UNLOZE/sm-plugins
11
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

doubtfull solution, if he fires requests that require more than two parameters to crash the server it would block him, if 1 pa

Browse Source
This commit is contained in:
Christian 2020-11-04 20:18:20 +01:00
parent 0b1fee4e78
commit 097e2289d7
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
SMJSONAPI/scripting/SMJSONAPI.sp
View File

@ -147,6 +147,7 @@ static void OnAsyncData(AsyncSocket socket, const char[] data, const int size)
static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse) static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
{ {
int parameter_count_verified = 0;
static char sMethod[32]; static char sMethod[32];
if(jRequest.GetString("method", sMethod, sizeof(sMethod)) < 0) if(jRequest.GetString("method", sMethod, sizeof(sMethod)) < 0)
{ {
@ -174,7 +175,6 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
} }
g_Client_Subscriber[Client] = Subscriber; g_Client_Subscriber[Client] = Subscriber;
} }
return Subscriber_HandleRequest(Subscriber, jRequest, jResponse); return Subscriber_HandleRequest(Subscriber, jRequest, jResponse);
} }
else if(StrEqual(sMethod, "function")) else if(StrEqual(sMethod, "function"))
@ -206,7 +206,9 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
} }
} }
else else
{
Call_StartFunction(INVALID_HANDLE, Fun); Call_StartFunction(INVALID_HANDLE, Fun);
}
JSONArray jArgsArray = view_as<JSONArray>(jRequest.Get("args")); JSONArray jArgsArray = view_as<JSONArray>(jRequest.Get("args"));
if(jArgsArray == null || !jArgsArray.IsArray) if(jArgsArray == null || !jArgsArray.IsArray)
@ -257,6 +259,7 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
Call_PushArrayEx(aiValues[iValues], jValueArray.Length, SM_PARAM_COPYBACK); Call_PushArrayEx(aiValues[iValues], jValueArray.Length, SM_PARAM_COPYBACK);
iValues += jValueArray.Length; iValues += jValueArray.Length;
parameter_count_verified++;
} }
else if(jArrayValue.IsFloat) else if(jArrayValue.IsFloat)
{ {
@ -270,6 +273,7 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
Call_PushArrayEx(afValues[fValues], jValueArray.Length, SM_PARAM_COPYBACK); Call_PushArrayEx(afValues[fValues], jValueArray.Length, SM_PARAM_COPYBACK);
fValues += jValueArray.Length; fValues += jValueArray.Length;
parameter_count_verified++;
} }
/*else if(jArrayValue.IsString) /*else if(jArrayValue.IsString)
{ {
@ -290,9 +294,15 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
view_as<JSONArray>(jArrayValue).GetString(0, sSpecial, sizeof(sSpecial)); view_as<JSONArray>(jArrayValue).GetString(0, sSpecial, sizeof(sSpecial));
if(StrEqual(sSpecial, "NULL_VECTOR")) if(StrEqual(sSpecial, "NULL_VECTOR"))
{
Call_PushArrayEx(NULL_VECTOR, 3, 0); Call_PushArrayEx(NULL_VECTOR, 3, 0);
parameter_count_verified++;
}
else if(StrEqual(sSpecial, "NULL_STRING")) else if(StrEqual(sSpecial, "NULL_STRING"))
{
Call_PushString(NULL_STRING); Call_PushString(NULL_STRING);
parameter_count_verified++;
}
else else
Fail = true; Fail = true;
} }
@ -323,11 +333,13 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
{ {
aiValues[iValues] = view_as<JSONInteger>(jValue).Value; aiValues[iValues] = view_as<JSONInteger>(jValue).Value;
Call_PushCell(aiValues[iValues++]); Call_PushCell(aiValues[iValues++]);
parameter_count_verified++;
} }
else if(jValue.IsFloat) else if(jValue.IsFloat)
{ {
afValues[fValues] = view_as<JSONFloat>(jValue).Value; afValues[fValues] = view_as<JSONFloat>(jValue).Value;
Call_PushFloat(afValues[fValues++]); Call_PushFloat(afValues[fValues++]);
parameter_count_verified++;
} }
else if(jValue.IsString) else if(jValue.IsString)
{ {
@ -335,6 +347,7 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
JSONString jString = view_as<JSONString>(jValue); JSONString jString = view_as<JSONString>(jValue);
jString.GetString(asValues[sValues], sizeof(asValues[])); jString.GetString(asValues[sValues], sizeof(asValues[]));
Call_PushStringEx(asValues[sValues++], sizeof(asValues[]), SM_PARAM_STRING_COPY, SM_PARAM_COPYBACK); Call_PushStringEx(asValues[sValues++], sizeof(asValues[]), SM_PARAM_STRING_COPY, SM_PARAM_COPYBACK);
parameter_count_verified++;
} }
else else
{ {
@ -355,7 +368,21 @@ static int HandleRequest(int Client, JSONObject jRequest, JSONObject jResponse)
} }
delete jValue; delete jValue;
} }
int sm_call_finish_ex_params_size = 2;
if (parameter_count_verified > sm_call_finish_ex_params_size)
{
Call_Cancel();
delete jArgsArray;
char sError[128];
FormatEx(sError, sizeof(sError), "blocking parameterized call %i", parameter_count_verified);
JSONObject jError = new JSONObject();
jError.SetString("error", sError);
jResponse.Set("error", jError);
return -1;
}
int Result; int Result;
static char sException[1024]; static char sException[1024];
int Error = Call_FinishEx(Result, sException, sizeof(sException)); int Error = Call_FinishEx(Result, sException, sizeof(sException));