projects
/
project
/
uhttpd.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
a7b7bad
)
ubus: deny requests with a "ubus_rpc_session" toplevel attribute to prevent injecting...
author
Jo-Philipp Wich
<jow@openwrt.org>
Fri, 13 Sep 2013 12:44:57 +0000
(14:44 +0200)
committer
Jo-Philipp Wich
<jow@openwrt.org>
Fri, 13 Sep 2013 12:44:57 +0000
(14:44 +0200)
ubus.c
patch
|
blob
|
history
diff --git
a/ubus.c
b/ubus.c
index 3c1124662eccc503d969c99a5ecac737bb1a7e95..0d41c2dd6b7f3b712f9dd3e725e7b6f2f0a6f2cc 100644
(file)
--- a/
ubus.c
+++ b/
ubus.c
@@
-250,8
+250,11
@@
static void uh_ubus_send_request(struct client *cl, json_object *obj, const char
int ret, rem;
blob_buf_init(&req, 0);
- blobmsg_for_each_attr(cur, args, rem)
+ blobmsg_for_each_attr(cur, args, rem) {
+ if (!strcmp(blobmsg_name(cur), "ubus_rpc_session"))
+ return uh_ubus_json_error(cl, ERROR_PARAMS);
blobmsg_add_blob(&req, cur);
+ }
blobmsg_add_string(&req, "ubus_rpc_session", sid);