From 7c5628e8eed8cd06579917a7476b8f7f125a7289 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Fri, 15 Apr 2011 13:32:48 +0100
Subject: [PATCH] new test for being disconnected by a corrupt message stream

This was meant to reproduce fd.o #15578, but doesn't; the cause of that
bug isn't this simple.
---
 test/.gitignore  |    1 +
 test/Makefile.am |    8 ++
 test/corrupt.c   |  271 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 280 insertions(+), 0 deletions(-)
 create mode 100644 test/corrupt.c

diff --git a/test/.gitignore b/test/.gitignore
index d63568d..77f38e5 100644
--- a/test/.gitignore
+++ b/test/.gitignore
@@ -15,6 +15,7 @@ unbase64
 *.gcov
 break-loader
 spawn-test
+test-corrupt
 test-exit
 test-segfault
 test-service
diff --git a/test/Makefile.am b/test/Makefile.am
index bb57226..a9db388 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -73,6 +73,7 @@ spawn_test_LDFLAGS=@R_DYNAMIC_LDFLAG@
 EXTRA_DIST=
 
 modular_tests = \
+	test-corrupt \
 	test-dbus-daemon \
 	test-loopback \
 	test-relay
@@ -89,6 +90,13 @@ TESTS_ENVIRONMENT = \
 	DBUS_TEST_DAEMON=@abs_top_builddir@/bus/dbus-daemon$(EXEEXT) \
 	DBUS_TEST_DATA=@abs_top_builddir@/test/data
 
+test_corrupt_SOURCES = corrupt.c
+test_corrupt_CPPFLAGS = $(GLIB_CFLAGS) $(DBUS_GLIB_CFLAGS)
+test_corrupt_LDFLAGS = @R_DYNAMIC_LDFLAG@
+test_corrupt_LDADD = $(top_builddir)/dbus/libdbus-1.la \
+    $(GLIB_LIBS) \
+    $(DBUS_GLIB_LIBS)
+
 test_loopback_SOURCES = loopback.c
 test_loopback_CPPFLAGS = $(GLIB_CFLAGS) $(DBUS_GLIB_CFLAGS)
 test_loopback_LDFLAGS = @R_DYNAMIC_LDFLAG@
diff --git a/test/corrupt.c b/test/corrupt.c
new file mode 100644
index 0000000..728dc6a
--- /dev/null
+++ b/test/corrupt.c
@@ -0,0 +1,271 @@
+/* Regression test for being disconnected by a corrupt message (fd.o #15578)
+ *
+ * Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
+ * Copyright © 2010-2011 Nokia Corporation
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <glib.h>
+#include <gio/gio.h>
+
+#include <dbus/dbus.h>
+#include <dbus/dbus-glib-lowlevel.h>
+
+typedef struct {
+    DBusError e;
+
+    DBusServer *server;
+    DBusConnection *server_conn;
+    /* queue of DBusMessage */
+    GQueue client_messages;
+
+    DBusConnection *client_conn;
+} Fixture;
+
+static void
+assert_no_error (const DBusError *e)
+{
+  if (G_UNLIKELY (dbus_error_is_set (e)))
+    g_error ("expected success but got error: %s: %s", e->name, e->message);
+}
+
+static DBusHandlerResult
+client_message_cb (DBusConnection *client_conn,
+    DBusMessage *message,
+    void *data)
+{
+  Fixture *f = data;
+
+  g_assert (client_conn == f->client_conn);
+  g_queue_push_tail (&f->client_messages, dbus_message_ref (message));
+
+  return DBUS_HANDLER_RESULT_HANDLED;
+}
+
+static void
+new_conn_cb (DBusServer *server,
+    DBusConnection *server_conn,
+    void *data)
+{
+  Fixture *f = data;
+
+  g_assert (f->server_conn == NULL);
+  f->server_conn = dbus_connection_ref (server_conn);
+  dbus_connection_setup_with_g_main (server_conn, NULL);
+}
+
+static void
+setup (Fixture *f,
+    gconstpointer addr)
+{
+  dbus_error_init (&f->e);
+  g_queue_init (&f->client_messages);
+
+  f->server = dbus_server_listen (addr, &f->e);
+  assert_no_error (&f->e);
+  g_assert (f->server != NULL);
+
+  dbus_server_set_new_connection_function (f->server,
+      new_conn_cb, f, NULL);
+  dbus_server_setup_with_g_main (f->server, NULL);
+}
+
+static void
+test_connect (Fixture *f,
+    gconstpointer addr G_GNUC_UNUSED)
+{
+  dbus_bool_t have_mem;
+
+  g_assert (f->server_conn == NULL);
+
+  f->client_conn = dbus_connection_open_private (
+      dbus_server_get_address (f->server), &f->e);
+  assert_no_error (&f->e);
+  g_assert (f->client_conn != NULL);
+  dbus_connection_setup_with_g_main (f->client_conn, NULL);
+
+  while (f->server_conn == NULL)
+    {
+      g_print (".");
+      g_main_context_iteration (NULL, TRUE);
+    }
+
+  have_mem = dbus_connection_add_filter (f->client_conn,
+      client_message_cb, f, NULL);
+  g_assert (have_mem);
+}
+
+static void
+test_message (Fixture *f,
+    gconstpointer addr)
+{
+  dbus_bool_t have_mem;
+  dbus_uint32_t serial;
+  DBusMessage *outgoing, *incoming;
+
+  test_connect (f, addr);
+
+  outgoing = dbus_message_new_signal ("/com/example/Hello",
+      "com.example.Hello", "Greeting");
+  g_assert (outgoing != NULL);
+
+  have_mem = dbus_connection_send (f->server_conn, outgoing, &serial);
+  g_assert (have_mem);
+  g_assert (serial != 0);
+
+  while (g_queue_is_empty (&f->client_messages))
+    {
+      g_print (".");
+      g_main_context_iteration (NULL, TRUE);
+    }
+
+  g_assert_cmpuint (g_queue_get_length (&f->client_messages), ==, 1);
+
+  incoming = g_queue_pop_head (&f->client_messages);
+
+  g_assert (!dbus_message_contains_unix_fds (incoming));
+  g_assert_cmpstr (dbus_message_get_destination (incoming), ==, NULL);
+  g_assert_cmpstr (dbus_message_get_error_name (incoming), ==, NULL);
+  g_assert_cmpstr (dbus_message_get_interface (incoming), ==,
+      "com.example.Hello");
+  g_assert_cmpstr (dbus_message_get_member (incoming), ==, "Greeting");
+  g_assert_cmpstr (dbus_message_get_sender (incoming), ==, NULL);
+  g_assert_cmpstr (dbus_message_get_signature (incoming), ==, "");
+  g_assert_cmpstr (dbus_message_get_path (incoming), ==, "/com/example/Hello");
+  g_assert_cmpuint (dbus_message_get_serial (incoming), ==, serial);
+
+  dbus_message_unref (incoming);
+
+  dbus_message_unref (outgoing);
+}
+
+/* Enough bytes for it to be obvious that this connection is broken */
+#define CORRUPT_LEN 1024
+
+/* All-zero is not a valid D-Bus message header - for a start, this is
+ * protocol version 1, not 0 */
+static const gchar not_a_dbus_message[CORRUPT_LEN] = { 0 };
+
+static void
+test_corrupt (Fixture *f,
+    gconstpointer addr)
+{
+  GSocket *socket;
+  GError *gerror = NULL;
+  int fd;
+  gssize len, total_sent;
+  DBusMessage *incoming;
+
+  test_message (f, addr);
+
+  dbus_connection_flush (f->server_conn);
+
+  /* OK, now the connection is working, let's break it! Don't try this
+   * at home; splicing arbitrary bytes into the middle of the stream is
+   * specifically documented as not a valid thing to do. Who'd have thought? */
+  if (!dbus_connection_get_socket (f->server_conn, &fd))
+    g_error ("failed to steal fd from server connection");
+
+  socket = g_socket_new_from_fd (fd, &gerror);
+  g_assert_no_error (gerror);
+  g_assert (socket != NULL);
+
+  total_sent = 0;
+
+  while (total_sent < CORRUPT_LEN)
+    {
+      len = g_socket_send_with_blocking (socket, not_a_dbus_message,
+          CORRUPT_LEN, TRUE, NULL, &gerror);
+      g_assert_no_error (gerror);
+      g_assert (len >= 0);
+      total_sent += len;
+    }
+
+  /* Now spin on the client connection: the server just sent it complete
+   * rubbish, so it should disconnect */
+  while (g_queue_is_empty (&f->client_messages))
+    {
+      g_print (".");
+      g_main_context_iteration (NULL, TRUE);
+    }
+
+  incoming = g_queue_pop_head (&f->client_messages);
+
+  g_assert (!dbus_message_contains_unix_fds (incoming));
+  g_assert_cmpstr (dbus_message_get_destination (incoming), ==, NULL);
+  g_assert_cmpstr (dbus_message_get_error_name (incoming), ==, NULL);
+  g_assert_cmpstr (dbus_message_get_interface (incoming), ==,
+      "org.freedesktop.DBus.Local");
+  g_assert_cmpstr (dbus_message_get_member (incoming), ==, "Disconnected");
+  g_assert_cmpstr (dbus_message_get_sender (incoming), ==, NULL);
+  g_assert_cmpstr (dbus_message_get_signature (incoming), ==, "");
+  g_assert_cmpstr (dbus_message_get_path (incoming), ==,
+      "/org/freedesktop/DBus/Local");
+
+  dbus_message_unref (incoming);
+}
+
+static void
+teardown (Fixture *f,
+    gconstpointer addr G_GNUC_UNUSED)
+{
+  if (f->client_conn != NULL)
+    {
+      dbus_connection_close (f->client_conn);
+      dbus_connection_unref (f->client_conn);
+      f->client_conn = NULL;
+    }
+
+  if (f->server_conn != NULL)
+    {
+      dbus_connection_close (f->server_conn);
+      dbus_connection_unref (f->server_conn);
+      f->server_conn = NULL;
+    }
+
+  if (f->server != NULL)
+    {
+      dbus_server_disconnect (f->server);
+      dbus_server_unref (f->server);
+      f->server = NULL;
+    }
+}
+
+int
+main (int argc,
+    char **argv)
+{
+  g_test_init (&argc, &argv, NULL);
+  g_type_init ();
+
+  g_test_add ("/corrupt/tcp", Fixture, "tcp:host=127.0.0.1", setup,
+      test_corrupt, teardown);
+
+#ifdef DBUS_UNIX
+  g_test_add ("/corrupt/unix", Fixture, "unix:tmpdir=/tmp", setup,
+      test_corrupt, teardown);
+#endif
+
+  return g_test_run ();
+}
-- 
1.7.4.1