diff options
author | Gabriel Ivascu <gabrielivascu@gnome.org> | 2017-10-02 19:34:07 +0200 |
---|---|---|
committer | Gabriel Ivascu <gabrielivascu@gnome.org> | 2017-10-03 18:29:53 +0200 |
commit | ed405407b24222bd7e33221f95dbdc52f1706004 (patch) | |
tree | 58aba0d5c3df135cfc4eabaff2119a76c8456c40 /lib/safe-browsing/ephy-gsb-service.c | |
parent | 3c8cd6387f85106051c9e674ee8b1e59fb40858c (diff) | |
download | epiphany-ed405407b24222bd7e33221f95dbdc52f1706004.tar.gz |
gsb-service: Check server responses to be a valid JSON object
Diffstat (limited to 'lib/safe-browsing/ephy-gsb-service.c')
-rw-r--r-- | lib/safe-browsing/ephy-gsb-service.c | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c index 4493b0ba0..f0cd458a3 100644 --- a/lib/safe-browsing/ephy-gsb-service.c +++ b/lib/safe-browsing/ephy-gsb-service.c @@ -236,11 +236,15 @@ ephy_gsb_service_fetch_threat_lists (EphyGSBService *self) if (msg->status_code != 200) { LOG ("Failed to fetch the threat lists from the server, got: %u, %s", msg->status_code, msg->response_body->data); - g_object_unref (msg); - return NULL; + goto out; } body_node = json_from_string (msg->response_body->data, NULL); + if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) { + g_warning ("Response is not a valid JSON object"); + goto out; + } + body_obj = json_node_get_object (body_node); if (json_object_has_non_null_array_member (body_obj, "threatLists")) { @@ -262,9 +266,11 @@ ephy_gsb_service_fetch_threat_lists (EphyGSBService *self) } } +out: g_free (url); g_object_unref (msg); - json_node_unref (body_node); + if (body_node) + json_node_unref (body_node); return g_list_reverse (retval); } @@ -280,12 +286,17 @@ ephy_gsb_service_update_thread (GTask *task, JsonArray *responses; SoupMessage *msg = NULL; GList *threat_lists = NULL; - char *url; + char *url = NULL; char *body; g_assert (EPHY_IS_GSB_SERVICE (self)); g_assert (ephy_gsb_storage_is_operable (self->storage)); + /* Set up a default next update time in case of failure or non-existent + * minimum wait duration. + */ + self->next_list_updates_time = CURRENT_TIME + DEFAULT_WAIT_TIME; + ephy_gsb_storage_delete_old_full_hashes (self->storage); /* Fetch and store new threat lists, if any. */ @@ -296,7 +307,7 @@ ephy_gsb_service_update_thread (GTask *task, threat_lists = ephy_gsb_storage_get_threat_lists (self->storage); if (!threat_lists) { - self->next_list_updates_time = CURRENT_TIME + DEFAULT_WAIT_TIME; + LOG ("No threat lists to update"); goto out; } @@ -306,8 +317,6 @@ ephy_gsb_service_update_thread (GTask *task, soup_message_set_request (msg, "application/json", SOUP_MEMORY_TAKE, body, strlen (body)); soup_session_send_message (self->session, msg); - g_free (url); - /* Handle unsuccessful responses. */ if (msg->status_code != 200) { LOG ("Cannot update threat lists, got: %u, %s", msg->status_code, msg->response_body->data); @@ -320,6 +329,11 @@ ephy_gsb_service_update_thread (GTask *task, ephy_gsb_service_reset_back_off_mode (self); body_node = json_from_string (msg->response_body->data, NULL); + if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) { + g_warning ("Response is not a valid JSON object"); + goto out; + } + body_obj = json_node_get_object (body_node); responses = json_object_get_array_member (body_obj, "listUpdateResponses"); @@ -385,11 +399,10 @@ ephy_gsb_service_update_thread (GTask *task, /* Handle the trailing 's' character. */ sscanf (duration_str, "%lfs", &duration); self->next_list_updates_time = CURRENT_TIME + (gint64)ceil (duration); - } else { - self->next_list_updates_time = CURRENT_TIME + DEFAULT_WAIT_TIME; } out: + g_free (url); if (msg) g_object_unref (msg); if (body_node) @@ -601,10 +614,10 @@ ephy_gsb_service_find_full_hashes_cb (SoupSession *session, { FindFullHashesData *data = (FindFullHashesData *)user_data; EphyGSBService *self = data->service; - JsonNode *body_node; + JsonNode *body_node = NULL; JsonObject *body_obj; JsonArray *matches; - GList *hashes_lookup; + GList *hashes_lookup = NULL; const char *duration_str; double duration; @@ -612,15 +625,18 @@ ephy_gsb_service_find_full_hashes_cb (SoupSession *session, if (msg->status_code != 200) { LOG ("Cannot update full hashes, got: %u, %s", msg->status_code, msg->response_body->data); ephy_gsb_service_update_back_off_mode (self); - data->callback (data->threats, data->user_data); - find_full_hashes_data_free (data); - return; + goto out; } /* Successful response, reset back-off mode. */ ephy_gsb_service_reset_back_off_mode (self); body_node = json_from_string (msg->response_body->data, NULL); + if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) { + g_warning ("Response is not a valid JSON object"); + goto out; + } + body_obj = json_node_get_object (body_node); if (json_object_has_non_null_array_member (body_obj, "matches")) { @@ -680,11 +696,13 @@ ephy_gsb_service_find_full_hashes_cb (SoupSession *session, } } +out: data->callback (data->threats, data->user_data); - json_node_unref (body_node); - g_list_free_full (hashes_lookup, (GDestroyNotify)ephy_gsb_hash_full_lookup_free); + if (body_node) + json_node_unref (body_node); find_full_hashes_data_free (data); + g_list_free_full (hashes_lookup, (GDestroyNotify)ephy_gsb_hash_full_lookup_free); } static void |