From f8bd418dd1d47ee5b3c4646900bc3f57e7acf402 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Wed, 30 Mar 2011 02:28:47 +1100 Subject: [PATCH 1/1] add better JSON type checking to RADIUS decoder --- mech_eap/util_attr.cpp | 4 ++-- mech_eap/util_json.cpp | 41 +++++++++++++++++++++++++++++++++++------ mech_eap/util_json.h | 9 ++++++++- mech_eap/util_radius.cpp | 21 +++++++++++++++------ 4 files changed, 60 insertions(+), 15 deletions(-) diff --git a/mech_eap/util_attr.cpp b/mech_eap/util_attr.cpp index 6771a76..384769f 100644 --- a/mech_eap/util_attr.cpp +++ b/mech_eap/util_attr.cpp @@ -314,7 +314,7 @@ gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj) continue; JSONObject source = sources.get(key); - if (!source.isnull() && + if (!source.isNull() && !provider->initWithJsonObject(this, source)) { releaseProvider(type); return false; @@ -390,7 +390,7 @@ gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) return false; JSONObject obj = JSONObject::load(s, 0, &error); - if (!obj.isnull()) { + if (!obj.isNull()) { ret = initWithJsonObject(obj); } else ret = false; diff --git a/mech_eap/util_json.cpp b/mech_eap/util_json.cpp index 64e6541..0e4c215 100644 --- a/mech_eap/util_json.cpp +++ b/mech_eap/util_json.cpp @@ -324,12 +324,6 @@ JSONObject::number(void) const return json_number_value(m_obj); } -bool -JSONObject::isnull(void) const -{ - return json_is_null(m_obj); -} - JSONObject JSONObject::ddf(DDF &ddf) { @@ -418,6 +412,41 @@ JSONObject::ddf(void) const return ddf; } +bool JSONObject::isObject(void) const +{ + return json_is_object(m_obj); +} + +bool JSONObject::isArray(void) const +{ + return json_is_array(m_obj); +} + +bool JSONObject::isString(void) const +{ + return json_is_string(m_obj); +} + +bool JSONObject::isInteger(void) const +{ + return json_is_integer(m_obj); +} + +bool JSONObject::isNumber(void) const +{ + return json_is_number(m_obj); +} + +bool JSONObject::isBoolean(void) const +{ + return json_is_boolean(m_obj); +} + +bool JSONObject::isNull(void) const +{ + return json_is_null(m_obj); +} + JSONIterator::JSONIterator(const JSONObject &obj) { m_obj = obj.get(); diff --git a/mech_eap/util_json.h b/mech_eap/util_json.h index 322d03e..43d3275 100644 --- a/mech_eap/util_json.h +++ b/mech_eap/util_json.h @@ -105,9 +105,16 @@ namespace gss_eap_util { json_int_t integer(void) const; double real(void) const; double number(void) const; - bool isnull(void) const; DDF ddf(void) const; + bool isObject(void) const; + bool isArray(void) const; + bool isString(void) const; + bool isInteger(void) const; + bool isNumber(void) const; + bool isBoolean(void) const; + bool isNull(void) const; + ~JSONObject(void) { if (m_obj != NULL) diff --git a/mech_eap/util_radius.cpp b/mech_eap/util_radius.cpp index 1d5efab..dbd5056 100644 --- a/mech_eap/util_radius.cpp +++ b/mech_eap/util_radius.cpp @@ -661,7 +661,8 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) JSONObject type = obj["type"]; JSONObject value = obj["value"]; - if (type.isnull() || value.isnull()) + + if (!type.isInteger()) goto fail; attrid = type.integer(); @@ -680,14 +681,20 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) case PW_TYPE_INTEGER: case PW_TYPE_IPADDR: case PW_TYPE_DATE: + if (!value.isInteger()) + goto fail; + vp->length = 4; vp->lvalue = value.integer(); break; case PW_TYPE_STRING: { + if (!value.isString()) + goto fail; + const char *str = value.string(); - size_t len; + size_t len = strlen(str); - if (str == NULL || (len = strlen(str)) >= MAX_STRING_LEN) + if (len >= MAX_STRING_LEN) goto fail; vp->length = len; @@ -696,12 +703,14 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) } case PW_TYPE_OCTETS: default: { + if (!value.isString()) + goto fail; + const char *str = value.string(); - int len; + size_t len = strlen(str); /* this optimization requires base64Decode only understand packed encoding */ - if (str == NULL || - strlen(str) >= BASE64_EXPAND(MAX_STRING_LEN)) + if (len >= BASE64_EXPAND(MAX_STRING_LEN)) goto fail; len = base64Decode(str, vp->vp_octets); -- 2.1.4