From c5b6f4294325652899ccca0419d7058cfadd7c85 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 6 Jun 2019 19:19:31 +0200 Subject: luci-base: fix handling of large ubus HTTP requests Properly handle ubus POST requests exceeding the default chunk size and fix a possible nil dereference when rejecting incoming requests due to bad JSON message framing. Signed-off-by: Jo-Philipp Wich --- modules/luci-base/luasrc/controller/admin/index.lua | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'modules/luci-base/luasrc/controller/admin') diff --git a/modules/luci-base/luasrc/controller/admin/index.lua b/modules/luci-base/luasrc/controller/admin/index.lua index 259c34eee8..9fcfe4a309 100644 --- a/modules/luci-base/luasrc/controller/admin/index.lua +++ b/modules/luci-base/luasrc/controller/admin/index.lua @@ -161,7 +161,7 @@ local ubus_types = { local function ubus_request(req) if type(req) ~= "table" or type(req.method) ~= "string" or type(req.params) ~= "table" or #req.params < 2 or req.jsonrpc ~= "2.0" or req.id == nil then - return ubus_reply(req.id, nil, -32600, "Invalid request") + return ubus_reply(nil, nil, -32600, "Invalid request") elseif req.method == "call" then local sid, obj, fun, arg = @@ -216,7 +216,16 @@ end function action_ubus() local parser = require "luci.jsonc".new() - luci.http.context.request:setfilehandler(function(_, s) parser:parse(s or "") end) + + luci.http.context.request:setfilehandler(function(_, s) + if not s then + return nil + end + + local ok, err = parser:parse(s) + return (not err or nil) + end) + luci.http.context.request:content() local json = parser:get() -- cgit v1.2.3