-
Notifications
You must be signed in to change notification settings - Fork 62
/
Copy pathitem.c
339 lines (289 loc) · 8.21 KB
/
item.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
/*
* Copyright (C) 2013-2015 Kay Sievers
* Copyright (C) 2013-2015 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Copyright (C) 2013-2015 Daniel Mack <daniel@zonque.org>
* Copyright (C) 2013-2015 David Herrmann <dh.herrmann@gmail.com>
* Copyright (C) 2013-2015 Linux Foundation
* Copyright (C) 2014-2015 Djalal Harouni <tixxdz@opendz.org>
*
* kdbus is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation; either version 2.1 of the License, or (at
* your option) any later version.
*/
#include <linux/ctype.h>
#include <linux/fs.h>
#include <linux/string.h>
#include "item.h"
#include "limits.h"
#include "util.h"
/*
* This verifies the string at position @str with size @size is properly
* zero-terminated and does not contain a 0-byte but at the end.
*/
static bool kdbus_str_valid(const char *str, size_t size)
{
return size > 0 && memchr(str, '\0', size) == str + size - 1;
}
/**
* kdbus_item_validate_name() - validate an item containing a name
* @item: Item to validate
*
* Return: zero on success or an negative error code on failure
*/
int kdbus_item_validate_name(const struct kdbus_item *item)
{
const char *name = item->str;
unsigned int i;
size_t len;
if (item->size < KDBUS_ITEM_HEADER_SIZE + 2)
return -EINVAL;
if (item->size > KDBUS_ITEM_HEADER_SIZE +
KDBUS_SYSNAME_MAX_LEN + 1)
return -ENAMETOOLONG;
if (!kdbus_str_valid(name, KDBUS_ITEM_PAYLOAD_SIZE(item)))
return -EINVAL;
len = strlen(name);
if (len == 0)
return -EINVAL;
for (i = 0; i < len; i++) {
if (isalpha(name[i]))
continue;
if (isdigit(name[i]))
continue;
if (name[i] == '_')
continue;
if (i > 0 && i + 1 < len && (name[i] == '-' || name[i] == '.'))
continue;
return -EINVAL;
}
return 0;
}
/**
* kdbus_item_validate() - validate a single item
* @item: item to validate
*
* Return: 0 if item is valid, negative error code if not.
*/
int kdbus_item_validate(const struct kdbus_item *item)
{
size_t payload_size = KDBUS_ITEM_PAYLOAD_SIZE(item);
size_t l;
int ret;
BUILD_BUG_ON(KDBUS_ITEM_HEADER_SIZE !=
sizeof(struct kdbus_item_header));
if (item->size < KDBUS_ITEM_HEADER_SIZE)
return -EINVAL;
switch (item->type) {
case KDBUS_ITEM_NEGOTIATE:
if (payload_size % sizeof(u64) != 0)
return -EINVAL;
break;
case KDBUS_ITEM_PAYLOAD_VEC:
if (payload_size != sizeof(struct kdbus_vec))
return -EINVAL;
if (item->vec.size == 0 || item->vec.size > SIZE_MAX)
return -EINVAL;
break;
case KDBUS_ITEM_PAYLOAD_OFF:
if (payload_size != sizeof(struct kdbus_vec))
return -EINVAL;
if (item->vec.size == 0 || item->vec.size > SIZE_MAX)
return -EINVAL;
break;
case KDBUS_ITEM_PAYLOAD_MEMFD:
if (payload_size != sizeof(struct kdbus_memfd))
return -EINVAL;
if (item->memfd.size == 0 || item->memfd.size > SIZE_MAX)
return -EINVAL;
if (item->memfd.fd < 0)
return -EBADF;
break;
case KDBUS_ITEM_FDS:
if (payload_size % sizeof(int) != 0)
return -EINVAL;
break;
case KDBUS_ITEM_CANCEL_FD:
if (payload_size != sizeof(int))
return -EINVAL;
break;
case KDBUS_ITEM_BLOOM_PARAMETER:
if (payload_size != sizeof(struct kdbus_bloom_parameter))
return -EINVAL;
break;
case KDBUS_ITEM_BLOOM_FILTER:
/* followed by the bloom-mask, depends on the bloom-size */
if (payload_size < sizeof(struct kdbus_bloom_filter))
return -EINVAL;
break;
case KDBUS_ITEM_BLOOM_MASK:
/* size depends on bloom-size of bus */
break;
case KDBUS_ITEM_CONN_DESCRIPTION:
case KDBUS_ITEM_MAKE_NAME:
ret = kdbus_item_validate_name(item);
if (ret < 0)
return ret;
break;
case KDBUS_ITEM_ATTACH_FLAGS_SEND:
case KDBUS_ITEM_ATTACH_FLAGS_RECV:
case KDBUS_ITEM_ID:
if (payload_size != sizeof(u64))
return -EINVAL;
break;
case KDBUS_ITEM_TIMESTAMP:
if (payload_size != sizeof(struct kdbus_timestamp))
return -EINVAL;
break;
case KDBUS_ITEM_CREDS:
if (payload_size != sizeof(struct kdbus_creds))
return -EINVAL;
break;
case KDBUS_ITEM_AUXGROUPS:
if (payload_size % sizeof(u32) != 0)
return -EINVAL;
break;
case KDBUS_ITEM_NAME:
case KDBUS_ITEM_DST_NAME:
case KDBUS_ITEM_PID_COMM:
case KDBUS_ITEM_TID_COMM:
case KDBUS_ITEM_EXE:
case KDBUS_ITEM_CMDLINE:
case KDBUS_ITEM_CGROUP:
case KDBUS_ITEM_SECLABEL:
if (!kdbus_str_valid(item->str, payload_size))
return -EINVAL;
break;
case KDBUS_ITEM_CAPS:
if (payload_size < sizeof(u32))
return -EINVAL;
if (payload_size < sizeof(u32) +
4 * CAP_TO_INDEX(item->caps.last_cap) * sizeof(u32))
return -EINVAL;
break;
case KDBUS_ITEM_AUDIT:
if (payload_size != sizeof(struct kdbus_audit))
return -EINVAL;
break;
case KDBUS_ITEM_POLICY_ACCESS:
if (payload_size != sizeof(struct kdbus_policy_access))
return -EINVAL;
break;
case KDBUS_ITEM_NAME_ADD:
case KDBUS_ITEM_NAME_REMOVE:
case KDBUS_ITEM_NAME_CHANGE:
if (payload_size < sizeof(struct kdbus_notify_name_change))
return -EINVAL;
l = payload_size - offsetof(struct kdbus_notify_name_change,
name);
if (l > 0 && !kdbus_str_valid(item->name_change.name, l))
return -EINVAL;
break;
case KDBUS_ITEM_ID_ADD:
case KDBUS_ITEM_ID_REMOVE:
if (payload_size != sizeof(struct kdbus_notify_id_change))
return -EINVAL;
break;
case KDBUS_ITEM_REPLY_TIMEOUT:
case KDBUS_ITEM_REPLY_DEAD:
if (payload_size != 0)
return -EINVAL;
break;
default:
break;
}
return 0;
}
/**
* kdbus_items_validate() - validate items passed by user-space
* @items: items to validate
* @items_size: number of items
*
* This verifies that the passed items pointer is consistent and valid.
* Furthermore, each item is checked for:
* - valid "size" value
* - payload is of expected type
* - payload is fully included in the item
* - string payloads are zero-terminated
*
* Return: 0 on success, negative error code on failure.
*/
int kdbus_items_validate(const struct kdbus_item *items, size_t items_size)
{
const struct kdbus_item *item;
int ret;
KDBUS_ITEMS_FOREACH(item, items, items_size) {
if (!KDBUS_ITEM_VALID(item, items, items_size))
return -EINVAL;
ret = kdbus_item_validate(item);
if (ret < 0)
return ret;
}
if (!KDBUS_ITEMS_END(item, items, items_size))
return -EINVAL;
return 0;
}
static struct kdbus_item *kdbus_items_get(const struct kdbus_item *items,
size_t items_size,
unsigned int item_type)
{
const struct kdbus_item *iter, *found = NULL;
KDBUS_ITEMS_FOREACH(iter, items, items_size) {
if (iter->type == item_type) {
if (found)
return ERR_PTR(-EEXIST);
found = iter;
}
}
return (struct kdbus_item *)found ? : ERR_PTR(-EBADMSG);
}
/**
* kdbus_items_get_str() - get string from a list of items
* @items: The items to walk
* @items_size: The size of all items
* @item_type: The item type to look for
*
* This function walks a list of items and searches for items of type
* @item_type. If it finds exactly one such item, @str_ret will be set to
* the .str member of the item.
*
* Return: the string, if the item was found exactly once, ERR_PTR(-EEXIST)
* if the item was found more than once, and ERR_PTR(-EBADMSG) if there was
* no item of the given type.
*/
const char *kdbus_items_get_str(const struct kdbus_item *items,
size_t items_size,
unsigned int item_type)
{
const struct kdbus_item *item;
item = kdbus_items_get(items, items_size, item_type);
return IS_ERR(item) ? ERR_CAST(item) : item->str;
}
/**
* kdbus_item_set() - Set item content
* @item: The item to modify
* @type: The item type to set (KDBUS_ITEM_*)
* @data: Data to copy to item->data, may be %NULL
* @len: Number of bytes in @data
*
* This sets type, size and data fields of an item. If @data is NULL, the data
* memory is cleared.
*
* Note that you must align your @data memory to 8 bytes. Trailing padding (in
* case @len is not 8byte aligned) is cleared by this call.
*
* Returns: Pointer to the following item.
*/
struct kdbus_item *kdbus_item_set(struct kdbus_item *item, u64 type,
const void *data, size_t len)
{
item->type = type;
item->size = KDBUS_ITEM_HEADER_SIZE + len;
if (data) {
memcpy(item->data, data, len);
memset(item->data + len, 0, KDBUS_ALIGN8(len) - len);
} else {
memset(item->data, 0, KDBUS_ALIGN8(len));
}
return KDBUS_ITEM_NEXT(item);
}