On 02/01/2013 12:27 AM, Clint Adams wrote:
> On Thu, Jan 31, 2013 at 08:24:29PM -0500, Daniel Kahn Gillmor wrote:
>> msv_query_agent() does not escape the data passed in. For example, if
>> pkcdata points to a C string with newlines in it, it will inject the
>> newlines directly into the JSON string, which is not valid JSON.
>
> Perhaps something like this?
>
> jreq = json_object();
> pkc = json_object();
> peer = json_object();
>
> if ( (json_object_set(pkc, "data", json_string(pkcdata)) == 0) &&
> (json_object_set(pkc, "type", json_string(pkctype)) == 0) &&
> (json_object_set(peer, "name", json_string(peername)) == 0) &&
> (json_object_set(peer, "type", json_string(peertype)) == 0) &&
> (json_object_set(jreq, "pkc", pkc) == 0) &&
> (json_object_set(jreq, "context", json_string(context)) == 0) &&
> (json_object_set(jreq, "peer", peer) == 0)
> ) {
> req = json_dumps(jreq, JSON_PRESERVE_ORDER|JSON_COMPACT);
>
> } else {
> return SOMETHING_HORRIBLE;
> }
yeah, something like this looks about right; but this still expects
that the data passed to json_string() is all valid UTF-8 strings. This
should be true for PEM-encoded X.509 certificates (pkctype="x509pem"),
but it's distinctly wrong for pkctype="x509der", which is capable of
having embedded NULL bytes, etc. So you'll still need to check the
return values of json_string(), i think, and "return
SOMETHING_HORRIBLE;" if it chokes.
And of course, remember to deallocate the objects whatever objects were
allocated once the HTTP POST has returned. I confess i don't really
grok libjansson's memory management model with all this "borrowed
reference" stuff as well as i'd like, though.
--dkg
signature.asc
Description: OpenPGP digital signature
