From 485bf92216b7f3235f4e57dee5ac586beb60a090 Mon Sep 17 00:00:00 2001 From: Javier Hernandez Date: Mon, 6 Nov 2023 11:29:38 +0100 Subject: rest: Check valid bootmode ogserver will check that the user provided a valid bootmode. It will go through the list of all available boot modes and check that the bootmode provided by the user is in said list; otherwise, it will not set it. --- src/rest.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/rest.c b/src/rest.c index 3abf96e..7aab57a 100644 --- a/src/rest.c +++ b/src/rest.c @@ -1125,6 +1125,29 @@ static int og_change_db_mode(struct og_dbi *dbi, const char *mac, return 0; } +static bool og_boot_mode_is_valid(const char *name) +{ + struct og_boot_mode *mode; + LIST_HEAD(boot_mode_list); + bool found = false; + + if (og_get_boot_modes(&boot_mode_list) < 0) { + syslog(LOG_ERR, "failed to get boot mode list (%s:%d)\n", + __FILE__, __LINE__); + return false; + } + + list_for_each_entry(mode, &boot_mode_list, list) { + if (!strncmp(name, mode->name, FILENAME_MAX)) { + found = true; + break; + } + } + og_boot_mode_free(&boot_mode_list); + + return found; +} + static int og_set_client_mode(struct og_dbi *dbi, const char *mac, const char *mode) { @@ -1138,6 +1161,12 @@ static int og_set_client_mode(struct og_dbi *dbi, const char *mac, int status; int fd; + if (!og_boot_mode_is_valid(mode)) { + syslog(LOG_ERR, "invalid boot mode in client (%s:%d)\n", + __FILE__, __LINE__); + return -1; + } + result = dbi_conn_queryf(dbi->conn, "SELECT ' LANG=%s', " "' ip=', CONCAT_WS(':', ordenadores.ip, (@serverip:=entornos.ipserveradm), aulas.router, aulas.netmask, ordenadores.nombreordenador, ordenadores.netiface, 'none'), " -- cgit v1.2.3-18-g5258