summaryrefslogtreecommitdiff
path: root/net-libs/rest/files/0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch
blob: f437c7d9e74dea58884d3fa9cc142c2c3c141fdc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
From 49c2d0ac00b959ce53cc00ca4e7758c21085722f Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 30 Aug 2022 10:59:01 -0700
Subject: [PATCH 2/2] Handle some potential problems in parsing oauth2 access
 tokens

It's possible for `_rest_proxy_send_message` to return `NULL`,
which would mean the `payload` here would be `NULL`. If so,
we're not going to be able to do anything, so we should just
bail out.

It's also possible for `json_parser_load_from_data` to return
`FALSE` without setting an error. The most obvious way would be
if `data` was `NULL`, which the bailout avoids, but it could
also happen if we pass an invalid parser somehow. Let's just
handle that too, to be safe.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 rest/rest-oauth2-proxy.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rest/rest-oauth2-proxy.c b/rest/rest-oauth2-proxy.c
index 9511f97..a715b2b 100644
--- a/rest/rest-oauth2-proxy.c
+++ b/rest/rest-oauth2-proxy.c
@@ -68,18 +68,21 @@ rest_oauth2_proxy_parse_access_token (RestOAuth2Proxy *self,
   gsize size;
   gint expires_in;
   gint created_at;
+  gboolean ret;
 
   g_return_if_fail (REST_IS_OAUTH2_PROXY (self));
+  g_return_if_fail (payload);
 
   data = g_bytes_get_data (payload, &size);
 
   parser = json_parser_new ();
-  json_parser_load_from_data (parser, data, size, &error);
+  ret = json_parser_load_from_data (parser, data, size, &error);
   if (error != NULL)
     {
       g_task_return_error (task, error);
       return;
     }
+  g_return_if_fail (ret);
 
   root = json_parser_get_root (parser);
   root_object = json_node_get_object (root);
-- 
2.37.1