client: harden og_resp_refresh

Harden refresh response logic. Check for necessary JSON fields inside the payload. Check if serial_number is null before calling strlen, prevent ogServer from a malformed refresh response with missing serial_number. Refresh uses legacy function actualizaConfiguracion that takes a long string with the computers configuration (serialno, partitions, disks, link speed and status). Check for an empty string before executing any legacy code inside actualizaConfiguracion.
author: Jose M. Guisado <jguisado@soleta.eu> 2023-06-05 18:12:24 +0200
committer: Jose M. Guisado <jguisado@soleta.eu> 2023-06-07 18:32:33 +0200
commit: 92f83c0385281c1d1e7996fc76c071e782ea6939 (patch)
tree: 008a101f922032be39b7ba4e25573cd3603d5b37 /src/ogAdmServer.c
parent: 8cf02475ba7714ef7b4117ff2032fc90784e60f2 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/ogAdmServer.c b/src/ogAdmServer.c
index 8c6702f..6f4f704 100644
--- a/src/ogAdmServer.c
+++ b/src/ogAdmServer.c
@@ -52,6 +52,12 @@ bool actualizaConfiguracion(struct og_dbi *dbi, char *cfg, int ido)
 	dbi_result result, result_update;
 	const char *msglog;
 
+	if (cfg && strlen(cfg) == 0) {
+		syslog(LOG_ERR, "Empty configuration string (%s:%d)\n",
+				__func__, __LINE__);
+		return false;
+	}
+
 	lon = 0;
 	p = splitCadena(ptrPar, cfg, '\n');
 	for (i = 0; i < p; i++) {
author	Jose M. Guisado <jguisado@soleta.eu>	2023-06-05 18:12:24 +0200
committer	Jose M. Guisado <jguisado@soleta.eu>	2023-06-07 18:32:33 +0200
commit	92f83c0385281c1d1e7996fc76c071e782ea6939 (patch)
tree	008a101f922032be39b7ba4e25573cd3603d5b37 /src/ogAdmServer.c
parent	8cf02475ba7714ef7b4117ff2032fc90784e60f2 (diff)