From: Luke Howard Date: Tue, 29 Mar 2011 15:28:47 +0000 (+1100) Subject: add better JSON type checking to RADIUS decoder X-Git-Tag: dvd/201105~12^2~34 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=8230eebb81b3ede830f892a8d3a01a3e83fe7da6 add better JSON type checking to RADIUS decoder --- diff --git a/util_attr.cpp b/util_attr.cpp index 6771a76..384769f 100644 --- a/util_attr.cpp +++ b/util_attr.cpp @@ -314,7 +314,7 @@ gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj) continue; JSONObject source = sources.get(key); - if (!source.isnull() && + if (!source.isNull() && !provider->initWithJsonObject(this, source)) { releaseProvider(type); return false; @@ -390,7 +390,7 @@ gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) return false; JSONObject obj = JSONObject::load(s, 0, &error); - if (!obj.isnull()) { + if (!obj.isNull()) { ret = initWithJsonObject(obj); } else ret = false; diff --git a/util_json.cpp b/util_json.cpp index 64e6541..0e4c215 100644 --- a/util_json.cpp +++ b/util_json.cpp @@ -324,12 +324,6 @@ JSONObject::number(void) const return json_number_value(m_obj); } -bool -JSONObject::isnull(void) const -{ - return json_is_null(m_obj); -} - JSONObject JSONObject::ddf(DDF &ddf) { @@ -418,6 +412,41 @@ JSONObject::ddf(void) const return ddf; } +bool JSONObject::isObject(void) const +{ + return json_is_object(m_obj); +} + +bool JSONObject::isArray(void) const +{ + return json_is_array(m_obj); +} + +bool JSONObject::isString(void) const +{ + return json_is_string(m_obj); +} + +bool JSONObject::isInteger(void) const +{ + return json_is_integer(m_obj); +} + +bool JSONObject::isNumber(void) const +{ + return json_is_number(m_obj); +} + +bool JSONObject::isBoolean(void) const +{ + return json_is_boolean(m_obj); +} + +bool JSONObject::isNull(void) const +{ + return json_is_null(m_obj); +} + JSONIterator::JSONIterator(const JSONObject &obj) { m_obj = obj.get(); diff --git a/util_json.h b/util_json.h index 322d03e..43d3275 100644 --- a/util_json.h +++ b/util_json.h @@ -105,9 +105,16 @@ namespace gss_eap_util { json_int_t integer(void) const; double real(void) const; double number(void) const; - bool isnull(void) const; DDF ddf(void) const; + bool isObject(void) const; + bool isArray(void) const; + bool isString(void) const; + bool isInteger(void) const; + bool isNumber(void) const; + bool isBoolean(void) const; + bool isNull(void) const; + ~JSONObject(void) { if (m_obj != NULL) diff --git a/util_radius.cpp b/util_radius.cpp index 1d5efab..dbd5056 100644 --- a/util_radius.cpp +++ b/util_radius.cpp @@ -661,7 +661,8 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) JSONObject type = obj["type"]; JSONObject value = obj["value"]; - if (type.isnull() || value.isnull()) + + if (!type.isInteger()) goto fail; attrid = type.integer(); @@ -680,14 +681,20 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) case PW_TYPE_INTEGER: case PW_TYPE_IPADDR: case PW_TYPE_DATE: + if (!value.isInteger()) + goto fail; + vp->length = 4; vp->lvalue = value.integer(); break; case PW_TYPE_STRING: { + if (!value.isString()) + goto fail; + const char *str = value.string(); - size_t len; + size_t len = strlen(str); - if (str == NULL || (len = strlen(str)) >= MAX_STRING_LEN) + if (len >= MAX_STRING_LEN) goto fail; vp->length = len; @@ -696,12 +703,14 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) } case PW_TYPE_OCTETS: default: { + if (!value.isString()) + goto fail; + const char *str = value.string(); - int len; + size_t len = strlen(str); /* this optimization requires base64Decode only understand packed encoding */ - if (str == NULL || - strlen(str) >= BASE64_EXPAND(MAX_STRING_LEN)) + if (len >= BASE64_EXPAND(MAX_STRING_LEN)) goto fail; len = base64Decode(str, vp->vp_octets);