mirrors/wayland
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/wayland/wayland.git synced 2025-10-29 05:40:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

connection: Reject strings containing NUL bytes

Browse source 
libwayland cannot construct these messages as it uses strlen() to
determine string lengths.  libwayland is also guaranteed to misinterpret
these messages, since message handlers only get a pointer and no length.
Therefore, reject strings containing NUL bytes.

Also remove a redundant check from the unmarshalling code.  The
zero-length case has already been checked for.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
This commit is contained in:
Demi Marie Obenour 2024-07-24 21:20:12 -04:00 committed by Simon Ser
parent 0239b082b9
commit 6c4a695045
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/connection.c
View file

@ -975,7 +975,7 @@ wl_connection_demarshal(struct wl_connection *connection,
s = (char *) p;
if (length > 0 && s[length - 1] != '\0') {
if (s[length - 1] != '\0') {
wl_log("string not nul-terminated, "
"message %s(%s)\n",
message->name, message->signature);
@ -983,6 +983,14 @@ wl_connection_demarshal(struct wl_connection *connection,
goto err;
}
if (strlen(s) != length - 1) {
wl_log("string has embedded nul at offset %zu, "
"message %s(%s)\n", strlen(s),
message->name, message->signature);
errno = EINVAL;
goto err;
}
closure->args[i].s = s;
p = next;
break;