summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoberto Hueso Gómez <rhueso@soleta.eu>2019-11-05 10:47:10 +0100
committerOpenGnSys Support Team <soporte-og@soleta.eu>2019-11-06 11:24:24 +0100
commit66ce511eb45529dac8c438e3f0e44bab6cd87763 (patch)
tree7b2a1ca2059c659084308bd0cd937d95fa9832fd
parent22469c65863da7a0b97c48fe82cf9701b3e83ebd (diff)
#915 Validate POST /session REST API parameters
This patch ensures that all required parameters are sent in the request.
-rw-r--r--admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp16
1 files changed, 13 insertions, 3 deletions
diff --git a/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp b/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp
index 5d17480c..cf06df52 100644
--- a/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp
+++ b/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp
@@ -3296,6 +3296,8 @@ struct og_msg_params {
#define OG_REST_PARAM_MAC (1UL << 1)
#define OG_REST_PARAM_WOL_TYPE (1UL << 2)
#define OG_REST_PARAM_RUN_CMD (1UL << 3)
+#define OG_REST_PARAM_DISK (1UL << 4)
+#define OG_REST_PARAM_PARTITION (1UL << 5)
static bool og_msg_params_validate(const struct og_msg_params *params,
const uint64_t flags)
@@ -3803,17 +3805,25 @@ static int og_cmd_session(json_t *element, struct og_msg_params *params)
return -1;
json_object_foreach(element, key, value) {
- if (!strcmp(key, "clients"))
+ if (!strcmp(key, "clients")) {
err = og_json_parse_clients(value, params);
- else if (!strcmp(key, "disk"))
+ } else if (!strcmp(key, "disk")) {
err = og_json_parse_string(value, &params->disk);
- else if (!strcmp(key, "partition"))
+ params->flags |= OG_REST_PARAM_DISK;
+ } else if (!strcmp(key, "partition")) {
err = og_json_parse_string(value, &params->partition);
+ params->flags |= OG_REST_PARAM_PARTITION;
+ }
if (err < 0)
return err;
}
+ if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR |
+ OG_REST_PARAM_DISK |
+ OG_REST_PARAM_PARTITION))
+ return -1;
+
for (i = 0; i < params->ips_array_len; i++) {
snprintf(iph + strlen(iph), sizeof(iph), "%s;",
params->ips_array[i]);