summaryrefslogtreecommitdiff
path: root/ubus.c
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2013-08-07 16:46:13 +0200
committerJo-Philipp Wich <jow@openwrt.org>2013-08-07 16:58:55 +0200
commit4fb73b3febd0b368bee39c361dd58d56fb1829ca (patch)
tree5772c16a16de9682223cfee58007d13ba91f2f5a /ubus.c
parentd9e7e61178ef07c741ad820d8b2f5afd4246d993 (diff)
ubus: move sid into the params array of the json-rpc request to avoid information leakage via the post url
Diffstat (limited to 'ubus.c')
-rw-r--r--ubus.c40
1 files changed, 15 insertions, 25 deletions
diff --git a/ubus.c b/ubus.c
index 307daaa..8129c20 100644
--- a/ubus.c
+++ b/ubus.c
@@ -63,6 +63,7 @@ static const struct blobmsg_policy ses_policy[__SES_MAX] = {
struct rpc_data {
struct blob_attr *id;
+ const char *sid;
const char *method;
const char *object;
const char *function;
@@ -355,10 +356,11 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data)
const struct blobmsg_policy data_policy[] = {
{ .type = BLOBMSG_TYPE_STRING },
{ .type = BLOBMSG_TYPE_STRING },
+ { .type = BLOBMSG_TYPE_STRING },
{ .type = BLOBMSG_TYPE_TABLE },
};
struct blob_attr *tb[__RPC_MAX];
- struct blob_attr *tb2[3];
+ struct blob_attr *tb2[4];
struct blob_attr *cur;
blobmsg_parse(rpc_policy, __RPC_MAX, tb, blob_data(data), blob_len(data));
@@ -386,12 +388,18 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data)
blobmsg_data(d->params), blobmsg_data_len(d->params));
if (tb2[0])
- d->object = blobmsg_data(tb2[0]);
+ d->sid = blobmsg_data(tb2[0]);
+
+ if (conf.ubus_noauth && (!d->sid || !*d->sid))
+ d->sid = UH_UBUS_DEFAULT_SID;
if (tb2[1])
- d->function = blobmsg_data(tb2[1]);
+ d->object = blobmsg_data(tb2[1]);
+
+ if (tb2[2])
+ d->function = blobmsg_data(tb2[2]);
- d->data = tb2[2];
+ d->data = tb2[3];
return true;
}
@@ -462,7 +470,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
goto error;
if (!strcmp(data.method, "call")) {
- if (!data.object || !data.function || !data.data)
+ if (!data.sid || !data.object || !data.function || !data.data)
goto error;
du->func = data.function;
@@ -471,7 +479,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
goto error;
}
- if (!conf.ubus_noauth && !uh_ubus_allowed(du->sid, data.object, data.function)) {
+ if (!conf.ubus_noauth && !uh_ubus_allowed(data.sid, data.object, data.function)) {
err = ERROR_ACCESS;
goto error;
}
@@ -549,27 +557,10 @@ error:
static void uh_ubus_handle_request(struct client *cl, char *url, struct path_info *pi)
{
struct dispatch *d = &cl->dispatch;
- char *sid, *sep;
blob_buf_init(&buf, 0);
- if (conf.ubus_noauth) {
- sid = UH_UBUS_DEFAULT_SID;
- }
- else {
- url += strlen(conf.ubus_prefix);
- while (*url == '/')
- url++;
-
- sep = strchr(url, '/');
- if (sep)
- *sep = 0;
-
- sid = url;
- }
-
- if (strlen(sid) != 32 ||
- cl->request.method != UH_HTTP_MSG_POST)
+ if (cl->request.method != UH_HTTP_MSG_POST)
return ops->client_error(cl, 400, "Bad Request", "Invalid Request");
d->close_fds = uh_ubus_close_fds;
@@ -577,7 +568,6 @@ static void uh_ubus_handle_request(struct client *cl, char *url, struct path_inf
d->data_send = uh_ubus_data_send;
d->data_done = uh_ubus_data_done;
d->ubus.jstok = json_tokener_new();
- d->ubus.sid = sid;
}
static bool