Bug 106183 - [PATCH] Fix is_valid_section_name always returning true
Summary: [PATCH] Fix is_valid_section_name always returning true
Status: RESOLVED MOVED
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: git master
Hardware: Other All
: medium normal
Assignee: D-Bus Maintainers
QA Contact: D-Bus Maintainers
URL:
Whiteboard: review-
Keywords: patch
Depends on:
Blocks:
 
Reported: 2018-04-23 07:08 UTC by Albert Astals Cid
Modified: 2018-10-12 21:34 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
The said patch (1.23 KB, patch)
2018-04-23 07:08 UTC, Albert Astals Cid
Details | Splinter Review

Description Albert Astals Cid 2018-04-23 07:08:17 UTC
Created attachment 138992 [details] [review]
The said patch

The if condition was

if (!((*name >= 'A' && *name <= 'Z') || (*name >= 'a' || *name <= 'z') ||
	    *name == '\n' || *name == '\t'))

which translates to

if ((!(*name >= 'A' && *name <= 'Z') && !(*name >= 'a' || *name <= 'z') &&
	    *name != '\n' && *name != '\t'))

which translates to

if (((*name < 'A' || *name > 'Z') && (*name < 'a' && *name > 'z') &&
	    *name != '\n' && *name != '\t'))

which will always be false since name can't be both smaller than a and bigger than z

Found by gcc
Comment 1 Philip Withnall 2018-04-23 12:31:26 UTC
Comment on attachment 138992 [details] [review]
The said patch

Review of attachment 138992 [details] [review]:
-----------------------------------------------------------------

This patch looks good to me, but it would be better to include some new unit tests to ensure this doesn’t regress (and that other bugs aren’t present).
Comment 2 Albert Astals Cid 2018-04-23 13:30:42 UTC
Yes, it would be better to have an autotest, but i don't really have time to write it. 

BTW i was thinking on how this can cause regressions when stuff that was previously "working" now is "correctly" rejected. 

Maybe the other option is just remove this if, since the code has been broken since 2003 and noone seems to have noticed yet.
Comment 3 Simon McVittie 2018-04-23 17:52:38 UTC
Comment on attachment 138992 [details] [review]
The said patch

Review of attachment 138992 [details] [review]:
-----------------------------------------------------------------

::: bus/desktop-file.c
@@ +386,1 @@
>  	    *name == '\n' || *name == '\t'))

The observant will notice that after it has been corrected, this condition does not allow the only section name that we ever use in practice, which is "D-BUS Service" (which spells D-Bus with an incorrect case combination for historical reasons), because that section name contains a dash and a space.

Sure enough, when this patch is applied, the unit tests fail.

There is also a comment:

+  /* 5. Group names may contain all ASCII characters except for control characters and '[' and ']'. */

which flatly contradicts the actual implementation (which appears to have been intended to accept A-Z, a-z, tab (?!) and newline (!) in these one-line section headings.

This function had one job... :-(

And, yes, this has been wrong since 2003.

I think we should probably be applying what the comment says, instead. That would mean we reject 0x00 to 0x1F (control characters), accept 0x20 to 0x7E (printable ASCII including space), and reject 0x7F (backspace) and 0x80 and up (non-ASCII).

If we change this then we should absolutely have (at least minimal) test coverage for it.
Comment 4 Simon McVittie 2018-04-23 17:54:49 UTC
(In reply to Simon McVittie from comment #3)
> would mean we reject 0x00 to 0x1F (control characters), accept 0x20 to 0x7E
> (printable ASCII including space)

... except for '[' and ']'.
Comment 5 GitLab Migration User 2018-10-12 21:34:38 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/208.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.