commit ada1b460f1fa2b8a92956f378a64ac52a555c7e4
parent bc372439252338443b7651019d55a19c96db0945
Author: kyle <kyle@0x30.net>
Date: Fri, 1 Jan 2016 23:39:16 -0700
sl: add list id checks for join_list
- before join_list would happily try and add you to a nonexistent list
- introduce list_id_valid() which can check if a given list id is valid
- add a new test, join_list_unit, to test this message types basic
functionality
Diffstat:
4 files changed, 76 insertions(+), 1 deletion(-)
diff --git a/sl b/sl
@@ -280,6 +280,9 @@ sub msg_join_list
return "err\0$err";
}
+ my $err = list_id_valid($sth_ref, $list_id);
+ return "err\0$err" if ($err);
+
log_print("join_list: device '$device_id'\n");
log_print("join_list: list '$list_id'\n");
@@ -290,7 +293,8 @@ sub msg_join_list
$sth{new_list_member}->execute($list_id, $device_id, $time);
log_print("join_list: device '$device_id' has been added to list '$list_id'\n");
} else {
- log_print("join_list: tried to create a duplicate list member entry for device $device_id and list $list_id\n");
+ log_print("join_list: tried to create a duplicate list member entry for device '$device_id' and list '$list_id'\n");
+ return "err\0the device is already part of this list";
}
return "ok\0$list_id";
@@ -570,6 +574,23 @@ sub device_id_invalid
return;
}
+sub list_id_valid {
+ my ($sth_ref, $list_id) = @_;
+
+ unless ($list_id =~ m/^[a-zA-Z0-9+\/=]*$/) {
+ log_print("list_id_valid: '$list_id' not base64\n");
+ return "the client sent a list id that was not base64";
+ }
+
+ $sth_ref->{list_select}->execute($list_id);
+ unless ($sth_ref->{list_select}->fetchrow_array()) {
+ log_print("list_id_valid: unknown list '$list_id'\n");
+ return "the client sent an unknown list id";
+ }
+
+ return;
+}
+
sub create_tables {
my $db_handle = DBI->connect(
@@ -641,6 +662,9 @@ sub prepare_stmt_handles {
my $sql;
# list table queries
+ $sql = qq{select * from lists where list_id = ?};
+ $stmt_handles{list_select} = $dbh->prepare($sql);
+
$sql = qq{insert into lists (list_id, name, first_created, last_updated)
values (?, ?, ?, ?)};
$stmt_handles{new_list} = $dbh->prepare($sql);
diff --git a/tests/join_list_unit/Makefile b/tests/join_list_unit/Makefile
@@ -0,0 +1 @@
+include ../test.mk
diff --git a/tests/join_list_unit/server.log.good b/tests/join_list_unit/server.log.good
@@ -0,0 +1,12 @@
+accepting connections on <ip>:<port> (pid = <digits>)
+new connection (pid = <digits>)
+ssl ok, ver = 'TLSv1_2' cipher = 'ECDHE-RSA-AES128-SHA256'
+new_device: success, <digits>:<base64> os <base64>
+list_id_valid: unknown list <base64>
+new_list: <string>
+new_list: adding first member devid = <base64>
+new_list: fingerprint = <base64>
+join_list: device <base64>
+join_list: list <base64>
+join_list: tried to create a duplicate list member entry for device <base64> and list <base64>
+disconnected!
diff --git a/tests/join_list_unit/test.pl b/tests/join_list_unit/test.pl
@@ -0,0 +1,38 @@
+#!/usr/bin/perl -I../
+use strict;
+use warnings;
+use test;
+
+# sanity checks the join_list message
+
+my $socket = new_socket();
+my $phnum = rand_phnum();
+
+send_msg($socket, 'new_device', "$phnum\0unix");
+my ($msg_data) = recv_msg($socket, 'new_device');
+
+my $device_id = check_status($msg_data, 'ok');
+
+# try joining a list that doesn't exist
+send_msg($socket, 'join_list', "$device_id\0listdoesntexist");
+($msg_data) = recv_msg($socket, 'join_list');
+
+my $msg = check_status($msg_data, 'err');
+my $msg_good = "the client sent an unknown list id";
+
+fail "unexpected message '$msg', expected '$msg_good'" if ($msg ne $msg_good);
+
+# test joining a list your already in
+send_msg($socket, 'new_list', "$device_id\0some new list");
+($msg_data) = recv_msg($socket, 'new_list');
+
+$msg = check_status($msg_data, 'ok');
+my ($list_id) = unpack('Z*', $msg);
+
+send_msg($socket, 'join_list', "$device_id\0$list_id");
+($msg_data) = recv_msg($socket, 'join_list');
+
+$msg = check_status($msg_data, 'err');
+$msg_good = "the device is already part of this list";
+
+fail "unexpected message '$msg', expected '$msg_good'" if ($msg ne $msg_good);