_PID_COMM:
case KDBUS_ITEM_TID_COMM:
case KDBUS_ITEM_EXE:
case KDBUS_ITEM_CMDLINE:
case KDBUS_ITEM_CGROUP:
case KDBUS_ITEM_SECLABEL:
if (!kdbus_str_valid(item->str, payload_size))
return -EINVAL;
break;
case KDBUS_ITEM_CAPS:
if (payload_size < sizeof(u32))
return -EINVAL;
if (payload_size < sizeof(u32) +
4 * CAP_TO_INDEX(item->caps.last_cap) * sizeof(u32))
return -EINVAL;
break;
case KDBUS_ITEM_AUDIT:
if (payload_size != sizeof(struct kdbus_audit))
return -EINVAL;
break;
case KDBUS_ITEM_POLICY_ACCESS:
if (payload_size != sizeof(struct kdbus_policy_access))
return -EINVAL;
break;
case KDBUS_ITEM_NAME_ADD:
case KDBUS_ITEM_NAME_REMOVE:
case KDBUS_ITEM_NAME_CHANGE:
if (payload_size < sizeof(struct kdbus_notify_name_change))
return -EINVAL;
l = payload_size - offsetof(struct kdbus_notify_name_change,
name);
if (l > 0 && !kdbus_str_valid(item->name_change.name, l))
return -EINVAL;
break;
case KDBUS_ITEM_ID_ADD:
case KDBUS_ITEM_ID_REMOVE:
if (payload_size != sizeof(struct kdbus_notify_id_change))
return -EINVAL;
break;
case KDBUS_ITEM_REPLY_TIMEOUT:
case KDBUS_ITEM_REPLY_DEAD:
if (payload_size != 0)
return -EINVAL;
break;
default:
break;
}
return 0;
}
/**
* kdbus_items_validate() - validate items passed by user-space
* @items: items to validate
* @items_size: number of items
*
* This verifies that the passed items pointer is consistent and valid.
* Furthermore, each item is checked for:
* - valid "size" value
* - payload is of expected type
* - payload is fully included in the item
* - string payloads are zero-terminated
*
* Return: 0 on success, negative error code on failure.
*/
int kdbus_items_validate(const struct kdbus_item *items, size_t items_size)
{
const struct kdbus_item *item;
int ret;
KDBUS_ITEMS_FOREACH(item, items, items_size) {
if (!KDBUS_ITEM_VALID(item, items, items_size))
return -EINVAL;
ret = kdbus_item_validate(item);
if (ret < 0)
return ret;
}
if (!KDBUS_ITEMS_END(item, items, items_size))
return -EINVAL;
return 0;
}
/**
* kdbus_item_set() - Set item content
* @item: The item to modify
* @type: The item type to set (KDBUS_ITEM_*)
* @data: Data to copy to item->data, may be %NULL
* @len: Number of bytes in @data
*
* This sets type, size and data fields of an item. If @data is NULL, the data
* memory is cleared.
*
* Note that you must align your @data memory to 8 bytes. Trailing padding (in
* case @len is not 8byte aligned) is cleared by this call.
*
* Returns: Pointer to the following item.
*/
struct kdbus_item *kdbus_item_set(struct kdbus_item *item, u64 type,
const void *data, size_t len)
{
item->type = type;
item->size = KDBUS_ITEM_HEADER_SIZE + len;
if (data) {
memcpy(item->data, data, len);
memset(item->data + len, 0, KDBUS_ALIGN8(len) - len);
} else {
memset(item->data, 0, KDBUS_ALIGN8(len));
}
return KDBUS_ITEM_NEXT(item);
}
|