diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-02-13 17:32:38 +0100 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-02-16 15:03:44 +0100 | 
| commit | 2ac7c17f9d8eeb403b91ee5a389562edaf47fb87 (patch) | |
| tree | 3b55981e7648c1b58aaf6d656e28003c53c3497c /src | |
| parent | 38ab096869ad6bb39a9ef9a012abfb42ea62cd93 (diff) | |
Revert "Revert "sd-bus: change serialization of kdbus messages to qualify in their entirety as gvariant objects""
This reverts commit 954871d8ba15911d014f76ed2c7a9492953cf39d.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libsystemd/sd-bus/DIFFERENCES | 7 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/GVARIANT-SERIALIZATION | 79 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-gvariant.c | 60 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-gvariant.h | 4 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-kernel.c | 65 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-message.c | 656 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-message.h | 47 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/bus-protocol.h | 35 | ||||
| -rw-r--r-- | src/libsystemd/sd-bus/test-bus-gvariant.c | 24 | 
9 files changed, 656 insertions, 321 deletions
| diff --git a/src/libsystemd/sd-bus/DIFFERENCES b/src/libsystemd/sd-bus/DIFFERENCES index fd7506b993..db269675a7 100644 --- a/src/libsystemd/sd-bus/DIFFERENCES +++ b/src/libsystemd/sd-bus/DIFFERENCES @@ -18,11 +18,8 @@ Known differences between dbus1 and kdbus:  - Serial numbers of synthesized messages are always (uint32_t) -1. -- The org.freedesktop.DBus "driver" service is not special on -  kdbus. It is a bus activated service like any other with its own -  unique name. -  - NameOwnerChanged is a synthetic message, generated locally and not -  by the driver. +  by the driver. On dbus1 only the Disconnected message was +  synthesized like this.  - There's no standard per-session bus anymore. Only a per-user bus. diff --git a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION b/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION index 5dffc25bb3..859e2715f9 100644 --- a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION +++ b/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION @@ -1,8 +1,9 @@  How we use GVariant for serializing D-Bus messages  -------------------------------------------------- -We stay as close to the original dbus1 framing as possible. dbus1 has -the following framing: +We stay close to the original dbus1 framing as possible, but make +certain changes to adapt for GVariant. dbus1 has the following +framing:      1. A fixed header of "yyyyuu"      2. Additional header fields of "a(yv)" @@ -20,40 +21,86 @@ The header consists of the following:      y  Flags      y  Protocol version, '1'      u  Length of the body, i.e. the length of part 4 above -    u  Serial number +    u  32bit Serial number      = 12 bytes +This header is then followed by the the fields array, whose first +value is a 32bit array size. +  When using GVariant we keep the basic structure in place, only -slightly extend the header, and define protocol version '2'. The new +slightly alter the header, and define protocol version '2'. The new  header:      y  Endianness, 'l' or 'B'      y  Message Type      y  Flags      y  Protocol version, '2' -    u  Length of the body, i.e. the length of part 4 above -    u  Serial number -    u  Length of the additional header fields array +    u  Reserved, must be 0 +    t  64bit Cookie      = 16 bytes -This has the nice benefit that the beginning of the additional header -fields array is aligned to an 8 byte boundary. Also, in dbus1 -marshalling arrays start with a length value of 32bit, which means in -both dbus1 and gvariant marshallings the size of the header fields -array will be at the same location between bytes 12 and 16. To -visualize that: +This is then followed by the GVariant fields array ("a{tv}"), and +finally the actual body as variant (v). Putting this altogether a +packet on dbus2 hence qualifies as a fully compliant GVariant +structure of (yyyyuta{tv}v). + +For details on gvariant, see: + +https://people.gnome.org/~desrt/gvariant-serialisation.pdf + +Regarding the framing of dbus2, also see: + +https://wiki.gnome.org/Projects/GLib/GDBus/Version2 + +The first four bytes of the header are defined the same way for dbus1 +and dbus2. The first bytes contain the endianess field and the +protocol version, so that the remainder of the message can be safely +made sense of just by looking at the first 32bit. + +Note that the length of the body is no longer included in the header +on dbus2! In fact, the message size must be known in advance, from the +underlying transport in order to parse dbus2 messages, while it is +directly included in dbus1 message headers. This change of semantics +is an effect of GVariant's basic design. + +The serial number has been renamed cookie and has been extended from +32bit to 64bit. It is recommended to avoid the higher 32bit of the +cookie field though, to simplify compatibility with dbus1 peers. Note +that not only the cookie/serial field in the fixed header, but also +the reply_cookie/reply_serial additional header field has been +increased from 32bit to 64bit, too! + +The header field identifiers have been extended from 8bit to +64bit. This has been done to simplify things (as kdbus otherwise uses +exclusively 64bit types, unless there is a strong reason not to), and +has no effect on the serialization size, as due to alignment for each +8bit header field identifier 56 bits of padding had to be added. + +Note that the header size changed, due to these changes. However, +consider that on dbus1 the beginning of the fields array contains the +32bit array size (since that is how arrays are encoded on dbus1), +thus, if one considers that size part of the header, instead of the +array, the size of the header on dbus1 and dbus2 stays identical, at +16 bytes.                0               4               8               12              16 -      Common: | E | T | F | V | Body Length   | Serial        | Fields Length | +      Common: | E | T | F | V | ... -       dbus1: |                            ... (as above) ... | Fields array ... +       dbus1: |  (as above)   | Body Length   | Serial        | Fields Length | Fields array ... -    gvariant: |                            ... (as above) ... | Fields Length | Fields array ... +    gvariant: |  (as above)   | Reserved      | Cookie                        | Fields array ...  And that's already it. +Note: to simplify parsing, valid kdbus/dbus2 messages must include the +entire fixed header and additional header fields in a single non-memfd +message part. Also, the signature string of the body variant all the +way to the end of the message must be in a single non-memfd part +too. The parts for this extended header and footer can be the same +one, and can also continue any amount of additional body bytes. +  Note: on kdbus only native endian messages marshalled in gvariant may        be sent. If a client receives a message in non-native endianness        or in dbus1 marshalling it shall ignore the message. diff --git a/src/libsystemd/sd-bus/bus-gvariant.c b/src/libsystemd/sd-bus/bus-gvariant.c index dc40009925..02b95cd136 100644 --- a/src/libsystemd/sd-bus/bus-gvariant.c +++ b/src/libsystemd/sd-bus/bus-gvariant.c @@ -247,3 +247,63 @@ int bus_gvariant_is_fixed_size(const char *signature) {          return true;  } + +size_t bus_gvariant_determine_word_size(size_t sz, size_t extra) { +        if (sz + extra <= 0xFF) +                return 1; +        else if (sz + extra*2 <= 0xFFFF) +                return 2; +        else if (sz + extra*4 <= 0xFFFFFFFF) +                return 4; +        else +                return 8; +} + +size_t bus_gvariant_read_word_le(void *p, size_t sz) { +        union { +                uint16_t u16; +                uint32_t u32; +                uint64_t u64; +        } x; + +        assert(p); + +        if (sz == 1) +                return *(uint8_t*) p; + +        memcpy(&x, p, sz); + +        if (sz == 2) +                return le16toh(x.u16); +        else if (sz == 4) +                return le32toh(x.u32); +        else if (sz == 8) +                return le64toh(x.u64); + +        assert_not_reached("unknown word width"); +} + +void bus_gvariant_write_word_le(void *p, size_t sz, size_t value) { +        union { +                uint16_t u16; +                uint32_t u32; +                uint64_t u64; +        } x; + +        assert(p); +        assert(sz == 8 || (value < (1ULL << (sz*8)))); + +        if (sz == 1) { +                *(uint8_t*) p = value; +                return; +        } else if (sz == 2) +                x.u16 = htole16((uint16_t) value); +        else if (sz == 4) +                x.u32 = htole32((uint32_t) value); +        else if (sz == 8) +                x.u64 = htole64((uint64_t) value); +        else +                assert_not_reached("unknown word width"); + +        memcpy(p, &x, sz); +} diff --git a/src/libsystemd/sd-bus/bus-gvariant.h b/src/libsystemd/sd-bus/bus-gvariant.h index fdf533591b..875d34b59b 100644 --- a/src/libsystemd/sd-bus/bus-gvariant.h +++ b/src/libsystemd/sd-bus/bus-gvariant.h @@ -26,3 +26,7 @@  int bus_gvariant_get_size(const char *signature) _pure_;  int bus_gvariant_get_alignment(const char *signature) _pure_;  int bus_gvariant_is_fixed_size(const char *signature) _pure_; + +size_t bus_gvariant_determine_word_size(size_t sz, size_t extra); +void bus_gvariant_write_word_le(void *p, size_t sz, size_t value); +size_t bus_gvariant_read_word_le(void *p, size_t sz); diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index bdc770600b..f6ef868e72 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -314,7 +314,7 @@ static int bus_message_setup_kmsg(sd_bus *b, sd_bus_message *m) {                  m->kdbus->dst_id = destination ? unique : KDBUS_DST_ID_BROADCAST;          m->kdbus->payload_type = KDBUS_PAYLOAD_DBUS; -        m->kdbus->cookie = (uint64_t) m->header->serial; +        m->kdbus->cookie = m->header->dbus2.cookie;          m->kdbus->priority = m->priority;          if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) @@ -416,9 +416,12 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {          struct kdbus_item *d;          unsigned n_fds = 0;          _cleanup_free_ int *fds = NULL; -        struct bus_header *h = NULL; -        size_t total, n_bytes = 0, idx = 0; +        struct bus_header *header = NULL; +        void *footer = NULL; +        size_t header_size = 0, footer_size = 0; +        size_t n_bytes = 0, idx = 0;          const char *destination = NULL, *seclabel = NULL; +        bool last_was_memfd = false;          int r;          assert(bus); @@ -433,21 +436,24 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                  switch (d->type) {                  case KDBUS_ITEM_PAYLOAD_OFF: -                        if (!h) { -                                h = (struct bus_header *)((uint8_t *)k + d->vec.offset); - -                                if (!bus_header_is_complete(h, d->vec.size)) -                                        return -EBADMSG; +                        if (!header) { +                                header = (struct bus_header*)((uint8_t*) k + d->vec.offset); +                                header_size = d->vec.size;                          } +                        footer = (uint8_t*) k + d->vec.offset; +                        footer_size = d->vec.size; +                          n_bytes += d->vec.size; +                        last_was_memfd = false;                          break;                  case KDBUS_ITEM_PAYLOAD_MEMFD: -                        if (!h) +                        if (!header) /* memfd cannot be first part */                                  return -EBADMSG;                          n_bytes += d->memfd.size; +                        last_was_memfd = true;                          break;                  case KDBUS_ITEM_FDS: { @@ -471,23 +477,29 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                  }          } -        if (!h) +        if (last_was_memfd) /* memfd cannot be last part */                  return -EBADMSG; -        r = bus_header_message_size(h, &total); -        if (r < 0) -                return r; +        if (!header) +                return -EBADMSG; -        if (n_bytes != total) +        if (header_size < sizeof(struct bus_header))                  return -EBADMSG;          /* on kdbus we only speak native endian gvariant, never dbus1           * marshalling or reverse endian */ -        if (h->version != 2 || -            h->endian != BUS_NATIVE_ENDIAN) +        if (header->version != 2 || +            header->endian != BUS_NATIVE_ENDIAN)                  return -EPROTOTYPE; -        r = bus_message_from_header(bus, h, sizeof(struct bus_header), fds, n_fds, NULL, seclabel, 0, &m); +        r = bus_message_from_header( +                        bus, +                        header, header_size, +                        footer, footer_size, +                        n_bytes, +                        fds, n_fds, +                        NULL, +                        seclabel, 0, &m);          if (r < 0)                  return r; @@ -526,11 +538,11 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                                  if (idx >= begin_body) {                                          if (!part->is_zero) -                                                part->data = (uint8_t *)k + d->vec.offset; +                                                part->data = (uint8_t* )k + d->vec.offset;                                          part->size = d->vec.size;                                  } else {                                          if (!part->is_zero) -                                                part->data = (uint8_t *)k + d->vec.offset + (begin_body - idx); +                                                part->data = (uint8_t*) k + d->vec.offset + (begin_body - idx);                                          part->size = d->vec.size - (begin_body - idx);                                  } @@ -567,10 +579,11 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                  case KDBUS_ITEM_PIDS:                          /* The PID/TID might be missing, when the data -                         * is faked by some data bus proxy and it -                         * lacks that information about the real -                         * client since SO_PEERCRED is used for -                         * that. */ +                         * is faked by a bus proxy and it lacks that +                         * information about the real client (since +                         * SO_PEERCRED is used for that). Also kernel +                         * namespacing might make some of this data +                         * unavailable when untranslatable. */                          if (d->pids.pid > 0) {                                  m->creds.pid = (pid_t) d->pids.pid; @@ -586,7 +599,8 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                  case KDBUS_ITEM_CREDS: -                        /* EUID/SUID/FSUID/EGID/SGID/FSGID might be missing too (see above). */ +                        /* EUID/SUID/FSUID/EGID/SGID/FSGID might be +                         * missing too (see above). */                          if ((uid_t) d->creds.uid != UID_INVALID) {                                  m->creds.uid = (uid_t) d->creds.uid; @@ -664,7 +678,6 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                                  goto fail;                          m->creds.cgroup_root = bus->cgroup_root; -                          break;                  case KDBUS_ITEM_AUDIT: @@ -767,7 +780,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {                  goto fail;          /* Refuse messages if kdbus and dbus1 cookie doesn't match up */ -        if ((uint64_t) m->header->serial != k->cookie) { +        if ((uint64_t) m->header->dbus2.cookie != k->cookie) {                  r = -EBADMSG;                  goto fail;          } diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index da14a28c9a..447595764e 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -169,16 +169,17 @@ static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz, b          if (m->poisoned)                  return NULL; -        old_size = sizeof(struct bus_header) + m->header->fields_size; +        old_size = sizeof(struct bus_header) + m->fields_size;          start = ALIGN_TO(old_size, align);          new_size = start + sz; +        if (new_size < start || +            new_size > (size_t) ((uint32_t) -1)) +                goto poison; +          if (old_size == new_size)                  return (uint8_t*) m->header + old_size; -        if (new_size > (size_t) ((uint32_t) -1)) -                goto poison; -          if (m->free_header) {                  np = realloc(m->header, ALIGN8(new_size));                  if (!np) @@ -201,7 +202,7 @@ static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz, b          op = m->header;          m->header = np; -        m->header->fields_size = new_size - sizeof(struct bus_header); +        m->fields_size = new_size - sizeof(struct bus_header);          /* Adjust quick access pointers */          m->path = adjust_pointer(m->path, op, old_size, m->header); @@ -229,7 +230,7 @@ poison:  static int message_append_field_string(                  sd_bus_message *m, -                uint8_t h, +                uint64_t h,                  char type,                  const char *s,                  const char **ret) { @@ -239,6 +240,10 @@ static int message_append_field_string(          assert(m); +        /* dbus1 only allows 8bit header field ids */ +        if (h > 0xFF) +                return -EINVAL; +          /* dbus1 doesn't allow strings over 32bit, let's enforce this           * globally, to not risk convertability */          l = strlen(s); @@ -249,13 +254,12 @@ static int message_append_field_string(          if (BUS_MESSAGE_IS_GVARIANT(m)) { -                /* (field id byte + 7x padding, ((string + NUL) + NUL + signature string 's') */ -                p = message_extend_fields(m, 8, 1 + 7 + l + 1 + 1 + 1, true); +                /* (field id 64bit, ((string + NUL) + NUL + signature string 's') */ +                p = message_extend_fields(m, 8, 8 + l + 1 + 1 + 1, true);                  if (!p)                          return -ENOMEM; -                p[0] = h; -                memzero(p+1, 7); +                *((uint64_t*) p) = h;                  memcpy(p+8, s, l);                  p[8+l] = 0;                  p[8+l+1] = 0; @@ -270,7 +274,7 @@ static int message_append_field_string(                  if (!p)                          return -ENOMEM; -                p[0] = h; +                p[0] = (uint8_t) h;                  p[1] = 1;                  p[2] = type;                  p[3] = 0; @@ -287,7 +291,7 @@ static int message_append_field_string(  static int message_append_field_signature(                  sd_bus_message *m, -                uint8_t h, +                uint64_t h,                  const char *s,                  const char **ret) { @@ -296,7 +300,11 @@ static int message_append_field_signature(          assert(m); -        /* dbus1 doesn't allow signatures over 32bit, let's enforce +        /* dbus1 only allows 8bit header field ids */ +        if (h > 0xFF) +                return -EINVAL; + +        /* dbus1 doesn't allow signatures over 8bit, let's enforce           * this globally, to not risk convertability */          l = strlen(s);          if (l > 255) @@ -313,7 +321,7 @@ static int message_append_field_signature(                  if (!p)                          return -ENOMEM; -                p[0] = h; +                p[0] = (uint8_t) h;                  p[1] = 1;                  p[2] = SD_BUS_TYPE_SIGNATURE;                  p[3] = 0; @@ -327,20 +335,23 @@ static int message_append_field_signature(          return 0;  } -static int message_append_field_uint32(sd_bus_message *m, uint8_t h, uint32_t x) { +static int message_append_field_uint32(sd_bus_message *m, uint64_t h, uint32_t x) {          uint8_t *p;          assert(m); +        /* dbus1 only allows 8bit header field ids */ +        if (h > 0xFF) +                return -EINVAL; +          if (BUS_MESSAGE_IS_GVARIANT(m)) { -                /* (field id byte + 7x padding + ((value + NUL + signature string 'u') */ +                /* (field id 64bit + ((value + NUL + signature string 'u') */ -                p = message_extend_fields(m, 8, 1 + 7 + 4 + 1 + 1, true); +                p = message_extend_fields(m, 8, 8 + 4 + 1 + 1, true);                  if (!p)                          return -ENOMEM; -                p[0] = h; -                memzero(p+1, 7); +                *((uint64_t*) p) = h;                  *((uint32_t*) (p + 8)) = x;                  p[12] = 0;                  p[13] = 'u'; @@ -350,9 +361,9 @@ static int message_append_field_uint32(sd_bus_message *m, uint8_t h, uint32_t x)                  if (!p)                          return -ENOMEM; -                p[0] = h; +                p[0] = (uint8_t) h;                  p[1] = 1; -                p[2] = SD_BUS_TYPE_UINT32; +                p[2] = 'u';                  p[3] = 0;                  ((uint32_t*) p)[1] = x; @@ -361,10 +372,54 @@ static int message_append_field_uint32(sd_bus_message *m, uint8_t h, uint32_t x)          return 0;  } +static int message_append_field_uint64(sd_bus_message *m, uint64_t h, uint64_t x) { +        uint8_t *p; + +        assert(m); + +        /* dbus1 only allows 8bit header field ids */ +        if (h > 0xFF) +                return -EINVAL; + +        if (BUS_MESSAGE_IS_GVARIANT(m)) { +                /* (field id 64bit + ((value + NUL + signature string 't') */ + +                p = message_extend_fields(m, 8, 8 + 8 + 1 + 1, true); +                if (!p) +                        return -ENOMEM; + +                *((uint64_t*) p) = h; +                *((uint64_t*) (p + 8)) = x; +                p[16] = 0; +                p[17] = 't'; +        } else { +                /* (field id byte + (signature length + signature 't' + NUL) + 4 byte padding + value) */ +                p = message_extend_fields(m, 8, 4 + 4 + 8, false); +                if (!p) +                        return -ENOMEM; + +                p[0] = (uint8_t) h; +                p[1] = 1; +                p[2] = 't'; +                p[3] = 0; +                p[4] = 0; +                p[5] = 0; +                p[6] = 0; +                p[7] = 0; + +                ((uint64_t*) p)[1] = x; +        } + +        return 0; +} +  int bus_message_from_header(                  sd_bus *bus, -                void *buffer, -                size_t length, +                void *header, +                size_t header_accessible, +                void *footer, +                size_t footer_accessible, +                size_t message_size,                  int *fds,                  unsigned n_fds,                  const struct ucred *ucred, @@ -377,19 +432,22 @@ int bus_message_from_header(          size_t a, label_sz;          assert(bus); -        assert(buffer || length <= 0); +        assert(header || header_accessible <= 0); +        assert(footer || footer_accessible <= 0);          assert(fds || n_fds <= 0);          assert(ret); -        if (length < sizeof(struct bus_header)) +        if (header_accessible < sizeof(struct bus_header))                  return -EBADMSG; -        h = buffer; -        if (h->version != 1 && -            h->version != 2) +        if (header_accessible > message_size) +                return -EBADMSG; +        if (footer_accessible > message_size)                  return -EBADMSG; -        if (h->serial == 0) +        h = header; +        if (h->version != 1 && +            h->version != 2)                  return -EBADMSG;          if (h->type == _SD_BUS_MESSAGE_TYPE_INVALID) @@ -399,6 +457,8 @@ int bus_message_from_header(              h->endian != BUS_BIG_ENDIAN)                  return -EBADMSG; +        /* Note that we are happy with unknown flags in the flags header! */ +          a = ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);          if (label) { @@ -412,7 +472,48 @@ int bus_message_from_header(          m->n_ref = 1;          m->sealed = true; -        m->header = h; +        m->header = header; +        m->header_accessible = header_accessible; +        m->footer = footer; +        m->footer_accessible = footer_accessible; + +        if (BUS_MESSAGE_IS_GVARIANT(m)) { +                size_t ws; + +                if (h->dbus2.cookie == 0) +                        return -EBADMSG; + +                /* dbus2 derives the sizes from the message size and +                the offset table at the end, since it is formatted as +                gvariant "yyyyuta{tv}v". Since the message itself is a +                structure with precisely to variable sized entries, +                there's only one offset in the table, which marks the +                end of the fields array. */ + +                ws = bus_gvariant_determine_word_size(message_size, 0); +                if (footer_accessible < ws) +                        return -EBADMSG; + +                m->fields_size = bus_gvariant_read_word_le((uint8_t*) footer + footer_accessible - ws, ws); +                if (ALIGN8(m->fields_size) > message_size - ws) +                        return -EBADMSG; +                if (m->fields_size < sizeof(struct bus_header)) +                        return -EBADMSG; + +                m->fields_size -= sizeof(struct bus_header); +                m->body_size = message_size - (sizeof(struct bus_header) + ALIGN8(m->fields_size)); +        } else { +                if (h->dbus1.serial == 0) +                        return -EBADMSG; + +                /* dbus1 has the sizes in the header */ +                m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size); +                m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size); + +                if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size) +                        return -EBADMSG; +        } +          m->fds = fds;          m->n_fds = n_fds; @@ -460,19 +561,21 @@ int bus_message_from_malloc(          size_t sz;          int r; -        r = bus_message_from_header(bus, buffer, length, fds, n_fds, ucred, label, 0, &m); +        r = bus_message_from_header( +                        bus, +                        buffer, length, /* in this case the initial bytes and the final bytes are the same */ +                        buffer, length, +                        length, +                        fds, n_fds, +                        ucred, label, +                        0, &m);          if (r < 0)                  return r; -        if (length != BUS_MESSAGE_SIZE(m)) { -                r = -EBADMSG; -                goto fail; -        } - -        sz = length - sizeof(struct bus_header) - ALIGN8(BUS_MESSAGE_FIELDS_SIZE(m)); +        sz = length - sizeof(struct bus_header) - ALIGN8(m->fields_size);          if (sz > 0) {                  m->n_body_parts = 1; -                m->body.data = (uint8_t*) buffer + sizeof(struct bus_header) + ALIGN8(BUS_MESSAGE_FIELDS_SIZE(m)); +                m->body.data = (uint8_t*) buffer + sizeof(struct bus_header) + ALIGN8(m->fields_size);                  m->body.size = sz;                  m->body.sealed = true;                  m->body.memfd = -1; @@ -631,8 +734,17 @@ static int message_new_reply(          t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;          t->reply_cookie = BUS_MESSAGE_COOKIE(call); +        if (t->reply_cookie == 0) +                return -ENOTSUP; -        r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) t->reply_cookie); +        if (BUS_MESSAGE_IS_GVARIANT(t)) +                r = message_append_field_uint64(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, t->reply_cookie); +        else { +                if (t->reply_cookie > 0xffffffff) +                        return -ENOTSUP; + +                r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) t->reply_cookie); +        }          if (r < 0)                  goto fail; @@ -851,9 +963,14 @@ _public_ int sd_bus_message_get_type(sd_bus_message *m, uint8_t *type) {  }  _public_ int sd_bus_message_get_cookie(sd_bus_message *m, uint64_t *cookie) { +        uint64_t c; +          assert_return(m, -EINVAL);          assert_return(cookie, -EINVAL); -        assert_return(m->header->serial != 0, -ENODATA); + +        c = BUS_MESSAGE_COOKIE(m); +        if (c == 0) +                return -ENODATA;          *cookie = BUS_MESSAGE_COOKIE(m);          return 0; @@ -862,7 +979,9 @@ _public_ int sd_bus_message_get_cookie(sd_bus_message *m, uint64_t *cookie) {  _public_ int sd_bus_message_get_reply_cookie(sd_bus_message *m, uint64_t *cookie) {          assert_return(m, -EINVAL);          assert_return(cookie, -EINVAL); -        assert_return(m->reply_cookie != 0, -ENODATA); + +        if (m->reply_cookie == 0) +                return -ENODATA;          *cookie = m->reply_cookie;          return 0; @@ -967,9 +1086,11 @@ _public_ sd_bus_creds *sd_bus_message_get_creds(sd_bus_message *m) {          return &m->creds;  } -_public_ int sd_bus_message_is_signal(sd_bus_message *m, -                                      const char *interface, -                                      const char *member) { +_public_ int sd_bus_message_is_signal( +                sd_bus_message *m, +                const char *interface, +                const char *member) { +          assert_return(m, -EINVAL);          if (m->header->type != SD_BUS_MESSAGE_SIGNAL) @@ -984,9 +1105,11 @@ _public_ int sd_bus_message_is_signal(sd_bus_message *m,          return 1;  } -_public_ int sd_bus_message_is_method_call(sd_bus_message *m, -                                           const char *interface, -                                           const char *member) { +_public_ int sd_bus_message_is_method_call( +                sd_bus_message *m, +                const char *interface, +                const char *member) { +          assert_return(m, -EINVAL);          if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL) @@ -1221,7 +1344,13 @@ static void message_extend_containers(sd_bus_message *m, size_t expand) {          }  } -static void *message_extend_body(sd_bus_message *m, size_t align, size_t sz, bool add_offset) { +static void *message_extend_body( +                sd_bus_message *m, +                size_t align, +                size_t sz, +                bool add_offset, +                bool force_inline) { +          size_t start_body, end_body, padding, added;          void *p;          int r; @@ -1233,14 +1362,15 @@ static void *message_extend_body(sd_bus_message *m, size_t align, size_t sz, boo          if (m->poisoned)                  return NULL; -        start_body = ALIGN_TO((size_t) m->header->body_size, align); +        start_body = ALIGN_TO((size_t) m->body_size, align);          end_body = start_body + sz; -        padding = start_body - m->header->body_size; +        padding = start_body - m->body_size;          added = padding + sz;          /* Check for 32bit overflows */ -        if (end_body > (size_t) ((uint32_t) -1)) { +        if (end_body > (size_t) ((uint32_t) -1) || +            end_body < start_body) {                  m->poisoned = true;                  return NULL;          } @@ -1252,7 +1382,8 @@ static void *message_extend_body(sd_bus_message *m, size_t align, size_t sz, boo                  add_new_part =                          m->n_body_parts <= 0 ||                          m->body_end->sealed || -                        padding != ALIGN_TO(m->body_end->size, align) - m->body_end->size; +                        (padding != ALIGN_TO(m->body_end->size, align) - m->body_end->size) || +                        (force_inline && m->body_end->size > MEMFD_MIN_SIZE); /* if this must be an inlined extension, let's create a new part if the previous part is large enough to be inlined */                  if (add_new_part) {                          if (padding > 0) { @@ -1301,7 +1432,7 @@ static void *message_extend_body(sd_bus_message *m, size_t align, size_t sz, boo                  /* Return something that is not NULL and is aligned */                  p = (uint8_t *) NULL + align; -        m->header->body_size = end_body; +        m->body_size = end_body;          message_extend_containers(m, added);          if (add_offset) { @@ -1427,7 +1558,7 @@ int message_append_basic(sd_bus_message *m, char type, const void *p, const void                  assert(align > 0);                  assert(sz > 0); -                a = message_extend_body(m, align, sz, true); +                a = message_extend_body(m, align, sz, true, false);                  if (!a)                          return -ENOMEM; @@ -1496,7 +1627,7 @@ int message_append_basic(sd_bus_message *m, char type, const void *p, const void                  assert(align > 0);                  assert(sz > 0); -                a = message_extend_body(m, align, sz, false); +                a = message_extend_body(m, align, sz, false, false);                  if (!a)                          return -ENOMEM; @@ -1570,13 +1701,13 @@ _public_ int sd_bus_message_append_string_space(          }          if (BUS_MESSAGE_IS_GVARIANT(m)) { -                a = message_extend_body(m, 1, size + 1, true); +                a = message_extend_body(m, 1, size + 1, true, false);                  if (!a)                          return -ENOMEM;                  *s = a;          } else { -                a = message_extend_body(m, 4, 4 + size + 1, false); +                a = message_extend_body(m, 4, 4 + size + 1, false, false);                  if (!a)                          return -ENOMEM; @@ -1681,14 +1812,14 @@ static int bus_message_open_array(                          return alignment;                  /* Add alignment padding and add to offset list */ -                if (!message_extend_body(m, alignment, 0, false)) +                if (!message_extend_body(m, alignment, 0, false, false))                          return -ENOMEM;                  r = bus_gvariant_is_fixed_size(contents);                  if (r < 0)                          return r; -                *begin = m->header->body_size; +                *begin = m->body_size;                  *need_offsets = r == 0;          } else {                  void *a, *op; @@ -1699,7 +1830,7 @@ static int bus_message_open_array(                  if (alignment < 0)                          return alignment; -                a = message_extend_body(m, 4, 4, false); +                a = message_extend_body(m, 4, 4, false, false);                  if (!a)                          return -ENOMEM; @@ -1708,7 +1839,7 @@ static int bus_message_open_array(                  os = m->body_end->size;                  /* Add alignment between size and first element */ -                if (!message_extend_body(m, alignment, 0, false)) +                if (!message_extend_body(m, alignment, 0, false, false))                          return -ENOMEM;                  /* location of array size might have changed so let's readjust a */ @@ -1761,7 +1892,7 @@ static int bus_message_open_variant(          if (BUS_MESSAGE_IS_GVARIANT(m)) {                  /* Variants are always aligned to 8 */ -                if (!message_extend_body(m, 8, 0, false)) +                if (!message_extend_body(m, 8, 0, false, false))                          return -ENOMEM;          } else { @@ -1769,7 +1900,7 @@ static int bus_message_open_variant(                  void *a;                  l = strlen(contents); -                a = message_extend_body(m, 1, 1 + l + 1, false); +                a = message_extend_body(m, 1, 1 + l + 1, false, false);                  if (!a)                          return -ENOMEM; @@ -1835,18 +1966,18 @@ static int bus_message_open_struct(                  if (alignment < 0)                          return alignment; -                if (!message_extend_body(m, alignment, 0, false)) +                if (!message_extend_body(m, alignment, 0, false, false))                          return -ENOMEM;                  r = bus_gvariant_is_fixed_size(contents);                  if (r < 0)                          return r; -                *begin = m->header->body_size; +                *begin = m->body_size;                  *need_offsets = r == 0;          } else {                  /* Align contents to 8 byte boundary */ -                if (!message_extend_body(m, 8, 0, false)) +                if (!message_extend_body(m, 8, 0, false, false))                          return -ENOMEM;          } @@ -1896,18 +2027,18 @@ static int bus_message_open_dict_entry(                  if (alignment < 0)                          return alignment; -                if (!message_extend_body(m, alignment, 0, false)) +                if (!message_extend_body(m, alignment, 0, false, false))                          return -ENOMEM;                  r = bus_gvariant_is_fixed_size(contents);                  if (r < 0)                          return r; -                *begin = m->header->body_size; +                *begin = m->body_size;                  *need_offsets = r == 0;          } else {                  /* Align contents to 8 byte boundary */ -                if (!message_extend_body(m, 8, 0, false)) +                if (!message_extend_body(m, 8, 0, false, false))                          return -ENOMEM;          } @@ -1948,7 +2079,7 @@ _public_ int sd_bus_message_open_container(          /* Save old index in the parent container, in case we have to           * abort this container */          c->saved_index = c->index; -        before = m->header->body_size; +        before = m->body_size;          if (type == SD_BUS_TYPE_ARRAY)                  r = bus_message_open_array(m, c, contents, &array_size, &begin, &need_offsets); @@ -1981,66 +2112,6 @@ _public_ int sd_bus_message_open_container(          return 0;  } -static size_t determine_word_size(size_t sz, size_t extra) { -        if (sz + extra <= 0xFF) -                return 1; -        else if (sz + extra*2 <= 0xFFFF) -                return 2; -        else if (sz + extra*4 <= 0xFFFFFFFF) -                return 4; -        else -                return 8; -} - -static size_t read_word_le(void *p, size_t sz) { -        union { -                uint16_t u16; -                uint32_t u32; -                uint64_t u64; -        } x; - -        assert(p); - -        if (sz == 1) -                return *(uint8_t*) p; - -        memcpy(&x, p, sz); - -        if (sz == 2) -                return le16toh(x.u16); -        else if (sz == 4) -                return le32toh(x.u32); -        else if (sz == 8) -                return le64toh(x.u64); - -        assert_not_reached("unknown word width"); -} - -static void write_word_le(void *p, size_t sz, size_t value) { -        union { -                uint16_t u16; -                uint32_t u32; -                uint64_t u64; -        } x; - -        assert(p); -        assert(sz == 8 || (value < (1ULL << (sz*8)))); - -        if (sz == 1) { -                *(uint8_t*) p = value; -                return; -        } else if (sz == 2) -                x.u16 = htole16((uint16_t) value); -        else if (sz == 4) -                x.u32 = htole32((uint32_t) value); -        else if (sz == 8) -                x.u64 = htole64((uint64_t) value); -        else -                assert_not_reached("unknown word width"); - -        memcpy(p, &x, sz); -} -  static int bus_message_close_array(sd_bus_message *m, struct bus_container *c) {          assert(m); @@ -2056,20 +2127,20 @@ static int bus_message_close_array(sd_bus_message *m, struct bus_container *c) {                  /* Variable-width arrays */                  payload = c->n_offsets > 0 ? c->offsets[c->n_offsets-1] - c->begin : 0; -                sz = determine_word_size(payload, c->n_offsets); +                sz = bus_gvariant_determine_word_size(payload, c->n_offsets); -                a = message_extend_body(m, 1, sz * c->n_offsets, true); +                a = message_extend_body(m, 1, sz * c->n_offsets, true, false);                  if (!a)                          return -ENOMEM;                  for (i = 0; i < c->n_offsets; i++) -                        write_word_le(a + sz*i, sz, c->offsets[i] - c->begin); +                        bus_gvariant_write_word_le(a + sz*i, sz, c->offsets[i] - c->begin);          } else {                  void *a;                  /* Fixed-width or empty arrays */ -                a = message_extend_body(m, 1, 0, true); /* let's add offset to parent */ +                a = message_extend_body(m, 1, 0, true, false); /* let's add offset to parent */                  if (!a)                          return -ENOMEM;          } @@ -2090,7 +2161,7 @@ static int bus_message_close_variant(sd_bus_message *m, struct bus_container *c)          l = strlen(c->signature); -        a = message_extend_body(m, 1, 1 + l, true); +        a = message_extend_body(m, 1, 1 + l, true, false);          if (!a)                  return -ENOMEM; @@ -2147,18 +2218,18 @@ static int bus_message_close_struct(sd_bus_message *m, struct bus_container *c,          assert(c->need_offsets || n_variable == 0);          if (n_variable <= 0) { -                a = message_extend_body(m, 1, 0, add_offset); +                a = message_extend_body(m, 1, 0, add_offset, false);                  if (!a)                          return -ENOMEM;          } else {                  size_t sz;                  unsigned j; -                assert(c->offsets[c->n_offsets-1] == m->header->body_size); +                assert(c->offsets[c->n_offsets-1] == m->body_size); -                sz = determine_word_size(m->header->body_size - c->begin, n_variable); +                sz = bus_gvariant_determine_word_size(m->body_size - c->begin, n_variable); -                a = message_extend_body(m, 1, sz * n_variable, add_offset); +                a = message_extend_body(m, 1, sz * n_variable, add_offset, false);                  if (!a)                          return -ENOMEM; @@ -2187,7 +2258,7 @@ static int bus_message_close_struct(sd_bus_message *m, struct bus_container *c,                          k = n_variable - 1 - j; -                        write_word_le(a + k * sz, sz, c->offsets[i] - c->begin); +                        bus_gvariant_write_word_le(a + k * sz, sz, c->offsets[i] - c->begin);                          j++;                  } @@ -2518,7 +2589,7 @@ _public_ int sd_bus_message_append_array_space(          if (r < 0)                  return r; -        a = message_extend_body(m, align, size, false); +        a = message_extend_body(m, align, size, false, false);          if (!a)                  return -ENOMEM; @@ -2647,7 +2718,7 @@ _public_ int sd_bus_message_append_array_memfd(          if (r < 0)                  return r; -        a = message_extend_body(m, align, 0, false); +        a = message_extend_body(m, align, 0, false, false);          if (!a)                  return -ENOMEM; @@ -2661,7 +2732,7 @@ _public_ int sd_bus_message_append_array_memfd(          part->size = size;          copy_fd = -1; -        m->header->body_size += size; +        m->body_size += size;          message_extend_containers(m, size);          return sd_bus_message_close_container(m); @@ -2731,7 +2802,7 @@ _public_ int sd_bus_message_append_string_memfd(          }          if (!BUS_MESSAGE_IS_GVARIANT(m)) { -                a = message_extend_body(m, 4, 4, false); +                a = message_extend_body(m, 4, 4, false, false);                  if (!a)                          return -ENOMEM; @@ -2748,11 +2819,11 @@ _public_ int sd_bus_message_append_string_memfd(          part->size = size;          copy_fd = -1; -        m->header->body_size += size; +        m->body_size += size;          message_extend_containers(m, size);          if (BUS_MESSAGE_IS_GVARIANT(m)) { -                r = message_add_offset(m, m->header->body_size); +                r = message_add_offset(m, m->body_size);                  if (r < 0) {                          m->poisoned = true;                          return -ENOMEM; @@ -2787,34 +2858,66 @@ _public_ int sd_bus_message_append_strv(sd_bus_message *m, char **l) {  }  static int bus_message_close_header(sd_bus_message *m) { -        uint8_t *a; -        size_t sz, i;          assert(m); -        if (!BUS_MESSAGE_IS_GVARIANT(m)) -                return 0; +        /* The actual user data is finished now, we just complete the +           variant and struct now (at least on gvariant). Remember +           this position, so that during parsing we know where to to +           put the outer container end. */ +        m->user_body_size = m->body_size; -        if (m->n_header_offsets < 1) -                return 0; +        if (BUS_MESSAGE_IS_GVARIANT(m)) { +                const char *signature; +                size_t sz, l; +                void *d; -        assert(m->header->fields_size == m->header_offsets[m->n_header_offsets-1]); +                /* Add offset table to end of fields array */ +                if (m->n_header_offsets >= 1) { +                        uint8_t *a; +                        unsigned i; -        sz = determine_word_size(m->header->fields_size, m->n_header_offsets); +                        assert(m->fields_size == m->header_offsets[m->n_header_offsets-1]); -        a = message_extend_fields(m, 1, sz * m->n_header_offsets, false); -        if (!a) -                return -ENOMEM; +                        sz = bus_gvariant_determine_word_size(m->fields_size, m->n_header_offsets); +                        a = message_extend_fields(m, 1, sz * m->n_header_offsets, false); +                        if (!a) +                                return -ENOMEM; + +                        for (i = 0; i < m->n_header_offsets; i++) +                                bus_gvariant_write_word_le(a + sz*i, sz, m->header_offsets[i]); +                } + +                /* Add gvariant NUL byte plus signature to the end of +                 * the body, followed by the final offset pointing to +                 * the end of the fields array */ -        for (i = 0; i < m->n_header_offsets; i++) -                write_word_le(a + sz*i, sz, m->header_offsets[i]); +                signature = strempty(m->root_container.signature); +                l = strlen(signature); + +                sz = bus_gvariant_determine_word_size(sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size + 1 + l, 1); +                d = message_extend_body(m, 1, 1 + l + sz, false, true); +                if (!d) +                        return -ENOMEM; + +                *(uint8_t*) d = 0; +                memcpy((uint8_t*) d + 1, signature, l); + +                bus_gvariant_write_word_le((uint8_t*) d + 1 + l, sz, sizeof(struct bus_header) + m->fields_size); + +                m->footer = d; +                m->footer_accessible = 1 + l + sz; +        } else { +                m->header->dbus1.fields_size = m->fields_size; +                m->header->dbus1.body_size = m->body_size; +        }          return 0;  }  int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {          struct bus_body_part *part; -        size_t l, a; +        size_t a;          unsigned i;          int r; @@ -2829,6 +2932,10 @@ int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {          if (m->poisoned)                  return -ESTALE; +        if (cookie > 0xffffffffULL && +            !BUS_MESSAGE_IS_GVARIANT(m)) +                return -ENOTSUP; +          /* In vtables the return signature of method calls is listed,           * let's check if they match if this is a response */          if (m->header->type == SD_BUS_MESSAGE_METHOD_RETURN && @@ -2841,8 +2948,9 @@ int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {          if (r < 0)                  return r; -        /* If there's a non-trivial signature set, then add it in here */ -        if (!isempty(m->root_container.signature)) { +        /* If there's a non-trivial signature set, then add it in +         * here, but only on dbus1 */ +        if (!isempty(m->root_container.signature) && !BUS_MESSAGE_IS_GVARIANT(m)) {                  r = message_append_field_signature(m, BUS_MESSAGE_HEADER_SIGNATURE, m->root_container.signature, NULL);                  if (r < 0)                          return r; @@ -2858,24 +2966,30 @@ int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {          if (r < 0)                  return r; -        m->header->serial = (uint32_t) cookie; +        if (BUS_MESSAGE_IS_GVARIANT(m)) +                m->header->dbus2.cookie = cookie; +        else +                m->header->dbus1.serial = (uint32_t) cookie; +          m->timeout = m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED ? 0 : timeout;          /* Add padding at the end of the fields part, since we know           * the body needs to start at an 8 byte alignment. We made           * sure we allocated enough space for this, so all we need to           * do here is to zero it out. */ -        l = BUS_MESSAGE_FIELDS_SIZE(m); -        a = ALIGN8(l) - l; +        a = ALIGN8(m->fields_size) - m->fields_size;          if (a > 0) -                memzero((uint8_t*) BUS_MESSAGE_FIELDS(m) + l, a); +                memzero((uint8_t*) BUS_MESSAGE_FIELDS(m) + m->fields_size, a);          /* If this is something we can send as memfd, then let's seal          the memfd now. Note that we can send memfds as payload only          for directed messages, and not for broadcasts. */          if (m->destination && m->bus->use_memfd) {                  MESSAGE_FOREACH_PART(part, i, m) -                        if (part->memfd >= 0 && !part->sealed && (part->size > MEMFD_MIN_SIZE || m->bus->use_memfd < 0)) { +                        if (part->memfd >= 0 && +                            !part->sealed && +                            (part->size > MEMFD_MIN_SIZE || m->bus->use_memfd < 0) && +                            part != m->body_end) { /* The last part may never be sent as memfd */                                  uint64_t sz;                                  /* Try to seal it if that makes @@ -2895,7 +3009,7 @@ int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {                          }          } -        m->root_container.end = BUS_MESSAGE_BODY_SIZE(m); +        m->root_container.end = m->user_body_size;          m->root_container.index = 0;          m->root_container.offset_index = 0;          m->root_container.item_size = m->root_container.n_offsets > 0 ? m->root_container.offsets[0] : 0; @@ -3181,7 +3295,7 @@ static int message_peek_body(          padding = start - *rindex;          end = start + nbytes; -        if (end > BUS_MESSAGE_BODY_SIZE(m)) +        if (end > m->user_body_size)                  return -EBADMSG;          part = find_part(m, *rindex, padding, (void**) &q); @@ -3554,14 +3668,14 @@ static int bus_message_enter_array(                  unsigned i;                  /* gvariant: variable length array */ -                sz = determine_word_size(c->item_size, 0); +                sz = bus_gvariant_determine_word_size(c->item_size, 0);                  where = rindex + c->item_size - sz;                  r = message_peek_body(m, &where, 1, sz, &q);                  if (r < 0)                          return r; -                framing = read_word_le(q, sz); +                framing = bus_gvariant_read_word_le(q, sz);                  if (framing > c->item_size - sz)                          return -EBADMSG;                  if ((c->item_size - framing) % sz != 0) @@ -3581,7 +3695,7 @@ static int bus_message_enter_array(                  for (i = 0; i < *n_offsets; i++) {                          size_t x; -                        x = read_word_le((uint8_t*) q + i * sz, sz); +                        x = bus_gvariant_read_word_le((uint8_t*) q + i * sz, sz);                          if (x > c->item_size - sz)                                  return -EBADMSG;                          if (x < p) @@ -3704,7 +3818,7 @@ static int build_struct_offsets(                  return 0;          } -        sz = determine_word_size(size, 0); +        sz = bus_gvariant_determine_word_size(size, 0);          if (sz <= 0)                  return -EBADMSG; @@ -3778,7 +3892,7 @@ static int build_struct_offsets(                                  if (v > 0) {                                          v--; -                                        x = read_word_le((uint8_t*) q + v*sz, sz); +                                        x = bus_gvariant_read_word_le((uint8_t*) q + v*sz, sz);                                          if (x >= size)                                                  return -EBADMSG;                                          if (m->rindex + x < previous) @@ -4659,10 +4773,12 @@ _public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) {          }  } -_public_ int sd_bus_message_read_array(sd_bus_message *m, -                                       char type, -                                       const void **ptr, -                                       size_t *size) { +_public_ int sd_bus_message_read_array( +                sd_bus_message *m, +                char type, +                const void **ptr, +                size_t *size) { +          struct bus_container *c;          void *p;          size_t sz; @@ -4731,7 +4847,7 @@ static int message_peek_fields(          assert(rindex);          assert(align > 0); -        return buffer_peek(BUS_MESSAGE_FIELDS(m), BUS_MESSAGE_FIELDS_SIZE(m), rindex, align, nbytes, ret); +        return buffer_peek(BUS_MESSAGE_FIELDS(m), m->fields_size, rindex, align, nbytes, ret);  }  static int message_peek_field_uint32( @@ -4761,6 +4877,33 @@ static int message_peek_field_uint32(          return 0;  } +static int message_peek_field_uint64( +                sd_bus_message *m, +                size_t *ri, +                size_t item_size, +                uint64_t *ret) { + +        int r; +        void *q; + +        assert(m); +        assert(ri); + +        if (BUS_MESSAGE_IS_GVARIANT(m) && item_size != 8) +                return -EBADMSG; + +        /* identical for gvariant and dbus1 */ + +        r = message_peek_fields(m, ri, 8, 8, &q); +        if (r < 0) +                return r; + +        if (ret) +                *ret = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q); + +        return 0; +} +  static int message_peek_field_string(                  sd_bus_message *m,                  bool (*validate)(const char *p), @@ -5006,59 +5149,106 @@ int bus_message_parse_fields(sd_bus_message *m) {          assert(m);          if (BUS_MESSAGE_IS_GVARIANT(m)) { -                void *q; +                char *p; + +                /* Read the signature from the end of the body variant first */ +                sz = bus_gvariant_determine_word_size(BUS_MESSAGE_SIZE(m), 0); +                if (m->footer_accessible < 1 + sz) +                        return -EBADMSG; + +                p = (char*) m->footer + m->footer_accessible - (1 + sz); +                for (;;) { +                        if (p < (char*) m->footer) +                                return -EBADMSG; + +                        if (*p == 0) { +                                char *c; + +                                /* We found the beginning of the signature string, yay! */ + +                                c = strndup(p + 1, ((char*) m->footer + m->footer_accessible) - p - (1 + sz)); +                                if (!c) +                                        return -ENOMEM; + +                                free(m->root_container.signature); +                                m->root_container.signature = c; +                                break; +                        } -                sz = determine_word_size(BUS_MESSAGE_FIELDS_SIZE(m), 0); +                        p--; +                } + +                /* Calculate the actual user body size, by removing +                 * the trailing variant signature and struct offset +                 * table */ +                m->user_body_size = m->body_size - ((char*) m->footer + m->footer_accessible - p); + +                /* Pull out the offset table for the fields array */ +                sz = bus_gvariant_determine_word_size(m->fields_size, 0);                  if (sz > 0) {                          size_t framing; +                        void *q; -                        ri = BUS_MESSAGE_FIELDS_SIZE(m) - sz; +                        ri = m->fields_size - sz;                          r = message_peek_fields(m, &ri, 1, sz, &q);                          if (r < 0)                                  return r; -                        framing = read_word_le(q, sz); -                        if (framing >= BUS_MESSAGE_FIELDS_SIZE(m) - sz) +                        framing = bus_gvariant_read_word_le(q, sz); +                        if (framing >= m->fields_size - sz)                                  return -EBADMSG; -                        if ((BUS_MESSAGE_FIELDS_SIZE(m) - framing) % sz != 0) +                        if ((m->fields_size - framing) % sz != 0)                                  return -EBADMSG;                          ri = framing; -                        r = message_peek_fields(m, &ri, 1, BUS_MESSAGE_FIELDS_SIZE(m) - framing, &offsets); +                        r = message_peek_fields(m, &ri, 1, m->fields_size - framing, &offsets);                          if (r < 0)                                  return r; -                        n_offsets = (BUS_MESSAGE_FIELDS_SIZE(m) - framing) / sz; +                        n_offsets = (m->fields_size - framing) / sz;                  } -        } +        } else +                m->user_body_size = m->body_size;          ri = 0; -        while (ri < BUS_MESSAGE_FIELDS_SIZE(m)) { +        while (ri < m->fields_size) {                  _cleanup_free_ char *sig = NULL;                  const char *signature; -                uint8_t *header; +                uint64_t field_type;                  size_t item_size = (size_t) -1;                  if (BUS_MESSAGE_IS_GVARIANT(m)) { +                        uint64_t *u64; +                          if (i >= n_offsets)                                  break;                          if (i == 0)                                  ri = 0;                          else -                                ri = ALIGN_TO(read_word_le((uint8_t*) offsets + (i-1)*sz, sz), 8); -                } +                                ri = ALIGN_TO(bus_gvariant_read_word_le((uint8_t*) offsets + (i-1)*sz, sz), 8); -                r = message_peek_fields(m, &ri, 8, 1, (void**) &header); -                if (r < 0) -                        return r; +                        r = message_peek_fields(m, &ri, 8, 8, (void**) &u64); +                        if (r < 0) +                                return r; + +                        field_type = BUS_MESSAGE_BSWAP64(m, *u64); +                } else { +                        uint8_t *u8; + +                        r = message_peek_fields(m, &ri, 8, 1, (void**) &u8); +                        if (r < 0) +                                return r; + +                        field_type = *u8; +                }                  if (BUS_MESSAGE_IS_GVARIANT(m)) {                          size_t where, end;                          char *b;                          void *q; -                        end = read_word_le((uint8_t*) offsets + i*sz, sz); +                        end = bus_gvariant_read_word_le((uint8_t*) offsets + i*sz, sz);                          if (end < ri)                                  return -EBADMSG; @@ -5085,7 +5275,8 @@ int bus_message_parse_fields(sd_bus_message *m) {                                  return r;                  } -                switch (*header) { +                switch (field_type) { +                  case _BUS_MESSAGE_HEADER_INVALID:                          return -EBADMSG; @@ -5169,6 +5360,9 @@ int bus_message_parse_fields(sd_bus_message *m) {                          const char *s;                          char *c; +                        if (BUS_MESSAGE_IS_GVARIANT(m)) /* only applies to dbus1 */ +                                return -EBADMSG; +                          if (m->root_container.signature)                                  return -EBADMSG; @@ -5188,26 +5382,38 @@ int bus_message_parse_fields(sd_bus_message *m) {                          break;                  } -                case BUS_MESSAGE_HEADER_REPLY_SERIAL: { -                        uint32_t serial; +                case BUS_MESSAGE_HEADER_REPLY_SERIAL:                          if (m->reply_cookie != 0)                                  return -EBADMSG; -                        if (!streq(signature, "u")) -                                return -EBADMSG; +                        if (BUS_MESSAGE_IS_GVARIANT(m)) { +                                /* 64bit on dbus2 */ -                        r = message_peek_field_uint32(m, &ri, item_size, &serial); -                        if (r < 0) -                                return r; +                                if (!streq(signature, "t")) +                                        return -EBADMSG; + +                                r = message_peek_field_uint64(m, &ri, item_size, &m->reply_cookie); +                                if (r < 0) +                                        return r; +                        } else { +                                /* 32bit on dbus1 */ +                                uint32_t serial; + +                                if (!streq(signature, "u")) +                                        return -EBADMSG; -                        m->reply_cookie = serial; +                                r = message_peek_field_uint32(m, &ri, item_size, &serial); +                                if (r < 0) +                                        return r; + +                                m->reply_cookie = serial; +                        }                          if (m->reply_cookie == 0)                                  return -EBADMSG;                          break; -                }                  case BUS_MESSAGE_HEADER_UNIX_FDS:                          if (unix_fds_set) @@ -5279,13 +5485,13 @@ int bus_message_parse_fields(sd_bus_message *m) {          if (streq_ptr(m->sender, "org.freedesktop.DBus.Local"))                  return -EBADMSG; -        m->root_container.end = BUS_MESSAGE_BODY_SIZE(m); +        m->root_container.end = m->user_body_size;          if (BUS_MESSAGE_IS_GVARIANT(m)) {                  r = build_struct_offsets(                                  m,                                  m->root_container.signature, -                                BUS_MESSAGE_BODY_SIZE(m), +                                m->user_body_size,                                  &m->root_container.item_size,                                  &m->root_container.offsets,                                  &m->root_container.n_offsets); @@ -5439,40 +5645,6 @@ int bus_message_get_arg(sd_bus_message *m, unsigned i, const char **str, char **          return 0;  } -bool bus_header_is_complete(struct bus_header *h, size_t size) { -        size_t full; - -        assert(h); -        assert(size); - -        if (size < sizeof(struct bus_header)) -                return false; - -        full = sizeof(struct bus_header) + -                (h->endian == BUS_NATIVE_ENDIAN ? h->fields_size : bswap_32(h->fields_size)); - -        return size >= full; -} - -int bus_header_message_size(struct bus_header *h, size_t *sum) { -        size_t fs, bs; - -        assert(h); -        assert(sum); - -        if (h->endian == BUS_NATIVE_ENDIAN) { -                fs = h->fields_size; -                bs = h->body_size; -        } else if (h->endian == BUS_REVERSE_ENDIAN) { -                fs = bswap_32(h->fields_size); -                bs = bswap_32(h->body_size); -        } else -                return -EBADMSG; - -        *sum = sizeof(struct bus_header) + ALIGN8(fs) + bs; -        return 0; -} -  _public_ int sd_bus_message_get_errno(sd_bus_message *m) {          assert_return(m, EINVAL); diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h index b4cdce7bf4..32955329b4 100644 --- a/src/libsystemd/sd-bus/bus-message.h +++ b/src/libsystemd/sd-bus/bus-message.h @@ -99,7 +99,18 @@ struct sd_bus_message {          bool release_kdbus:1;          bool poisoned:1; +        /* The first and last bytes of the message */          struct bus_header *header; +        void *footer; + +        /* How many bytes are accessible in the above pointers */ +        size_t header_accessible; +        size_t footer_accessible; + +        size_t fields_size; +        size_t body_size; +        size_t user_body_size; +          struct bus_body_part body;          struct bus_body_part *body_end;          unsigned n_body_parts; @@ -112,7 +123,7 @@ struct sd_bus_message {          int *fds;          struct bus_container root_container, *containers; -        unsigned n_containers; +        size_t n_containers;          size_t containers_allocated;          struct iovec *iovec; @@ -138,7 +149,9 @@ struct sd_bus_message {          unsigned n_header_offsets;  }; -#define BUS_MESSAGE_NEED_BSWAP(m) ((m)->header->endian != BUS_NATIVE_ENDIAN) +static inline bool BUS_MESSAGE_NEED_BSWAP(sd_bus_message *m) { +        return m->header->endian != BUS_NATIVE_ENDIAN; +}  static inline uint16_t BUS_MESSAGE_BSWAP16(sd_bus_message *m, uint16_t u) {          return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_16(u) : u; @@ -153,29 +166,23 @@ static inline uint64_t BUS_MESSAGE_BSWAP64(sd_bus_message *m, uint64_t u) {  }  static inline uint64_t BUS_MESSAGE_COOKIE(sd_bus_message *m) { -        /* Note that we return the serial converted to a 64bit value here */ -        return BUS_MESSAGE_BSWAP32(m, m->header->serial); -} +        if (m->header->version == 2) +                return BUS_MESSAGE_BSWAP64(m, m->header->dbus2.cookie); -static inline uint32_t BUS_MESSAGE_BODY_SIZE(sd_bus_message *m) { -        return BUS_MESSAGE_BSWAP32(m, m->header->body_size); +        return BUS_MESSAGE_BSWAP32(m, m->header->dbus1.serial);  } -static inline uint32_t BUS_MESSAGE_FIELDS_SIZE(sd_bus_message *m) { -        return BUS_MESSAGE_BSWAP32(m, m->header->fields_size); -} - -static inline uint32_t BUS_MESSAGE_SIZE(sd_bus_message *m) { +static inline size_t BUS_MESSAGE_SIZE(sd_bus_message *m) {          return                  sizeof(struct bus_header) + -                ALIGN8(BUS_MESSAGE_FIELDS_SIZE(m)) + -                BUS_MESSAGE_BODY_SIZE(m); +                ALIGN8(m->fields_size) + +                m->body_size;  } -static inline uint32_t BUS_MESSAGE_BODY_BEGIN(sd_bus_message *m) { +static inline size_t BUS_MESSAGE_BODY_BEGIN(sd_bus_message *m) {          return                  sizeof(struct bus_header) + -                ALIGN8(BUS_MESSAGE_FIELDS_SIZE(m)); +                ALIGN8(m->fields_size);  }  static inline void* BUS_MESSAGE_FIELDS(sd_bus_message *m) { @@ -193,7 +200,10 @@ int bus_message_read_strv_extend(sd_bus_message *m, char ***l);  int bus_message_from_header(                  sd_bus *bus,                  void *header, -                size_t length, +                size_t header_accessible, +                void *footer, +                size_t footer_accessible, +                size_t message_size,                  int *fds,                  unsigned n_fds,                  const struct ucred *ucred, @@ -217,9 +227,6 @@ int bus_message_append_ap(sd_bus_message *m, const char *types, va_list ap);  int bus_message_parse_fields(sd_bus_message *m); -bool bus_header_is_complete(struct bus_header *h, size_t size); -int bus_header_message_size(struct bus_header *h, size_t *sum); -  struct bus_body_part *message_append_part(sd_bus_message *m);  #define MESSAGE_FOREACH_PART(part, i, m) \ diff --git a/src/libsystemd/sd-bus/bus-protocol.h b/src/libsystemd/sd-bus/bus-protocol.h index 6431dfbff8..183af89a63 100644 --- a/src/libsystemd/sd-bus/bus-protocol.h +++ b/src/libsystemd/sd-bus/bus-protocol.h @@ -23,21 +23,38 @@  #include <endian.h> +#include "macro.h" +  /* Packet header */ -struct bus_header { +struct _packed_ bus_header { +        /* The first four fields are identical for dbus1, and dbus2 */          uint8_t endian;          uint8_t type;          uint8_t flags;          uint8_t version; -        uint32_t body_size; - -        /* Note that what the bus spec calls "serial" we'll call -        "cookie" instead, because we don't want to imply that the -        cookie was in any way monotonically increasing. */ -        uint32_t serial; -        uint32_t fields_size; -} _packed_; + +        union _packed_ { +                /* dbus1: Used for SOCK_STREAM connections */ +                struct _packed_ { +                        uint32_t body_size; + +                        /* Note that what the bus spec calls "serial" we'll call +                           "cookie" instead, because we don't want to imply that the +                           cookie was in any way monotonically increasing. */ +                        uint32_t serial; +                        uint32_t fields_size; +                } dbus1; + +                /* dbus2: Used for kdbus connections */ +                struct _packed_ { +                        uint32_t _reserved; +                        uint64_t cookie; +                } dbus2; + +                /* Note that both header versions have the same size! */ +        }; +};  /* Endianness */ diff --git a/src/libsystemd/sd-bus/test-bus-gvariant.c b/src/libsystemd/sd-bus/test-bus-gvariant.c index 6992ec44de..992edacb28 100644 --- a/src/libsystemd/sd-bus/test-bus-gvariant.c +++ b/src/libsystemd/sd-bus/test-bus-gvariant.c @@ -132,7 +132,7 @@ static void test_bus_gvariant_get_alignment(void) {  static void test_marshal(void) {          _cleanup_bus_message_unref_ sd_bus_message *m = NULL, *n = NULL; -        _cleanup_bus_unref_ sd_bus *bus = NULL; +        _cleanup_bus_close_unref_ sd_bus *bus = NULL;          _cleanup_free_ void *blob;          size_t sz;          int r; @@ -145,6 +145,8 @@ static void test_marshal(void) {          assert_se(sd_bus_message_new_method_call(bus, &m, "a.service.name", "/an/object/path/which/is/really/really/long/so/that/we/hit/the/eight/bit/boundary/by/quite/some/margin/to/test/this/stuff/that/it/really/works", "an.interface.name", "AMethodName") >= 0); +        assert_cc(sizeof(struct bus_header) == 16); +          assert_se(sd_bus_message_append(m,                                          "a(usv)", 3,                                          4711, "first-string-parameter", "(st)", "X", (uint64_t) 1111, @@ -162,13 +164,15 @@ static void test_marshal(void) {                  g_type_init();  #endif -                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuuua(yv))"), m->header, sizeof(struct bus_header) + BUS_MESSAGE_FIELDS_SIZE(m), false, NULL, NULL); +                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuta{tv})"), m->header, sizeof(struct bus_header) + m->fields_size, false, NULL, NULL); +                assert_se(g_variant_is_normal_form(v));                  t = g_variant_print(v, TRUE);                  printf("%s\n", t);                  g_free(t);                  g_variant_unref(v); -                v = g_variant_new_from_data(G_VARIANT_TYPE("(a(usv))"), m->body.data, BUS_MESSAGE_BODY_SIZE(m), false, NULL, NULL); +                v = g_variant_new_from_data(G_VARIANT_TYPE("(a(usv))"), m->body.data, m->user_body_size, false, NULL, NULL); +                assert_se(g_variant_is_normal_form(v));                  t = g_variant_print(v, TRUE);                  printf("%s\n", t);                  g_free(t); @@ -180,6 +184,20 @@ static void test_marshal(void) {          assert_se(bus_message_get_blob(m, &blob, &sz) >= 0); +#ifdef HAVE_GLIB +        { +                GVariant *v; +                char *t; + +                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuta{tv}v)"), blob, sz, false, NULL, NULL); +                assert_se(g_variant_is_normal_form(v)); +                t = g_variant_print(v, TRUE); +                printf("%s\n", t); +                g_free(t); +                g_variant_unref(v); +        } +#endif +          assert_se(bus_message_from_malloc(bus, blob, sz, NULL, 0, NULL, NULL, &n) >= 0);          blob = NULL; | 
