summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJose M. Guisado <jguisado@soleta.eu>2023-06-05 18:12:24 +0200
committerJose M. Guisado <jguisado@soleta.eu>2023-06-07 18:32:33 +0200
commit92f83c0385281c1d1e7996fc76c071e782ea6939 (patch)
tree008a101f922032be39b7ba4e25573cd3603d5b37
parent8cf02475ba7714ef7b4117ff2032fc90784e60f2 (diff)
client: harden og_resp_refresh
Harden refresh response logic. Check for necessary JSON fields inside the payload. Check if serial_number is null before calling strlen, prevent ogServer from a malformed refresh response with missing serial_number. Refresh uses legacy function actualizaConfiguracion that takes a long string with the computers configuration (serialno, partitions, disks, link speed and status). Check for an empty string before executing any legacy code inside actualizaConfiguracion.
-rw-r--r--src/client.c6
-rw-r--r--src/ogAdmServer.c6
2 files changed, 11 insertions, 1 deletions
diff --git a/src/client.c b/src/client.c
index 36e2565..67c6a2e 100644
--- a/src/client.c
+++ b/src/client.c
@@ -420,6 +420,10 @@ static int og_resp_refresh(json_t *data, struct og_client *cli)
if (link)
cli->speed = link;
+ /*
+ * status is the only received field when the response is coming from a
+ * client using linux/windows mode.
+ */
if (status) {
if (!strncmp(status, "LINUX", strlen("LINUX"))) {
cli->status = OG_CLIENT_STATUS_LINUX;
@@ -429,7 +433,7 @@ static int og_resp_refresh(json_t *data, struct og_client *cli)
return 0;
}
- if (strlen(serial_number) > 0)
+ if (serial_number && strlen(serial_number) > 0)
snprintf(cfg, sizeof(cfg), "ser=%s\n", serial_number);
for (i = 0; i < OG_DISK_MAX; i++) {
diff --git a/src/ogAdmServer.c b/src/ogAdmServer.c
index 8c6702f..6f4f704 100644
--- a/src/ogAdmServer.c
+++ b/src/ogAdmServer.c
@@ -52,6 +52,12 @@ bool actualizaConfiguracion(struct og_dbi *dbi, char *cfg, int ido)
dbi_result result, result_update;
const char *msglog;
+ if (cfg && strlen(cfg) == 0) {
+ syslog(LOG_ERR, "Empty configuration string (%s:%d)\n",
+ __func__, __LINE__);
+ return false;
+ }
+
lon = 0;
p = splitCadena(ptrPar, cfg, '\n');
for (i = 0; i < p; i++) {