diff options
author | Jose M. Guisado <jguisado@soleta.eu> | 2023-06-05 18:12:24 +0200 |
---|---|---|
committer | Jose M. Guisado <jguisado@soleta.eu> | 2023-06-07 18:32:33 +0200 |
commit | 92f83c0385281c1d1e7996fc76c071e782ea6939 (patch) | |
tree | 008a101f922032be39b7ba4e25573cd3603d5b37 /src | |
parent | 8cf02475ba7714ef7b4117ff2032fc90784e60f2 (diff) |
client: harden og_resp_refresh
Harden refresh response logic. Check for necessary JSON fields inside
the payload.
Check if serial_number is null before calling strlen, prevent ogServer
from a malformed refresh response with missing serial_number.
Refresh uses legacy function actualizaConfiguracion that takes a long
string with the computers configuration (serialno, partitions, disks,
link speed and status). Check for an empty string before executing any
legacy code inside actualizaConfiguracion.
Diffstat (limited to 'src')
-rw-r--r-- | src/client.c | 6 | ||||
-rw-r--r-- | src/ogAdmServer.c | 6 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/client.c b/src/client.c index 36e2565..67c6a2e 100644 --- a/src/client.c +++ b/src/client.c @@ -420,6 +420,10 @@ static int og_resp_refresh(json_t *data, struct og_client *cli) if (link) cli->speed = link; + /* + * status is the only received field when the response is coming from a + * client using linux/windows mode. + */ if (status) { if (!strncmp(status, "LINUX", strlen("LINUX"))) { cli->status = OG_CLIENT_STATUS_LINUX; @@ -429,7 +433,7 @@ static int og_resp_refresh(json_t *data, struct og_client *cli) return 0; } - if (strlen(serial_number) > 0) + if (serial_number && strlen(serial_number) > 0) snprintf(cfg, sizeof(cfg), "ser=%s\n", serial_number); for (i = 0; i < OG_DISK_MAX; i++) { diff --git a/src/ogAdmServer.c b/src/ogAdmServer.c index 8c6702f..6f4f704 100644 --- a/src/ogAdmServer.c +++ b/src/ogAdmServer.c @@ -52,6 +52,12 @@ bool actualizaConfiguracion(struct og_dbi *dbi, char *cfg, int ido) dbi_result result, result_update; const char *msglog; + if (cfg && strlen(cfg) == 0) { + syslog(LOG_ERR, "Empty configuration string (%s:%d)\n", + __func__, __LINE__); + return false; + } + lon = 0; p = splitCadena(ptrPar, cfg, '\n'); for (i = 0; i < p; i++) { |