From 88330288e66320df4b243ce77ca90bf3f91e66d7 Mon Sep 17 00:00:00 2001 From: OpenGnSys Support Team Date: Mon, 15 Jul 2024 11:53:15 +0200 Subject: client: fortify check for mandatory cmd json field in shell/output Revisit 6cbe69e89e71 ("rest: add cmd to shell/output") to reject response with no 'cmd' field, otherwise strdup() crashes when dealing with NULL string. Set retcode to zero, otherwise this value remains uninitialized if no retcode json field is provided by the client. --- src/client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/client.c b/src/client.c index 4876f78..0d898d7 100644 --- a/src/client.c +++ b/src/client.c @@ -172,7 +172,7 @@ static int og_resp_probe(struct og_client *cli, json_t *data) static int og_resp_shell_run(struct og_client *cli, json_t *data) { const char *cmd = NULL, *output = NULL; - uint32_t retcode; + uint32_t retcode = 0; const char *key; json_t *value; int err = -1; @@ -197,7 +197,7 @@ static int og_resp_shell_run(struct og_client *cli, json_t *data) } - if (!output) { + if (!cmd || !output) { syslog(LOG_ERR, "%s:%d: malformed json response\n", __FILE__, __LINE__); return -1; -- cgit v1.2.3-18-g5258