diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2013-08-07 16:46:13 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2013-08-07 16:58:55 +0200 |
| commit | 4fb73b3febd0b368bee39c361dd58d56fb1829ca (patch) | |
| tree | 5772c16a16de9682223cfee58007d13ba91f2f5a | |
| parent | d9e7e61178ef07c741ad820d8b2f5afd4246d993 (diff) | |
| download | uhttpd2-4fb73b3febd0b368bee39c361dd58d56fb1829ca.tar.gz | |
ubus: move sid into the params array of the json-rpc request to avoid information leakage via the post url
| -rw-r--r-- | ubus.c | 40 | ||||
| -rw-r--r-- | uhttpd.h | 1 |
2 files changed, 15 insertions, 26 deletions
@@ -63,6 +63,7 @@ static const struct blobmsg_policy ses_policy[__SES_MAX] = { struct rpc_data { struct blob_attr *id; + const char *sid; const char *method; const char *object; const char *function; @@ -355,10 +356,11 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data) const struct blobmsg_policy data_policy[] = { { .type = BLOBMSG_TYPE_STRING }, { .type = BLOBMSG_TYPE_STRING }, + { .type = BLOBMSG_TYPE_STRING }, { .type = BLOBMSG_TYPE_TABLE }, }; struct blob_attr *tb[__RPC_MAX]; - struct blob_attr *tb2[3]; + struct blob_attr *tb2[4]; struct blob_attr *cur; blobmsg_parse(rpc_policy, __RPC_MAX, tb, blob_data(data), blob_len(data)); @@ -386,12 +388,18 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data) blobmsg_data(d->params), blobmsg_data_len(d->params)); if (tb2[0]) - d->object = blobmsg_data(tb2[0]); + d->sid = blobmsg_data(tb2[0]); + + if (conf.ubus_noauth && (!d->sid || !*d->sid)) + d->sid = UH_UBUS_DEFAULT_SID; if (tb2[1]) - d->function = blobmsg_data(tb2[1]); + d->object = blobmsg_data(tb2[1]); + + if (tb2[2]) + d->function = blobmsg_data(tb2[2]); - d->data = tb2[2]; + d->data = tb2[3]; return true; } @@ -462,7 +470,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object goto error; if (!strcmp(data.method, "call")) { - if (!data.object || !data.function || !data.data) + if (!data.sid || !data.object || !data.function || !data.data) goto error; du->func = data.function; @@ -471,7 +479,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object goto error; } - if (!conf.ubus_noauth && !uh_ubus_allowed(du->sid, data.object, data.function)) { + if (!conf.ubus_noauth && !uh_ubus_allowed(data.sid, data.object, data.function)) { err = ERROR_ACCESS; goto error; } @@ -549,27 +557,10 @@ error: static void uh_ubus_handle_request(struct client *cl, char *url, struct path_info *pi) { struct dispatch *d = &cl->dispatch; - char *sid, *sep; blob_buf_init(&buf, 0); - if (conf.ubus_noauth) { - sid = UH_UBUS_DEFAULT_SID; - } - else { - url += strlen(conf.ubus_prefix); - while (*url == '/') - url++; - - sep = strchr(url, '/'); - if (sep) - *sep = 0; - - sid = url; - } - - if (strlen(sid) != 32 || - cl->request.method != UH_HTTP_MSG_POST) + if (cl->request.method != UH_HTTP_MSG_POST) return ops->client_error(cl, 400, "Bad Request", "Invalid Request"); d->close_fds = uh_ubus_close_fds; @@ -577,7 +568,6 @@ static void uh_ubus_handle_request(struct client *cl, char *url, struct path_inf d->data_send = uh_ubus_data_send; d->data_done = uh_ubus_data_done; d->ubus.jstok = json_tokener_new(); - d->ubus.sid = sid; } static bool @@ -187,7 +187,6 @@ struct dispatch_ubus { struct json_object *jsobj_cur; int post_len; - const char *sid; uint32_t obj; const char *func; |