Module: kamailio Branch: master Commit: 29fe7a813b17af898dbe0c4e978dd05766f41aec URL: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd057...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2015-01-07T11:30:01+01:00
jsonrpc-s: safety check for str value of jsonrpc and method fileds
- reported by Alex Balashov
---
Modified: modules/jsonrpc-s/jsonrpc-s_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd057... Patch: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd057...
---
diff --git a/modules/jsonrpc-s/jsonrpc-s_mod.c b/modules/jsonrpc-s/jsonrpc-s_mod.c index b004108..2946288 100644 --- a/modules/jsonrpc-s/jsonrpc-s_mod.c +++ b/modules/jsonrpc-s/jsonrpc-s_mod.c @@ -935,8 +935,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
/* sanity checks on jsonrpc request */ nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "jsonrpc"); - if(nj==NULL) { - LM_ERR("missing jsonrpc field in request\n"); + if(nj==NULL || nj->valuestring==NULL) { + LM_ERR("missing or invalid jsonrpc field in request\n"); goto send_reply; } val.s = nj->valuestring; @@ -947,8 +947,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2) } /* run jsonrpc command */ nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "method"); - if(nj==NULL) { - LM_ERR("missing jsonrpc method field in request\n"); + if(nj==NULL || nj->valuestring==NULL) { + LM_ERR("missing or invalid jsonrpc method field in request\n"); goto send_reply; } val.s = nj->valuestring;