server: Don't accept out-of-range bank/client/slot numbers on REST
Change-Id: Id0c9dcda58d1f85df431a74bbfba06cfaa0af69d
diff --git a/src/server/rest_api.c b/src/server/rest_api.c
index abd46b9..ff1b588 100644
--- a/src/server/rest_api.c
+++ b/src/server/rest_api.c
@@ -86,6 +86,8 @@
return -EINVAL;
bslot->bank_id = json_integer_value(jbank_id);
bslot->slot_nr = json_integer_value(jslot_nr);
+ if (bslot->bank_id > 1023 || bslot->slot_nr > 1023)
+ return -EINVAL;
return 0;
}
@@ -110,6 +112,8 @@
return -EINVAL;
cslot->client_id = json_integer_value(jclient_id);
cslot->slot_nr = json_integer_value(jslot_nr);
+ if (cslot->client_id > 1023 || cslot->slot_nr > 1023)
+ return -EINVAL;
return 0;
}