From 32b9a53f577e960b7f6120342d67f2c98277f2c1 Mon Sep 17 00:00:00 2001
From: OpenGnSys Support Team <soporte-og@soleta.eu>
Date: Wed, 4 Sep 2024 01:12:13 +0200
Subject: rest: better json clients validation

- check maximum limit of clients
- reject empty array
---
 src/rest.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/rest.c b/src/rest.c
index 99fbe1f..235cab8 100644
--- a/src/rest.c
+++ b/src/rest.c
@@ -173,16 +173,22 @@ static int og_json_parse_clients(json_t *element, struct og_msg_params *params)
 		return -1;
 
 	for (i = 0; i < json_array_size(element); i++) {
+		if (params->ips_array_len >= OG_CLIENTS_MAX)
+			return -1;
+
 		k = json_array_get(element, i);
 		if (json_typeof(k) != JSON_STRING)
 			return -1;
 
 		params->ips_array[params->ips_array_len++] =
 			json_string_value(k);
-
-		params->flags |= OG_REST_PARAM_ADDR;
 	}
 
+	if (params->ips_array_len == 0)
+		return -1;
+
+	params->flags |= OG_REST_PARAM_ADDR;
+
 	return 0;
 }
 
@@ -1800,9 +1806,6 @@ static int og_cmd_get_client_setup(json_t *element,
 	if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR))
 		return -1;
 
-	if (params->ips_array_len != 1)
-		return -1;
-
 	root = json_object();
 	if (!root)
 		return -1;
@@ -2072,9 +2075,6 @@ static int og_cmd_get_client_info(json_t *element,
 	if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR))
 		return -1;
 
-	if (params->ips_array_len != 1)
-		return -1;
-
 	if (inet_aton(params->ips_array[0], &addr) == 0)
 		return -1;
 
-- 
cgit v1.2.3-18-g5258