add better JSON type checking to RADIUS decoder

diff --git a/mech_eap/util_attr.cpp b/mech_eap/util_attr.cpp
index 6771a76..384769f 100644 (file)
--- a/mech_eap/util_attr.cpp
+++ b/mech_eap/util_attr.cpp
@@ -314,7 +314,7 @@ gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj)
             continue;
 
         JSONObject source = sources.get(key);
-        if (!source.isnull() &&
+        if (!source.isNull() &&
             !provider->initWithJsonObject(this, source)) {
             releaseProvider(type);
             return false;
@@ -390,7 +390,7 @@ gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
         return false;
 
     JSONObject obj = JSONObject::load(s, 0, &error);
-    if (!obj.isnull()) {
+    if (!obj.isNull()) {
         ret = initWithJsonObject(obj);
     } else
         ret = false;

diff --git a/mech_eap/util_json.cpp b/mech_eap/util_json.cpp
index 64e6541..0e4c215 100644 (file)
--- a/mech_eap/util_json.cpp
+++ b/mech_eap/util_json.cpp
@@ -324,12 +324,6 @@ JSONObject::number(void) const
     return json_number_value(m_obj);
 }
 
-bool
-JSONObject::isnull(void) const
-{
-    return json_is_null(m_obj);
-}
-
 JSONObject
 JSONObject::ddf(DDF &ddf)
 {
@@ -418,6 +412,41 @@ JSONObject::ddf(void) const
     return ddf;
 }
 
+bool JSONObject::isObject(void) const
+{
+    return json_is_object(m_obj);
+}
+
+bool JSONObject::isArray(void) const
+{
+    return json_is_array(m_obj);
+}
+
+bool JSONObject::isString(void) const
+{
+    return json_is_string(m_obj);
+}
+
+bool JSONObject::isInteger(void) const
+{
+    return json_is_integer(m_obj);
+}
+
+bool JSONObject::isNumber(void) const
+{
+    return json_is_number(m_obj);
+}
+
+bool JSONObject::isBoolean(void) const
+{
+    return json_is_boolean(m_obj);
+}
+
+bool JSONObject::isNull(void) const
+{
+    return json_is_null(m_obj);
+}
+
 JSONIterator::JSONIterator(const JSONObject &obj)
 {
     m_obj = obj.get();

diff --git a/mech_eap/util_json.h b/mech_eap/util_json.h
index 322d03e..43d3275 100644 (file)
--- a/mech_eap/util_json.h
+++ b/mech_eap/util_json.h
@@ -105,9 +105,16 @@ namespace gss_eap_util {
         json_int_t integer(void) const;
         double real(void) const;
         double number(void) const;
-        bool isnull(void) const;
         DDF ddf(void) const;
 
+        bool isObject(void) const;
+        bool isArray(void) const;
+        bool isString(void) const;
+        bool isInteger(void) const;
+        bool isNumber(void) const;
+        bool isBoolean(void) const;
+        bool isNull(void) const;
+
         ~JSONObject(void)
         {
             if (m_obj != NULL)

diff --git a/mech_eap/util_radius.cpp b/mech_eap/util_radius.cpp
index 1d5efab..dbd5056 100644 (file)
--- a/mech_eap/util_radius.cpp
+++ b/mech_eap/util_radius.cpp
@@ -661,7 +661,8 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj)
 
     JSONObject type = obj["type"];
     JSONObject value = obj["value"];
-    if (type.isnull() || value.isnull())
+
+    if (!type.isInteger())
         goto fail;
 
     attrid = type.integer();
@@ -680,14 +681,20 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj)
     case PW_TYPE_INTEGER:
     case PW_TYPE_IPADDR:
     case PW_TYPE_DATE:
+        if (!value.isInteger())
+            goto fail;
+
         vp->length = 4;
         vp->lvalue = value.integer();
         break;
     case PW_TYPE_STRING: {
+        if (!value.isString())
+            goto fail;
+
         const char *str = value.string();
-        size_t len;
+        size_t len = strlen(str);
 
-        if (str == NULL || (len = strlen(str)) >= MAX_STRING_LEN)
+        if (len >= MAX_STRING_LEN)
             goto fail;
 
         vp->length = len;
@@ -696,12 +703,14 @@ jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj)
     }
     case PW_TYPE_OCTETS:
     default: {
+        if (!value.isString())
+            goto fail;
+
         const char *str = value.string();
-        int len;
+        size_t len = strlen(str);
 
         /* this optimization requires base64Decode only understand packed encoding */
-        if (str == NULL ||
-            strlen(str) >= BASE64_EXPAND(MAX_STRING_LEN))
+        if (len >= BASE64_EXPAND(MAX_STRING_LEN))
             goto fail;
 
         len = base64Decode(str, vp->vp_octets);