session: Fix crash when the UCI option 'password' or 'username' is missing

[project/rpcd.git] / session.c

diff --git a/session.c b/session.c
index 3ed45197ab9d039e89a189f6bb5c152fa60c61a8..195d07dd3780a7e2e93c9254b1af7a137bf864d4 100644 (file)
--- a/session.c
+++ b/session.c
@@ -112,7 +112,7 @@ enum {
 static const struct blobmsg_policy dump_policy[__RPC_DUMP_MAX] = {
        [RPC_DUMP_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
        [RPC_DUMP_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 },
-       [RPC_DUMP_EXPIRES] = { .name = "expires", .type = BLOBMSG_TYPE_INT32 },
+       [RPC_DUMP_EXPIRES] = { .name = "expires", .type = BLOBMSG_TYPE_INT64 },
        [RPC_DUMP_DATA] = { .name = "data", .type = BLOBMSG_TYPE_TABLE },
 };
 
@@ -226,7 +226,7 @@ rpc_session_to_blob(struct rpc_session *ses, bool acls)
 
        blobmsg_add_string(&buf, "ubus_rpc_session", ses->id);
        blobmsg_add_u32(&buf, "timeout", ses->timeout);
-       blobmsg_add_u32(&buf, "expires", uloop_timeout_remaining(&ses->t) / 1000);
+       blobmsg_add_u64(&buf, "expires", uloop_timeout_remaining64(&ses->t) / 1000);
 
        if (acls) {
                c = blobmsg_open_table(&buf, "acls");
@@ -795,7 +795,7 @@ rpc_login_test_password(const char *hash, const char *password)
        char *crypt_hash;
 
        /* password is not set */
-       if (!hash || !*hash || !strcmp(hash, "!") || !strcmp(hash, "x"))
+       if (!hash || !*hash)
        {
                return true;
        }
@@ -822,7 +822,7 @@ rpc_login_test_password(const char *hash, const char *password)
 
        crypt_hash = crypt(password, hash);
 
-       return !strcmp(crypt_hash, hash);
+       return (crypt_hash && !strcmp(crypt_hash, hash));
 }
 
 static struct uci_section *
@@ -834,6 +834,12 @@ rpc_login_test_login(struct uci_context *uci,
        struct uci_element *e;
        struct uci_ptr ptr = { .package = "rpcd" };
 
+       if (!uci_lookup_ptr(uci, &ptr, NULL, false) && ptr.p) {
+               uci_unload(uci, ptr.p);
+               ptr.flags = 0;
+               ptr.p = NULL;
+       }
+
        uci_load(uci, ptr.package, &p);
 
        if (!p)
@@ -856,6 +862,9 @@ rpc_login_test_login(struct uci_context *uci,
                if (uci_lookup_ptr(uci, &ptr, NULL, true))
                        continue;
 
+               if (!ptr.o)
+                       continue;
+
                if (ptr.o->type != UCI_TYPE_STRING)
                        continue;
 
@@ -874,6 +883,9 @@ rpc_login_test_login(struct uci_context *uci,
                if (uci_lookup_ptr(uci, &ptr, NULL, true))
                        continue;
 
+               if (!ptr.o)
+                       continue;
+
                if (ptr.o->type != UCI_TYPE_STRING)
                        continue;
 
@@ -1303,7 +1315,7 @@ rpc_session_from_blob(struct uci_context *uci, struct blob_attr *attr)
 
        avl_insert(&sessions, &ses->avl);
 
-       uloop_timeout_set(&ses->t, blobmsg_get_u32(tb[RPC_DUMP_EXPIRES]) * 1000);
+       uloop_timeout_set(&ses->t, blobmsg_get_u64(tb[RPC_DUMP_EXPIRES]) * 1000);
 
        return true;
 }
@@ -1326,7 +1338,7 @@ int rpc_session_api_init(struct ubus_context *ctx)
        };
 
        static struct ubus_object_type session_type =
-               UBUS_OBJECT_TYPE("luci-rpc-session", session_methods);
+               UBUS_OBJECT_TYPE("rpcd-plugin-session", session_methods);
 
        static struct ubus_object obj = {
                .name = "session",