relay/api: return an error 400 when URL parameters "nicks", "lines" and "lines_free" have an invalid value

src/plugins/relay/api/relay-api-protocol.c

@@ -579,7 +579,13 @@ RELAY_API_PROTOCOL_CALLBACK(buffers)
         }
     }
 
-    nicks = relay_http_get_param_boolean (client->http_req, "nicks", 0);
+    if (!relay_http_get_param_boolean (client->http_req, "nicks", 0, &nicks))
+    {
+        relay_api_msg_send_error_json (client, RELAY_HTTP_400_BAD_REQUEST, NULL,
+                                       "Invalid parameter \"%s\"",
+                                       "nicks");
+        return RELAY_API_PROTOCOL_RC_OK;
+    }
     colors = RELAY_API_COLORS_ANSI;
     ptr_colors = weechat_hashtable_get (client->http_req->params, "colors");
     if (ptr_colors)
@@ -623,7 +629,16 @@ RELAY_API_PROTOCOL_CALLBACK(buffers)
             }
             else
             {
-                lines = relay_http_get_param_long (client->http_req, "lines", LONG_MAX);
+                if (!relay_http_get_param_long (client->http_req, "lines", LONG_MAX, &lines))
+                {
+                    relay_api_msg_send_error_json (
+                        client,
+                        RELAY_HTTP_400_BAD_REQUEST,
+                        NULL,
+                        "Invalid query string parameter \"%s\"",
+                        "lines");
+                    return RELAY_API_PROTOCOL_RC_OK;
+                }
                 json = relay_api_msg_lines_to_json (ptr_buffer, lines, colors);
                 if (json)
                 {
@@ -655,10 +670,29 @@ RELAY_API_PROTOCOL_CALLBACK(buffers)
     }
     else
     {
-        lines = relay_http_get_param_long (client->http_req, "lines", 0L);
-        lines_free = relay_http_get_param_long (client->http_req,
-                                                "lines_free",
-                                                (lines == 0) ? 0 : LONG_MAX);
+        if (!relay_http_get_param_long (client->http_req, "lines", 0L, &lines))
+        {
+            relay_api_msg_send_error_json (
+                client,
+                RELAY_HTTP_400_BAD_REQUEST,
+                NULL,
+                "Invalid query string parameter \"%s\"",
+                "lines");
+            return RELAY_API_PROTOCOL_RC_OK;
+        }
+        if (!relay_http_get_param_long (client->http_req,
+                                        "lines_free",
+                                        (lines == 0) ? 0 : LONG_MAX,
+                                        &lines_free))
+        {
+            relay_api_msg_send_error_json (
+                client,
+                RELAY_HTTP_400_BAD_REQUEST,
+                NULL,
+                "Invalid query string parameter \"%s\"",
+                "lines_free");
+            return RELAY_API_PROTOCOL_RC_OK;
+        }
         if (ptr_buffer)
         {
             json = relay_api_msg_buffer_to_json (ptr_buffer, lines, lines_free,

src/plugins/relay/relay-http.c

@@ -170,45 +170,65 @@ relay_http_url_decode (const char *url)
 }
 
 /*
- * Returns value of an URL parameter as boolean (0 or 1), using a default value
- * if the parameter is not set.
+ * Reads value of an URL parameter as boolean (0 or 1) into *value.
+ * If the parameter is not in URL, the default value is used.
+ *
+ * Returns:
+ *   1: OK, *value is set
+ *   0: error (URL parameter has invalid format)
  */
 
 int
 relay_http_get_param_boolean (struct t_relay_http_request *request,
-                              const char *name, int default_value)
+                              const char *name, int default_value,
+                              int *value)
 {
     const char *ptr_value;
 
-    ptr_value = weechat_hashtable_get (request->params, name);
-    if (!ptr_value)
-        return default_value;
+    if (!value)
+        return 0;
 
-    return weechat_config_string_to_boolean (ptr_value);
+    ptr_value = weechat_hashtable_get (request->params, name);
+    *value = (ptr_value) ?
+        weechat_config_string_to_boolean (ptr_value) : default_value;
+
+    return 1;
 }
 
 /*
- * Returns value of an URL parameter as long, using a default value if the
- * parameter is not set or if it's not a valid long integer.
+ * Reads value of an URL parameter as long into *value.
+ * If the parameter is not in URL, the default value is used.
+ *
+ * Returns:
+ *   1: OK, *value is set
+ *   0: error (URL parameter has invalid format)
  */
 
-long
+int
 relay_http_get_param_long (struct t_relay_http_request *request,
-                           const char *name, long default_value)
+                           const char *name, long default_value,
+                           long *value)
 {
     const char *ptr_value;
     char *error;
     long number;
 
+    if (!value)
+        return 0;
+
     ptr_value = weechat_hashtable_get (request->params, name);
-    if (!ptr_value)
-        return default_value;
-
-    number = strtol (ptr_value, &error, 10);
-    if (error && !error[0])
-        return number;
-
-    return default_value;
+    if (ptr_value)
+    {
+        number = strtol (ptr_value, &error, 10);
+        if (!error || error[0])
+            return 0;
+        *value = number;
+    }
+    else
+    {
+        *value = default_value;
+    }
+    return 1;
 }
 
 /*

src/plugins/relay/relay-http.h

@@ -94,9 +94,11 @@ struct t_relay_http_response
 extern void relay_http_request_reinit (struct t_relay_http_request *request);
 extern struct t_relay_http_request *relay_http_request_alloc (void);
 extern int relay_http_get_param_boolean (struct t_relay_http_request *request,
-                                         const char *name, int default_value);
-extern long relay_http_get_param_long (struct t_relay_http_request *request,
-                                       const char *name, long default_value);
+                                         const char *name, int default_value,
+                                         int *value);
+extern int relay_http_get_param_long (struct t_relay_http_request *request,
+                                      const char *name, long default_value,
+                                      long *value);
 extern int relay_http_parse_method_path (struct t_relay_http_request *request,
                                          const char *method_path);
 extern int relay_http_check_auth (struct t_relay_client *client);