[sr-dev] git:master:29fe7a81: jsonrpc-s: safety check for str value of jsonrpc and method fileds

Module: kamailio Branch: master Commit: 29fe7a813b17af898dbe0c4e978dd05766f41aec URL: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd05… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-01-07T11:30:01+01:00 jsonrpc-s: safety check for str value of jsonrpc and method fileds - reported by Alex Balashov --- Modified: modules/jsonrpc-s/jsonrpc-s_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd05… Patch: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd05… --- diff --git a/modules/jsonrpc-s/jsonrpc-s_mod.c b/modules/jsonrpc-s/jsonrpc-s_mod.c index b004108..2946288 100644 --- a/modules/jsonrpc-s/jsonrpc-s_mod.c +++ b/modules/jsonrpc-s/jsonrpc-s_mod.c @@ -935,8 +935,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2) /* sanity checks on jsonrpc request */ nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "jsonrpc"); - if(nj==NULL) { - LM_ERR("missing jsonrpc field in request\n"); + if(nj==NULL || nj->valuestring==NULL) { + LM_ERR("missing or invalid jsonrpc field in request\n"); goto send_reply; } val.s = nj->valuestring; @@ -947,8 +947,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2) } /* run jsonrpc command */ nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "method"); - if(nj==NULL) { - LM_ERR("missing jsonrpc method field in request\n"); + if(nj==NULL || nj->valuestring==NULL) { + LM_ERR("missing or invalid jsonrpc method field in request\n"); goto send_reply; } val.s = nj->valuestring;