summaryrefslogtreecommitdiffstats
path: root/sources/ogAdmServer.cpp
diff options
context:
space:
mode:
authorOpenGnSys Support Team <soporte-og@soleta.eu>2019-05-30 15:23:29 +0200
committerOpenGnSys Support Team <soporte-og@soleta.eu>2019-05-31 00:20:05 +0200
commiteb6aa82cd4241db75c223444313b666ae35d1945 (patch)
tree9b830fb9527157896fcf4ffc6ae6f78cb79b655e /sources/ogAdmServer.cpp
parent99c6c62d81389d503ef77667ccaa87de0686d4a8 (diff)
#915 validate message length based on announced Content-Length field
Otherwise, TCP segmentation leads to handle an incomplete payload, this problems manifests with errors when parsing the json body.
Diffstat (limited to 'sources/ogAdmServer.cpp')
-rw-r--r--sources/ogAdmServer.cpp24
1 files changed, 14 insertions, 10 deletions
diff --git a/sources/ogAdmServer.cpp b/sources/ogAdmServer.cpp
index 42a7042..6575edd 100644
--- a/sources/ogAdmServer.cpp
+++ b/sources/ogAdmServer.cpp
@@ -131,6 +131,7 @@ struct og_client {
unsigned int msg_len;
int keepalive_idx;
bool rest;
+ unsigned int content_length;
};
static inline int og_client_socket(const struct og_client *cli)
@@ -3899,10 +3900,9 @@ enum og_rest_method {
static int og_client_state_process_payload_rest(struct og_client *cli)
{
struct og_msg_params params = {};
- const char *cmd, *body, *ptr;
enum og_rest_method method;
char buf_reply[4096] = {};
- int content_length = 0;
+ const char *cmd, *body;
json_error_t json_err;
json_t *root = NULL;
int err = 0;
@@ -3918,11 +3918,7 @@ static int og_client_state_process_payload_rest(struct og_client *cli)
body = strstr(cli->buf, "\r\n\r\n") + 4;
- ptr = strstr(cli->buf, "Content-Length: ");
- if (ptr)
- sscanf(ptr, "Content-Length: %i[^\r\n]", &content_length);
-
- if (content_length) {
+ if (cli->content_length) {
root = json_loads(body, 0, &json_err);
if (!root) {
syslog(LOG_ERR, "malformed json line %d: %s\n",
@@ -4037,12 +4033,20 @@ static int og_client_state_process_payload_rest(struct og_client *cli)
static int og_client_state_recv_hdr_rest(struct og_client *cli)
{
- char *trailer;
+ char *ptr;
- trailer = strstr(cli->buf, "\r\n\r\n");
- if (!trailer)
+ ptr = strstr(cli->buf, "\r\n\r\n");
+ if (!ptr)
return 0;
+ cli->msg_len = ptr - cli->buf + 4;
+
+ ptr = strstr(cli->buf, "Content-Length: ");
+ if (ptr) {
+ sscanf(ptr, "Content-Length: %i[^\r\n]", &cli->content_length);
+ cli->msg_len += cli->content_length;
+ }
+
return 1;
}