connection: Reject strings containing NUL bytes

libwayland cannot construct these messages as it uses strlen() to
determine string lengths.  libwayland is also guaranteed to misinterpret
these messages, since message handlers only get a pointer and no length.
Therefore, reject strings containing NUL bytes.

Also remove a redundant check from the unmarshalling code.  The
zero-length case has already been checked for.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/src/connection.c b/src/connection.c
index e1b751a..6b28d21 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -975,7 +975,7 @@ wl_connection_demarshal(struct wl_connection *connection,
 
 			s = (char *) p;
 
-			if (length > 0 && s[length - 1] != '\0') {
+			if (s[length - 1] != '\0') {
 				wl_log("string not nul-terminated, "
 				       "message %s(%s)\n",
 				       message->name, message->signature);
@@ -983,6 +983,14 @@ wl_connection_demarshal(struct wl_connection *connection,
 				goto err;
 			}
 
+			if (strlen(s) != length - 1) {
+				wl_log("string has embedded nul at offset %zu, "
+				       "message %s(%s)\n", strlen(s),
+				       message->name, message->signature);
+				errno = EINVAL;
+				goto err;
+			}
+
 			closure->args[i].s = s;
 			p = next;
 			break;