server: Don't accept out-of-range bank/client/slot numbers on REST Change-Id: Id0c9dcda58d1f85df431a74bbfba06cfaa0af69d

commit: f43babac56e2c5ad06e8d9a31170bf220d7f3240 [log] [tgz]
author: Harald Welte <laforge@osmocom.org> Thu Feb 20 18:45:59 2020 +0100
committer: Harald Welte <laforge@osmocom.org> Thu Feb 20 18:52:24 2020 +0100
tree: 4275322dbfe9a8513fe37a84bd90367885543438
parent: 44866d501beefd6b294c8e10c38caa227c9b7445 [diff] [blame]
diff --git a/src/server/rest_api.c b/src/server/rest_api.c
index abd46b9..ff1b588 100644
--- a/src/server/rest_api.c
+++ b/src/server/rest_api.c

@@ -86,6 +86,8 @@
 		return -EINVAL;
 	bslot->bank_id = json_integer_value(jbank_id);
 	bslot->slot_nr = json_integer_value(jslot_nr);
+	if (bslot->bank_id > 1023 || bslot->slot_nr > 1023)
+		return -EINVAL;
 	return 0;
 }
 
@@ -110,6 +112,8 @@
 		return -EINVAL;
 	cslot->client_id = json_integer_value(jclient_id);
 	cslot->slot_nr = json_integer_value(jslot_nr);
+	if (cslot->client_id > 1023 || cslot->slot_nr > 1023)
+		return -EINVAL;
 	return 0;
 }
commit	f43babac56e2c5ad06e8d9a31170bf220d7f3240	[log] [tgz]
author	Harald Welte <laforge@osmocom.org>	Thu Feb 20 18:45:59 2020 +0100
committer	Harald Welte <laforge@osmocom.org>	Thu Feb 20 18:52:24 2020 +0100
tree	4275322dbfe9a8513fe37a84bd90367885543438
parent	44866d501beefd6b294c8e10c38caa227c9b7445 [diff] [blame]