[sr-dev] git:master:29fe7a81: jsonrpc-s: safety check for str value of jsonrpc and method fileds

[Daniel-Constantin Mierla]

Module: kamailio
Branch: master
Commit: 29fe7a813b17af898dbe0c4e978dd05766f41aec
URL: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd05766f41aec

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2015-01-07T11:30:01+01:00

jsonrpc-s: safety check for str value of jsonrpc and method fileds

- reported by Alex Balashov

---

Modified: modules/jsonrpc-s/jsonrpc-s_mod.c

---

Diff:  https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd05766f41aec.diff
Patch: https://github.com/kamailio/kamailio/commit/29fe7a813b17af898dbe0c4e978dd05766f41aec.patch

---

diff --git a/modules/jsonrpc-s/jsonrpc-s_mod.c b/modules/jsonrpc-s/jsonrpc-s_mod.c
index b004108..2946288 100644
--- a/modules/jsonrpc-s/jsonrpc-s_mod.c
+++ b/modules/jsonrpc-s/jsonrpc-s_mod.c
@@ -935,8 +935,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
 
 	/* sanity checks on jsonrpc request */
 	nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "jsonrpc");
-	if(nj==NULL) {
-		LM_ERR("missing jsonrpc field in request\n");
+	if(nj==NULL || nj->valuestring==NULL) {
+		LM_ERR("missing or invalid jsonrpc field in request\n");
 		goto send_reply;
 	}
 	val.s = nj->valuestring;
@@ -947,8 +947,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
 	}
 	/* run jsonrpc command */
 	nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "method");
-	if(nj==NULL) {
-		LM_ERR("missing jsonrpc method field in request\n");
+	if(nj==NULL || nj->valuestring==NULL) {
+		LM_ERR("missing or invalid jsonrpc method field in request\n");
 		goto send_reply;
 	}
 	val.s = nj->valuestring;