luci-base: fix handling of large ubus HTTP requests
authorJo-Philipp Wich <jo@mein.io>
Thu, 6 Jun 2019 17:19:31 +0000 (19:19 +0200)
committerJo-Philipp Wich <jo@mein.io>
Sun, 7 Jul 2019 13:36:25 +0000 (15:36 +0200)
Properly handle ubus POST requests exceeding the default chunk size
and fix a possible nil dereference when rejecting incoming requests
due to bad JSON message framing.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/luasrc/controller/admin/index.lua

index 259c34eee81b4afd4214252acf8fcb2df1b25f02..9fcfe4a309872295c7d84eae58da54cb01593268 100644 (file)
@@ -161,7 +161,7 @@ local ubus_types = {
 local function ubus_request(req)
        if type(req) ~= "table" or type(req.method) ~= "string" or type(req.params) ~= "table" or
           #req.params < 2 or req.jsonrpc ~= "2.0" or req.id == nil then
-               return ubus_reply(req.id, nil, -32600, "Invalid request")
+               return ubus_reply(nil, nil, -32600, "Invalid request")
 
        elseif req.method == "call" then
                local sid, obj, fun, arg =
@@ -216,7 +216,16 @@ end
 
 function action_ubus()
        local parser = require "luci.jsonc".new()
-       luci.http.context.request:setfilehandler(function(_, s) parser:parse(s or "") end)
+
+       luci.http.context.request:setfilehandler(function(_, s)
+               if not s then
+                       return nil
+               end
+
+               local ok, err = parser:parse(s)
+               return (not err or nil)
+       end)
+
        luci.http.context.request:content()
 
        local json = parser:get()