Use DBusString for all relocation and install-root code

This means we handle OOM correctly, and makes it obvious
that we are not overflowing buffers. This change does not
affect the actual content of the strings.

Instead of redefining DBUS_DATADIR to be a function call
(which hides the fact that DBUS_DATADIR is used),
this patch makes each use explicit: DBUS_DATADIR
is always the #define from configure or cmake, before
replacing the prefix.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83539
Tested-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

5 files changed, 145 insertions, 100 deletions

diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index 06a790a8..9d220696 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -1272,17 +1272,18 @@ fail:
   return FALSE;
 }
 
-/*
- * replaces the term DBUS_PREFIX in configure_time_path by the
- * current dbus installation directory. On unix this function is a noop
+/**
+ * Replace the DBUS_PREFIX in the given path, in-place, by the
+ * current D-Bus installation directory. On Unix this function
+ * does nothing, successfully.
  *
- * @param configure_time_path
- * @return real path
+ * @param path path to edit
+ * @return #FALSE on OOM
  */
-const char *
-_dbus_replace_install_prefix (const char *configure_time_path)
+dbus_bool_t
+_dbus_replace_install_prefix (DBusString *path)
 {
-  return configure_time_path;
+  return TRUE;
 }
 
 #define DBUS_UNIX_STANDARD_SESSION_SERVICEDIR "/dbus-1/services"
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c
index 96100d49..71296fa8 100644
--- a/dbus/dbus-sysdeps-util-win.c
+++ b/dbus/dbus-sysdeps-util-win.c
@@ -1469,73 +1469,68 @@ _dbus_command_for_pid (unsigned long  pid,
   return FALSE;
 }
 
-/*
- * replaces the term DBUS_PREFIX in configure_time_path by the
- * current dbus installation directory. On unix this function is a noop
+/**
+ * Replace the DBUS_PREFIX in the given path, in-place, by the
+ * current D-Bus installation directory. On Unix this function
+ * does nothing, successfully.
  *
- * @param configure_time_path
- * @return real path
+ * @param path path to edit
+ * @return #FALSE on OOM
  */
-const char *
-_dbus_replace_install_prefix (const char *configure_time_path)
+dbus_bool_t
+_dbus_replace_install_prefix (DBusString *path)
 {
 #ifndef DBUS_PREFIX
-  return configure_time_path;
+  /* leave path unchanged */
+  return TRUE;
 #else
-  static char retval[1000];
-  static char runtime_prefix[1000];
-  int len = 1000;
+  DBusString runtime_prefix;
   int i;
 
-  if (!configure_time_path)
-    return NULL;
-
-  if ((!_dbus_get_install_root(runtime_prefix, len) ||
-       strncmp (configure_time_path, DBUS_PREFIX "/",
-                strlen (DBUS_PREFIX) + 1))) {
-     strncpy (retval, configure_time_path, sizeof (retval) - 1);
-     /* strncpy does not guarantee to 0-terminate the string */
-     retval[sizeof (retval) - 1] = '\0';
-  } else {
-     size_t remaining;
-
-     strncpy (retval, runtime_prefix, sizeof (retval) - 1);
-     retval[sizeof (retval) - 1] = '\0';
-     remaining = sizeof (retval) - 1 - strlen (retval);
-     strncat (retval,
-         configure_time_path + strlen (DBUS_PREFIX) + 1,
-         remaining);
-  }
+  if (!_dbus_string_init (&runtime_prefix))
+    return FALSE;
+
+  if (!_dbus_get_install_root (&runtime_prefix))
+    {
+      _dbus_string_free (&runtime_prefix);
+      return FALSE;
+    }
+
+  if (_dbus_string_get_length (&runtime_prefix) == 0)
+    {
+      /* cannot determine install root, leave path unchanged */
+      _dbus_string_free (&runtime_prefix);
+      return TRUE;
+    }
+
+  if (_dbus_string_starts_with_c_str (path, DBUS_PREFIX "/"))
+    {
+      /* Replace DBUS_PREFIX "/" with runtime_prefix.
+       * Note unusual calling convention: source is first, then dest */
+      if (!_dbus_string_replace_len (
+            &runtime_prefix, 0, _dbus_string_get_length (&runtime_prefix),
+            path, 0, strlen (DBUS_PREFIX) + 1))
+        {
+          _dbus_string_free (&runtime_prefix);
+          return FALSE;
+        }
+    }
 
   /* Somehow, in some situations, backslashes get collapsed in the string.
    * Since windows C library accepts both forward and backslashes as
    * path separators, convert all backslashes to forward slashes.
    */
 
-  for(i = 0; retval[i] != '\0'; i++) {
-    if(retval[i] == '\\')
-      retval[i] = '/';
-  }
-  return retval;
-#endif
-}
-
-/**
- * return the relocated DATADIR
- *
- * @returns relocated DATADIR static string
- */
+  for (i = 0; i < _dbus_string_get_length (path); i++)
+    {
+      if (_dbus_string_get_byte (path, i) == '\\')
+        _dbus_string_set_byte (path, i, '/');
+    }
 
-static const char *
-_dbus_windows_get_datadir (void)
-{
-	return _dbus_replace_install_prefix(DBUS_DATADIR);
+  return TRUE;
+#endif
 }
 
-#undef DBUS_DATADIR
-#define DBUS_DATADIR _dbus_windows_get_datadir ()
-
-
 #define DBUS_STANDARD_SESSION_SERVICEDIR "/dbus-1/services"
 #define DBUS_STANDARD_SYSTEM_SERVICEDIR "/dbus-1/system-services"
 
@@ -1583,23 +1578,40 @@ _dbus_get_standard_session_servicedirs (DBusList **dirs)
  the code for accessing services requires absolute base pathes
  in case DBUS_DATADIR is relative make it absolute
 */
-#ifdef DBUS_WIN
   {
     DBusString p;
 
-    _dbus_string_init_const (&p, DBUS_DATADIR);
+    if (!_dbus_string_init (&p))
+      goto oom;
+
+    if (!_dbus_string_append (&p, DBUS_DATADIR) ||
+        !_dbus_replace_install_prefix (&p))
+      {
+        _dbus_string_free (&p);
+        goto oom;
+      }
 
     if (!_dbus_path_is_absolute (&p))
       {
-        char install_root[1000];
-        if (_dbus_get_install_root (install_root, sizeof(install_root)))
-          if (!_dbus_string_append (&servicedir_path, install_root))
+        /* this only works because this is the first thing in the
+         * servicedir_path; if it wasn't, we'd have to use a temporary
+         * string and copy it in */
+        if (!_dbus_get_install_root (&servicedir_path))
+          {
+            _dbus_string_free (&p);
             goto oom;
+          }
       }
+
+    if (!_dbus_string_append (&servicedir_path,
+          _dbus_string_get_const_data (&p)))
+      {
+        _dbus_string_free (&p);
+        goto oom;
+      }
+
+    _dbus_string_free (&p);
   }
-#endif
-  if (!_dbus_string_append (&servicedir_path, DBUS_DATADIR))
-    goto oom;
 
   if (!_dbus_string_append (&servicedir_path, _DBUS_PATH_SEPARATOR))
     goto oom;
@@ -1660,7 +1672,8 @@ _dbus_get_config_file_name (DBusString *str,
 {
   DBusString tmp;
 
-  if (!_dbus_string_append (str, _dbus_windows_get_datadir ()))
+  if (!_dbus_string_append (str, DBUS_DATADIR) ||
+      !_dbus_replace_install_prefix (str))
     return FALSE;
 
   _dbus_string_init_const (&tmp, "dbus-1");
diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c
index 69644b00..7ddb7fdc 100644
--- a/dbus/dbus-sysdeps-win.c
+++ b/dbus/dbus-sysdeps-win.c
@@ -2812,15 +2812,12 @@ _dbus_get_install_root_as_hash(DBusString *out)
 {
     DBusString install_path;
 
-    char path[MAX_PATH*2];
-    int path_size = sizeof(path);
+    _dbus_string_init(&install_path);
 
-    if (!_dbus_get_install_root(path,path_size))
+    if (!_dbus_get_install_root (&install_path) ||
+        _dbus_string_get_length (&install_path) == 0)
         return FALSE;
 
-    _dbus_string_init(&install_path);
-    _dbus_string_append(&install_path,path);
-
     _dbus_string_init(out);
     _dbus_string_tolower_ascii(&install_path,0,_dbus_string_get_length(&install_path));
 
@@ -3288,34 +3285,73 @@ _dbus_get_is_errno_eagain_or_ewouldblock (int e)
 }
 
 /**
- * return the absolute path of the dbus installation 
+ * Fill str with the absolute path of the D-Bus installation, or truncate str
+ * to zero length if we cannot determine it.
  *
- * @param prefix buffer for installation path
- * @param len length of buffer
- * @returns #FALSE on failure
+ * @param str buffer for installation path
+ * @returns #FALSE on OOM, #TRUE if not OOM
  */
 dbus_bool_t
-_dbus_get_install_root(char *prefix, int len)
+_dbus_get_install_root (DBusString *str)
 {
-    //To find the prefix, we cut the filename and also \bin\ if present
-    DWORD pathLength;
+    /* this is just an initial guess */
+    DWORD pathLength = MAX_PATH;
     char *lastSlash;
-    SetLastError( 0 );
-    pathLength = GetModuleFileNameA(_dbus_win_get_dll_hmodule(), prefix, len);
-    if ( pathLength == 0 || GetLastError() != 0 ) {
-        *prefix = '\0';
-        return FALSE;
-    }
+    char *prefix;
+
+    do
+      {
+        /* allocate enough space for our best guess at the length */
+        if (!_dbus_string_set_length (str, pathLength))
+          {
+            _dbus_string_set_length (str, 0);
+            return FALSE;
+          }
+
+        SetLastError (0);
+        pathLength = GetModuleFileNameA (_dbus_win_get_dll_hmodule (),
+            _dbus_string_get_data (str), _dbus_string_get_length (str));
+
+        if (pathLength == 0 || GetLastError () != 0)
+          {
+            /* failed, but not OOM */
+            _dbus_string_set_length (str, 0);
+            return TRUE;
+          }
+
+        /* if the return is strictly less than the buffer size, it has
+         * not been truncated, so we can continue */
+        if (pathLength < (DWORD) _dbus_string_get_length (str))
+          {
+            /* reduce the length to match what Windows filled in */
+            if (!_dbus_string_set_length (str, pathLength))
+              {
+                _dbus_string_set_length (str, 0);
+                return FALSE;
+              }
+
+            break;
+          }
+
+        /* else it may have been truncated; try with a larger buffer */
+        pathLength *= 2;
+      }
+    while (TRUE);
+
+    /* the rest of this function works by direct byte manipulation of the
+     * underlying buffer */
+    prefix = _dbus_string_get_data (str);
+
     lastSlash = _mbsrchr(prefix, '\\');
     if (lastSlash == NULL) {
-        *prefix = '\0';
-        return FALSE;
+        /* failed, but not OOM */
+        _dbus_string_set_length (str, 0);
+        return TRUE;
     }
     //cut off binary name
     lastSlash[1] = 0;
 
     //cut possible "\\bin"
-
     //this fails if we are in a double-byte system codepage and the
     //folder's name happens to end with the *bytes*
     //"\\bin"... (I.e. the second byte of some Han character and then
@@ -3327,6 +3363,9 @@ _dbus_get_install_root(char *prefix, int len)
     else if (lastSlash - prefix >= 12 && strnicmp(lastSlash - 12, "\\bin\\release", 12) == 0)
         lastSlash[-11] = 0;
 
+    /* fix up the length to match the byte-manipulation */
+    _dbus_string_set_length (str, strlen (prefix));
+
     return TRUE;
 }
 
diff --git a/dbus/dbus-sysdeps-win.h b/dbus/dbus-sysdeps-win.h
index e9b30d7a..0b5d8f03 100644
--- a/dbus/dbus-sysdeps-win.h
+++ b/dbus/dbus-sysdeps-win.h
@@ -85,7 +85,7 @@ _dbus_win_sid_to_name_and_domain (dbus_uid_t uid,
 dbus_bool_t _dbus_file_exists (const char *filename);
 
 DBUS_PRIVATE_EXPORT
-dbus_bool_t _dbus_get_install_root(char *prefix, int len);
+dbus_bool_t _dbus_get_install_root (DBusString *str);
 
 void        _dbus_threads_windows_init_global (void);
 void        _dbus_threads_windows_ensure_ctor_linked (void);
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index fb338df9..bd0356e3 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -647,15 +647,7 @@ dbus_bool_t _dbus_change_to_daemon_user (const char *user,
 DBUS_PRIVATE_EXPORT
 void _dbus_flush_caches (void);
 
-/*
- * replaces the term DBUS_PREFIX in configure_time_path by the
- * current dbus installation directory. On unix this function is a noop
- *
- * @param configure_time_path
- * @return real path
- */
-const char *
-_dbus_replace_install_prefix (const char *configure_time_path);
+dbus_bool_t _dbus_replace_install_prefix (DBusString *path);
 
 /* Do not set this too high: it is a denial-of-service risk.
  * See <https://bugs.freedesktop.org/show_bug.cgi?id=82820>