commit 27d9fe45f7e8f8699c511ac3480fc4a1068af0d6
parent bea6a98935626ea51bf35956e454cd3d3d723491
Author: Kyle Milz <kyle@getaddrinfo.net>
Date: Sun, 22 May 2016 13:06:23 -0600
server: check that received messages have a "data" key
Diffstat:
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/server/sl b/server/sl
@@ -124,6 +124,15 @@ sub handle_message {
}
}
+ # Every message type needs a 'data' key
+ if (! exists $request->{data}) {
+ $logger->error("incoming request had no 'data' key\n");
+ send_msg($client_socket, $ver, $msg_type, make_error("missing 'data' key"));
+
+ $db->{dbh}->commit;
+ return;
+ }
+
# Call appropriate message handler. Each handler returns both data that
# should be sent back over the main socket and notification data that
# gets sent over vendor specific API.
diff --git a/server/t/zero_payload.t b/server/t/zero_payload.t
@@ -13,8 +13,8 @@ for ( $A->msg_str() ) {
my $msg_good = 'a missing message argument was required';
my $log_good = "/bad request, missing key 'device_id'/";
if ($_ eq 'device_add') {
- $msg_good = 'the sent phone number is not a number';
- $log_good = "/phone number invalid/";
+ $msg_good = "missing 'data' key";
+ $log_good = "/incoming request had no 'data' key/";
}
# Send empty dictionary