From ad6ec011bda921e60f288ee2d64c15b6d0ec3fbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Tue, 29 Oct 2024 22:38:28 +0100 Subject: [PATCH] relay/api: reply HTTP 400 (Bad Request) when the body received is not a dict in websocket data --- CHANGELOG.md | 1 + src/plugins/relay/api/relay-api-protocol.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f80442fa..28babd0de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ - irc: fix crash on /list buffer when a filter is set ([#2197](https://github.com/weechat/weechat/issues/2197)) - exec: fix unexpected execution of command with `/exec -o` when the command starts with two command chars ([#2199](https://github.com/weechat/weechat/issues/2199)) - relay/api: fix empty nicklist in remote buffers after connection or reconnection +- relay/api: reply HTTP 400 (Bad Request) when the body received is not a dict in websocket data - core: always send the signal "buffer_switch", even when the buffer is opening ([#2198](https://github.com/weechat/weechat/issues/2198)) - core: reload all plugins with command `/plugin reload *` - lua: fix compilation on Fedora with Lua < 5.2.0 ([#2173](https://github.com/weechat/weechat/issues/2173), [#2174](https://github.com/weechat/weechat/issues/2174)) diff --git a/src/plugins/relay/api/relay-api-protocol.c b/src/plugins/relay/api/relay-api-protocol.c index 8fb1e274b..db360eab7 100644 --- a/src/plugins/relay/api/relay-api-protocol.c +++ b/src/plugins/relay/api/relay-api-protocol.c @@ -957,6 +957,8 @@ relay_api_protocol_recv_json_request (struct t_relay_client *client, json_body = cJSON_GetObjectItem (json, "body"); if (json_body) { + if (!cJSON_IsObject (json_body)) + goto error; string_body = cJSON_PrintUnformatted (json_body); if (string_body) {