From 6f6372d0e0c19530364b168fb9c843c45a430c5a Mon Sep 17 00:00:00 2001
From: "Jose M. Guisado" <jguisado@soleta.eu>
Date: Tue, 10 Oct 2023 16:47:18 +0200
Subject: src: move og_repository to dbi.h

Move struct og_repository to dbi.h and use field max length for name and
ip.

Use og_json_parse_string_copy instead of og_json_parse_string to check
maximum length against the request payload.

Fixes: 86ccc3c2e8377623 ("#915 Add POST /repository/add")
---
 src/dbi.h  | 6 ++++++
 src/json.h | 5 -----
 src/rest.c | 8 ++++++--
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/dbi.h b/src/dbi.h
index f6cb1dd..ab393e7 100644
--- a/src/dbi.h
+++ b/src/dbi.h
@@ -27,6 +27,7 @@ void og_dbi_close(struct og_dbi *db);
 #define OG_DB_ROOM_LOC_MAXLEN		255
 #define OG_DB_SERIAL_NUMBER_MAXLEN	25
 #define OG_DB_IMAGE_DESCRIPTION_MAXLEN 	250
+#define OG_DB_REPO_NAME_MAXLEN 	250
 #define OG_DB_PART_NAME_MAXLEN 	250
 #define OG_DB_IMAGE_NAME_MAXLEN 50
 #define OG_DB_FILESYSTEM_MAXLEN 16
@@ -104,6 +105,11 @@ struct og_room {
 	bool		remote;
 };
 
+struct og_repository {
+	char	name[OG_DB_REPO_NAME_MAXLEN];
+	char	ip[OG_DB_IP_MAXLEN];
+};
+
 struct in_addr;
 int og_dbi_get_computer_info(struct og_dbi *dbi, struct og_computer *computer,
 			     struct in_addr addr);
diff --git a/src/json.h b/src/json.h
index 9ac5c4e..e37f1b2 100644
--- a/src/json.h
+++ b/src/json.h
@@ -132,9 +132,4 @@ struct og_procedure {
 
 int og_json_parse_procedure(json_t *element, struct og_procedure *proc);
 
-struct og_repository {
-	const char	*name;
-	const char	*ip;
-};
-
 #endif
diff --git a/src/rest.c b/src/rest.c
index de2d9ed..ec4ae55 100644
--- a/src/rest.c
+++ b/src/rest.c
@@ -5210,10 +5210,14 @@ static int og_cmd_post_repository_add(json_t *element,
 
 	json_object_foreach(element, key, value) {
 		if (!strcmp(key, "name")) {
-			err = og_json_parse_string(value, &repo.name);
+			err = og_json_parse_string_copy(value,
+							repo.name,
+							sizeof(repo.name));
 			params->flags |= OG_REST_PARAM_NAME;
 		} else if (!strcmp(key, "ip")) {
-			err = og_json_parse_string(value, &repo.ip);
+			err = og_json_parse_string_copy(value,
+							repo.ip,
+							sizeof(repo.ip));
 			params->flags |= OG_REST_PARAM_ADDR;
 		}
 
-- 
cgit v1.2.3-18-g5258