Inicio Explorar Axuda
Iniciar sesión
Kamailio
/
kamailio
réplica de https://github.com/kamailio/kamailio.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

jsonrpc-s: safety check for str value of jsonrpc and method fileds

- reported by Alex Balashov
Daniel-Constantin Mierla %!s(int64=10) %!d(string=hai) anos
pai
f8d64b1946
achega
29fe7a813b
Modificáronse 1 ficheiros con 4 adicións e 4 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 4 4
      modules/jsonrpc-s/jsonrpc-s_mod.c

+ 4 - 4
modules/jsonrpc-s/jsonrpc-s_mod.c
Ver ficheiro 

@@ -935,8 +935,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
 
 
 	/* sanity checks on jsonrpc request */
 
 	nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "jsonrpc");
 
-	if(nj==NULL) {
 
-		LM_ERR("missing jsonrpc field in request\n");
 
+	if(nj==NULL || nj->valuestring==NULL) {
 
+		LM_ERR("missing or invalid jsonrpc field in request\n");
 
 		goto send_reply;
 
 	}
 
 	val.s = nj->valuestring;
 
@@ -947,8 +947,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
 
 	}
 
 	/* run jsonrpc command */
 
 	nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "method");
 
-	if(nj==NULL) {
 
-		LM_ERR("missing jsonrpc method field in request\n");
 
+	if(nj==NULL || nj->valuestring==NULL) {
 
+		LM_ERR("missing or invalid jsonrpc method field in request\n");
 
 		goto send_reply;
 
 	}
 
 	val.s = nj->valuestring;