From 67fbe5cc7e3aa3494de54c9bcc3914f0efc6c843 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 18 Nov 2020 09:34:28 +0000 Subject: [PATCH] dynsec: Fix some keys being accessed even if they don't exist. --- plugins/dynamic-security/clients.c | 8 ++++---- plugins/dynamic-security/groups.c | 8 ++++---- plugins/dynamic-security/json_help.h | 1 + plugins/dynamic-security/roles.c | 4 ++-- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/plugins/dynamic-security/clients.c b/plugins/dynamic-security/clients.c index bdd3969e..26a823ed 100644 --- a/plugins/dynamic-security/clients.c +++ b/plugins/dynamic-security/clients.c @@ -693,7 +693,7 @@ int dynsec_clients__process_modify(cJSON *j_responses, struct mosquitto *context return MOSQ_ERR_INVAL; } - if(json_get_string(command, "clientid", &clientid, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "clientid", &clientid, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(clientid); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyClient", "Internal error", correlation_data); @@ -703,7 +703,7 @@ int dynsec_clients__process_modify(cJSON *j_responses, struct mosquitto *context client->clientid = str; } - if(json_get_string(command, "password", &password, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "password", &password, false) == MOSQ_ERR_SUCCESS){ rc = client__set_password(client, password); if(rc != MOSQ_ERR_SUCCESS){ dynsec__command_reply(j_responses, context, "modifyClient", "Internal error", correlation_data); @@ -712,7 +712,7 @@ int dynsec_clients__process_modify(cJSON *j_responses, struct mosquitto *context } } - if(json_get_string(command, "textname", &text_name, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "textname", &text_name, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(text_name); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyClient", "Internal error", correlation_data); @@ -723,7 +723,7 @@ int dynsec_clients__process_modify(cJSON *j_responses, struct mosquitto *context client->text_name = str; } - if(json_get_string(command, "textdescription", &text_description, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "textdescription", &text_description, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(text_description); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyClient", "Internal error", correlation_data); diff --git a/plugins/dynamic-security/groups.c b/plugins/dynamic-security/groups.c index e1998b77..1ddb5e90 100644 --- a/plugins/dynamic-security/groups.c +++ b/plugins/dynamic-security/groups.c @@ -273,7 +273,7 @@ int dynsec_groups__config_load(cJSON *tree) } /* Text name */ - if(json_get_string(j_group, "textname", &str, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(j_group, "textname", &str, false) == MOSQ_ERR_SUCCESS){ if(str){ group->text_name = strdup(str); if(group->text_name == NULL){ @@ -286,7 +286,7 @@ int dynsec_groups__config_load(cJSON *tree) } /* Text description */ - if(json_get_string(j_group, "textdescription", &str, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(j_group, "textdescription", &str, false) == MOSQ_ERR_SUCCESS){ if(str){ group->text_description = strdup(str); if(group->text_description == NULL){ @@ -992,7 +992,7 @@ int dynsec_groups__process_modify(cJSON *j_responses, struct mosquitto *context, return MOSQ_ERR_INVAL; } - if(json_get_string(command, "textname", &text_name, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "textname", &text_name, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(text_name); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyGroup", "Internal error", correlation_data); @@ -1002,7 +1002,7 @@ int dynsec_groups__process_modify(cJSON *j_responses, struct mosquitto *context, group->text_name = str; } - if(json_get_string(command, "textdescription", &text_description, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "textdescription", &text_description, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(text_description); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyGroup", "Internal error", correlation_data); diff --git a/plugins/dynamic-security/json_help.h b/plugins/dynamic-security/json_help.h index 401a3eef..654a1671 100644 --- a/plugins/dynamic-security/json_help.h +++ b/plugins/dynamic-security/json_help.h @@ -18,6 +18,7 @@ Contributors: #include #include +/* "optional==false" can also be taken to mean "only return success if the key exists and is valid" */ int json_get_bool(cJSON *json, const char *name, bool *value, bool optional, bool default_value); int json_get_int(cJSON *json, const char *name, int *value, bool optional, int default_value); int json_get_string(cJSON *json, const char *name, char **value, bool optional); diff --git a/plugins/dynamic-security/roles.c b/plugins/dynamic-security/roles.c index 2b8782c1..6c51bdcc 100644 --- a/plugins/dynamic-security/roles.c +++ b/plugins/dynamic-security/roles.c @@ -1086,7 +1086,7 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context, return MOSQ_ERR_INVAL; } - if(json_get_string(command, "textname", &text_name, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "textname", &text_name, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(text_name); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyRole", "Internal error", correlation_data); @@ -1096,7 +1096,7 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context, role->text_name = str; } - if(json_get_string(command, "textdescription", &text_description, true) == MOSQ_ERR_SUCCESS){ + if(json_get_string(command, "textdescription", &text_description, false) == MOSQ_ERR_SUCCESS){ str = mosquitto_strdup(text_description); if(str == NULL){ dynsec__command_reply(j_responses, context, "modifyRole", "Internal error", correlation_data);