diff options
author | Thiago Macieira <thiago.macieira@nokia.com> | 2009-06-28 22:28:48 (GMT) |
---|---|---|
committer | Thiago Macieira <thiago.macieira@nokia.com> | 2009-06-28 22:28:48 (GMT) |
commit | e851be3ae78b54cd5b0391436563dcc81c6e8817 (patch) | |
tree | 5b0172415f238dee4414afa6762b73a48b4bf193 | |
parent | 0ba6f323f310f982fa96da69fd3fd02e202a042b (diff) | |
download | Qt-e851be3ae78b54cd5b0391436563dcc81c6e8817.zip Qt-e851be3ae78b54cd5b0391436563dcc81c6e8817.tar.gz Qt-e851be3ae78b54cd5b0391436563dcc81c6e8817.tar.bz2 |
Don't crash in libdbus-1 because of invalid parameters.
Some QDBusAbstractInterface can have empty paths or service names, for
wildcard purposes. If someone tries to make a call using those
interfaces, the application crashes.
So check for the invalid conditions and don't make the call. If we
return 0 here, the message-sending code will generate an error in
QDBusConnectionPrivate.
Reviewed-by: TrustMe
-rw-r--r-- | src/dbus/qdbusmessage.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/dbus/qdbusmessage.cpp b/src/dbus/qdbusmessage.cpp index 47dd34b..9150295 100644 --- a/src/dbus/qdbusmessage.cpp +++ b/src/dbus/qdbusmessage.cpp @@ -108,8 +108,11 @@ DBusMessage *QDBusMessagePrivate::toDBusMessage(const QDBusMessage &message) //qDebug() << "QDBusMessagePrivate::toDBusMessage" << "message is invalid"; break; case DBUS_MESSAGE_TYPE_METHOD_CALL: - msg = q_dbus_message_new_method_call(data(d_ptr->service.toUtf8()), data(d_ptr->path.toUtf8()), - data(d_ptr->interface.toUtf8()), data(d_ptr->name.toUtf8())); + // only interface can be empty + if (d_ptr->service.isEmpty() || d_ptr->path.isEmpty() || d_ptr->name.isEmpty()) + break; + msg = q_dbus_message_new_method_call(d_ptr->service.toUtf8(), d_ptr->path.toUtf8(), + data(d_ptr->interface.toUtf8()), d_ptr->name.toUtf8()); break; case DBUS_MESSAGE_TYPE_METHOD_RETURN: msg = q_dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); @@ -119,16 +122,22 @@ DBusMessage *QDBusMessagePrivate::toDBusMessage(const QDBusMessage &message) } break; case DBUS_MESSAGE_TYPE_ERROR: + // error name can't be empty + if (d_ptr->name.isEmpty()) + break; msg = q_dbus_message_new(DBUS_MESSAGE_TYPE_ERROR); - q_dbus_message_set_error_name(msg, data(d_ptr->name.toUtf8())); + q_dbus_message_set_error_name(msg, d_ptr->name.toUtf8()); if (!d_ptr->localMessage) { q_dbus_message_set_destination(msg, q_dbus_message_get_sender(d_ptr->reply)); q_dbus_message_set_reply_serial(msg, q_dbus_message_get_serial(d_ptr->reply)); } break; case DBUS_MESSAGE_TYPE_SIGNAL: - msg = q_dbus_message_new_signal(data(d_ptr->path.toUtf8()), data(d_ptr->interface.toUtf8()), - data(d_ptr->name.toUtf8())); + // nothing can be empty here + if (d_ptr->path.isEmpty() || d_ptr->interface.isEmpty() || d_ptr->name.isEmpty()) + break; + msg = q_dbus_message_new_signal(d_ptr->path.toUtf8(), d_ptr->interface.toUtf8(), + d_ptr->name.toUtf8()); break; default: Q_ASSERT(false); |