VirtualBox

Changeset 93891 in vbox for trunk/include/VBox/HostServices


Ignore:
Timestamp:
Feb 22, 2022 6:08:39 PM (3 years ago)
Author:
vboxsync
Message:

Main: Guest Properties: improved property name and value validation, bugref:10185.

This commit also prevents guest properties loss if they were set while VM was running.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/VBox/HostServices/GuestPropertySvc.h

    r93115 r93891  
    6666#define GUEST_PROP_F_ALLFLAGS         (GUEST_PROP_F_TRANSIENT | GUEST_PROP_F_READONLY | GUEST_PROP_F_TRANSRESET)
    6767/** @} */
     68
     69/**
     70 * Check that a string fits our criteria for a property name.
     71 *
     72 * @returns IPRT status code
     73 * @param   pszName   the string to check, must be valid Utf8
     74 * @param   cbName    the number of bytes @a pszName points to, including the terminating character.
     75 */
     76DECLINLINE(int) GuestPropValidateName(const char *pszName, uint32_t cbName)
     77{
     78    /* Property name is expected to be at least 1 charecter long plus terminating character. */
     79    AssertReturn(cbName >= 2, VERR_INVALID_PARAMETER);
     80    AssertReturn(cbName < GUEST_PROP_MAX_NAME_LEN, VERR_INVALID_PARAMETER);
     81
     82    AssertPtrReturn(pszName, VERR_INVALID_POINTER);
     83
     84    AssertReturn(memchr(pszName, '*', cbName) == NULL, VERR_INVALID_PARAMETER);
     85    AssertReturn(memchr(pszName, '?', cbName) == NULL, VERR_INVALID_PARAMETER);
     86    AssertReturn(memchr(pszName, '|', cbName) == NULL, VERR_INVALID_PARAMETER);
     87
     88    return VINF_SUCCESS;
     89}
     90
     91/**
     92 * Check a string fits our criteria for the value of a guest property.
     93 *
     94 * @returns IPRT status code
     95 * @param   pszValue  the string to check, must be valid Utf8
     96 * @param   cbValue   the length in bytes of @a pszValue, including the
     97 *                    terminator
     98 * @thread  HGCM
     99 */
     100DECLINLINE(int) GuestPropValidateValue(const char *pszValue, uint32_t cbValue)
     101{
     102    AssertPtrReturn(pszValue, VERR_INVALID_POINTER);
     103
     104    /* Zero-length values are possible, however buffer should contain terminating character at least. */
     105    AssertReturn(cbValue > 0, VERR_INVALID_PARAMETER);
     106    AssertReturn(cbValue < GUEST_PROP_MAX_VALUE_LEN, VERR_INVALID_PARAMETER);
     107
     108    return VINF_SUCCESS;
     109}
    68110
    69111/**
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette