diff options
author | Roberto Hueso Gómez <rhueso@soleta.eu> | 2019-11-05 10:47:10 +0100 |
---|---|---|
committer | OpenGnSys Support Team <soporte-og@soleta.eu> | 2019-11-06 11:24:24 +0100 |
commit | 66ce511eb45529dac8c438e3f0e44bab6cd87763 (patch) | |
tree | 7b2a1ca2059c659084308bd0cd937d95fa9832fd | |
parent | 22469c65863da7a0b97c48fe82cf9701b3e83ebd (diff) |
#915 Validate POST /session REST API parameters
This patch ensures that all required parameters are sent in the request.
-rw-r--r-- | admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp b/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp index 5d17480c..cf06df52 100644 --- a/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp +++ b/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp @@ -3296,6 +3296,8 @@ struct og_msg_params { #define OG_REST_PARAM_MAC (1UL << 1) #define OG_REST_PARAM_WOL_TYPE (1UL << 2) #define OG_REST_PARAM_RUN_CMD (1UL << 3) +#define OG_REST_PARAM_DISK (1UL << 4) +#define OG_REST_PARAM_PARTITION (1UL << 5) static bool og_msg_params_validate(const struct og_msg_params *params, const uint64_t flags) @@ -3803,17 +3805,25 @@ static int og_cmd_session(json_t *element, struct og_msg_params *params) return -1; json_object_foreach(element, key, value) { - if (!strcmp(key, "clients")) + if (!strcmp(key, "clients")) { err = og_json_parse_clients(value, params); - else if (!strcmp(key, "disk")) + } else if (!strcmp(key, "disk")) { err = og_json_parse_string(value, ¶ms->disk); - else if (!strcmp(key, "partition")) + params->flags |= OG_REST_PARAM_DISK; + } else if (!strcmp(key, "partition")) { err = og_json_parse_string(value, ¶ms->partition); + params->flags |= OG_REST_PARAM_PARTITION; + } if (err < 0) return err; } + if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR | + OG_REST_PARAM_DISK | + OG_REST_PARAM_PARTITION)) + return -1; + for (i = 0; i < params->ips_array_len; i++) { snprintf(iph + strlen(iph), sizeof(iph), "%s;", params->ips_array[i]); |