Added checks to avoid negative integers in API requests (issue meetec…

…ho#241)
speak · Jun 8, 2015 · 9fad3f1 · 9fad3f1
1 parent ba64263
commit 9fad3f1
Show file tree

Hide file tree

Showing 8 changed files with 148 additions and 148 deletions.
diff --git a/janus.c b/janus.c
@@ -940,8 +940,8 @@ int janus_process_incoming_request(janus_request_source *source, json_t *root) {
 		json_t *id = json_object_get(root, "id");
 		if(id != NULL) {
 			/* The application provided the session ID to use */
-			if(!json_is_integer(id)) {
-				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (id should be an integer)");
+			if(!json_is_integer(id) || json_integer_value(id) < 0) {
+				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (id should be a positive integer)");
 				goto jsondone;
 			}
 			session_id = json_integer_value(id);
@@ -1591,8 +1591,8 @@ int janus_process_incoming_request(janus_request_source *source, json_t *root) {
 					ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_MISSING_MANDATORY_ELEMENT, "Trickle error: missing mandatory element (sdpMLineIndex)");
 					goto jsondone;
 				}
-				if(!json_is_integer(mline)) {
-					ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Trickle error: invalid element type (sdpMLineIndex should be an integer)");
+				if(!json_is_integer(mline) || json_integer_value(mline) < 0) {
+					ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Trickle error: invalid element type (sdpMLineIndex should be a positive integer)");
 					goto jsondone;
 				}
 				json_t *rc = json_object_get(candidate, "candidate");
@@ -1712,8 +1712,8 @@ int janus_process_incoming_request(janus_request_source *source, json_t *root) {
 						JANUS_LOG(LOG_WARN, "Trickle error: ignoring candidate at index %zu, missing mandatory element (sdpMLineIndex)\n", i);
 						continue;
 					}
-					if(!json_is_integer(mline)) {
-						JANUS_LOG(LOG_WARN, "Trickle error: ignoring candidate at index %zu, invalid element type (sdpMLineIndex should be an integer)\n", i);
+					if(!json_is_integer(mline) || json_integer_value(mline) < 0) {
+						JANUS_LOG(LOG_WARN, "Trickle error: ignoring candidate at index %zu, invalid element type (sdpMLineIndex should be a positive integer)\n", i);
 						continue;
 					}
 					json_t *rc = json_object_get(candidate, "candidate");
@@ -2122,8 +2122,8 @@ int janus_process_incoming_admin_request(janus_request_source *source, json_t *r
 				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_MISSING_MANDATORY_ELEMENT, "Missing mandatory element (level)");
 				goto jsondone;
 			}
-			if(!json_is_integer(level)) {
-				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (level should be an integer)");
+			if(!json_is_integer(level) || json_integer_value(level) < 0) {
+				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (level should be a positive integer)");
 				goto jsondone;
 			}
 			int level_num = json_integer_value(level);
@@ -2153,8 +2153,8 @@ int janus_process_incoming_admin_request(janus_request_source *source, json_t *r
 				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_MISSING_MANDATORY_ELEMENT, "Missing mandatory element (debug)");
 				goto jsondone;
 			}
-			if(!json_is_integer(debug)) {
-				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (debug should be an integer)");
+			if(!json_is_integer(debug) || json_integer_value(debug) < 0) {
+				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (debug should be a positive integer)");
 				goto jsondone;
 			}
 			int debug_num = json_integer_value(debug);
@@ -2181,8 +2181,8 @@ int janus_process_incoming_admin_request(janus_request_source *source, json_t *r
 				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_MISSING_MANDATORY_ELEMENT, "Missing mandatory element (debug)");
 				goto jsondone;
 			}
-			if(!json_is_integer(debug)) {
-				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (debug should be an integer)");
+			if(!json_is_integer(debug) || json_integer_value(debug) < 0) {
+				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (debug should be a positive integer)");
 				goto jsondone;
 			}
 			int debug_num = json_integer_value(debug);
@@ -2213,8 +2213,8 @@ int janus_process_incoming_admin_request(janus_request_source *source, json_t *r
 				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_MISSING_MANDATORY_ELEMENT, "Missing mandatory element (max_nack_queue)");
 				goto jsondone;
 			}
-			if(!json_is_integer(mnq)) {
-				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (max_nack_queue should be an integer)");
+			if(!json_is_integer(mnq) || json_integer_value(mnq) < 0) {
+				ret = janus_process_error(source, session_id, transaction_text, JANUS_ERROR_INVALID_ELEMENT_TYPE, "Invalid element type (max_nack_queue should be a positive integer)");
 				goto jsondone;
 			}
 			int mnq_num = json_integer_value(mnq);

diff --git a/plugins/janus_audiobridge.c b/plugins/janus_audiobridge.c
@@ -985,10 +985,10 @@ struct janus_plugin_result *janus_audiobridge_handle_message(janus_plugin_sessio
 			goto error;
 		}
 		json_t *sampling = json_object_get(root, "sampling");
-		if(sampling && !json_is_integer(sampling)) {
-			JANUS_LOG(LOG_ERR, "Invalid element (sampling should be an integer)\n");
+		if(sampling && (!json_is_integer(sampling) || json_integer_value(sampling) < 0)) {
+			JANUS_LOG(LOG_ERR, "Invalid element (sampling should be a positive integer)\n");
 			error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-			g_snprintf(error_cause, 512, "Invalid element (sampling should be an integer)");
+			g_snprintf(error_cause, 512, "Invalid element (sampling should be a positive integer)");
 			goto error;
 		}
 		json_t *record = json_object_get(root, "record");
@@ -1007,10 +1007,10 @@ struct janus_plugin_result *janus_audiobridge_handle_message(janus_plugin_sessio
 		}
 		guint64 room_id = 0;
 		json_t *room = json_object_get(root, "room");
-		if(room && !json_is_integer(room)) {
-			JANUS_LOG(LOG_ERR, "Invalid element (room should be an integer)\n");
+		if(room && (!json_is_integer(room) || json_integer_value(room) < 0)) {
+			JANUS_LOG(LOG_ERR, "Invalid element (room should be a positive integer)\n");
 			error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-			g_snprintf(error_cause, 512, "Invalid element (room should be an integer)");
+			g_snprintf(error_cause, 512, "Invalid element (room should be a positive integer)");
 			goto error;
 		} else {
 			room_id = json_integer_value(room);
@@ -1141,10 +1141,10 @@ struct janus_plugin_result *janus_audiobridge_handle_message(janus_plugin_sessio
 			g_snprintf(error_cause, 512, "Missing element (room)");
 			goto error;
 		}
-		if(!json_is_integer(room)) {
-			JANUS_LOG(LOG_ERR, "Invalid element (room should be an integer)\n");
+		if(!json_is_integer(room) || json_integer_value(room) < 0) {
+			JANUS_LOG(LOG_ERR, "Invalid element (room should be a positive integer)\n");
 			error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-			g_snprintf(error_cause, 512, "Invalid element (room should be an integer)");
+			g_snprintf(error_cause, 512, "Invalid element (room should be a positive integer)");
 			goto error;
 		}
 		guint64 room_id = json_integer_value(room);
@@ -1264,10 +1264,10 @@ struct janus_plugin_result *janus_audiobridge_handle_message(janus_plugin_sessio
 			g_snprintf(error_cause, 512, "Missing element (room)");
 			goto error;
 		}
-		if(!json_is_integer(room)) {
-			JANUS_LOG(LOG_ERR, "Invalid element (room should be an integer)\n");
+		if(!json_is_integer(room) || json_integer_value(room) < 0) {
+			JANUS_LOG(LOG_ERR, "Invalid element (room should be a positive integer)\n");
 			error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-			g_snprintf(error_cause, 512, "Invalid element (room should be an integer)");
+			g_snprintf(error_cause, 512, "Invalid element (room should be a positive integer)");
 			goto error;
 		}
 		guint64 room_id = json_integer_value(room);
@@ -1282,8 +1282,8 @@ struct janus_plugin_result *janus_audiobridge_handle_message(janus_plugin_sessio
 	} else if(!strcasecmp(request_text, "listparticipants")) {
 		/* List all participants in a room */	
 		json_t *room = json_object_get(root, "room");
-		if(!room || !json_is_integer(room)) {
-			JANUS_LOG(LOG_ERR, "Invalid request, room number must be included in request and must be an integer\n");
+		if(!room || !json_is_integer(room) || json_integer_value(room) < 0) {
+			JANUS_LOG(LOG_ERR, "Invalid request, room number must be included in request and must be a positive integer\n");
 			error_code = JANUS_AUDIOBRIDGE_ERROR_MISSING_ELEMENT;
 			g_snprintf(error_cause, 512, "Missing element (room)");
 			goto error;
@@ -1613,10 +1613,10 @@ static void *janus_audiobridge_handler(void *data) {
 				g_snprintf(error_cause, 512, "Missing element (room)");
 				goto error;
 			}
-			if(!json_is_integer(room)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (room should be an integer)\n");
+			if(!json_is_integer(room) || json_integer_value(room) < 0) {
+				JANUS_LOG(LOG_ERR, "Invalid element (room should be a positive integer)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (room should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (room should be a positive integer)");
 				goto error;
 			}
 			guint64 room_id = json_integer_value(room);
@@ -1646,26 +1646,26 @@ static void *janus_audiobridge_handler(void *data) {
 				goto error;
 			}
 			json_t *quality = json_object_get(root, "quality");
-			if(quality && !json_is_integer(quality)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (quality should be an integer)\n");
+			if(quality && (!json_is_integer(quality) || json_integer_value(quality) < 0)) {
+				JANUS_LOG(LOG_ERR, "Invalid element (quality should be a positive integer)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (quality should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (quality should be a positive integer)");
 				goto error;
 			}
 			int complexity = quality ? json_integer_value(quality) : DEFAULT_COMPLEXITY;
 			if(complexity < 1 || complexity > 10) {
-				JANUS_LOG(LOG_ERR, "Invalid element (quality should be an integer between 1 and 10)\n");
+				JANUS_LOG(LOG_ERR, "Invalid element (quality should be a positive integer between 1 and 10)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (quality should be an integer between 1 and 10)");
+				g_snprintf(error_cause, 512, "Invalid element (quality should be a positive integer between 1 and 10)");
 				goto error;
 			}
 			guint64 user_id = 0;
 			json_t *id = json_object_get(root, "id");
 			if(id) {
-				if(!json_is_integer(id)) {
-					JANUS_LOG(LOG_ERR, "Invalid element (id should be an integer)\n");
+				if(!json_is_integer(id) || json_integer_value(id) < 0) {
+					JANUS_LOG(LOG_ERR, "Invalid element (id should be a positive integer)\n");
 					error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-					g_snprintf(error_cause, 512, "Invalid element (id should be an integer)");
+					g_snprintf(error_cause, 512, "Invalid element (id should be a positive integer)");
 					goto error;
 				}
 				user_id = json_integer_value(id);
@@ -1861,18 +1861,18 @@ static void *janus_audiobridge_handler(void *data) {
 				goto error;
 			}
 			json_t *quality = json_object_get(root, "quality");
-			if(quality && !json_is_integer(quality)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (quality should be an integer)\n");
+			if(quality && (!json_is_integer(quality) || json_integer_value(quality) < 0)) {
+				JANUS_LOG(LOG_ERR, "Invalid element (quality should be a positive integer)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (quality should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (quality should be a positive integer)");
 				goto error;
 			}
 			if(quality) {
 				int complexity = quality ? json_integer_value(quality) : DEFAULT_COMPLEXITY;
 				if(complexity < 1 || complexity > 10) {
-					JANUS_LOG(LOG_ERR, "Invalid element (quality should be an integer between 1 and 10)\n");
+					JANUS_LOG(LOG_ERR, "Invalid element (quality should be a positive integer between 1 and 10)\n");
 					error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-					g_snprintf(error_cause, 512, "Invalid element (quality should be an integer between 1 and 10)");
+					g_snprintf(error_cause, 512, "Invalid element (quality should be a positive integer between 1 and 10)");
 					goto error;
 				}
 				participant->opus_complexity = complexity;
@@ -1949,10 +1949,10 @@ static void *janus_audiobridge_handler(void *data) {
 				g_snprintf(error_cause, 512, "Missing element (room)");
 				goto error;
 			}
-			if(!json_is_integer(room)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (room should be an integer)\n");
+			if(!json_is_integer(room) || json_integer_value(room) < 0) {
+				JANUS_LOG(LOG_ERR, "Invalid element (room should be a positive integer)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (room should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (room should be a positive integer)");
 				goto error;
 			}
 			guint64 room_id = json_integer_value(room);
@@ -1982,26 +1982,26 @@ static void *janus_audiobridge_handler(void *data) {
 				goto error;
 			}
 			json_t *quality = json_object_get(root, "quality");
-			if(quality && !json_is_integer(quality)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (quality should be an integer)\n");
+			if(quality && (!json_is_integer(quality) || json_integer_value(quality) < 0)) {
+				JANUS_LOG(LOG_ERR, "Invalid element (quality should be a positive integer)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (quality should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (quality should be a positive integer)");
 				goto error;
 			}
 			int complexity = quality ? json_integer_value(quality) : DEFAULT_COMPLEXITY;
 			if(complexity < 1 || complexity > 10) {
-				JANUS_LOG(LOG_ERR, "Invalid element (quality should be an integer between 1 and 10)\n");
+				JANUS_LOG(LOG_ERR, "Invalid element (quality should be a positive integer between 1 and 10)\n");
 				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (quality should be an integer between 1 and 10)");
+				g_snprintf(error_cause, 512, "Invalid element (quality should be a positive integer between 1 and 10)");
 				goto error;
 			}
 			guint64 user_id = 0;
 			json_t *id = json_object_get(root, "id");
 			if(id) {
-				if(!json_is_integer(id)) {
-					JANUS_LOG(LOG_ERR, "Invalid element (id should be an integer)\n");
+				if(!json_is_integer(id) || json_integer_value(id) < 0) {
+					JANUS_LOG(LOG_ERR, "Invalid element (id should be a positive integer)\n");
 					error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
-					g_snprintf(error_cause, 512, "Invalid element (id should be an integer)");
+					g_snprintf(error_cause, 512, "Invalid element (id should be a positive integer)");
 					goto error;
 				}
 				user_id = json_integer_value(id);

diff --git a/plugins/janus_echotest.c b/plugins/janus_echotest.c
@@ -671,10 +671,10 @@ static void *janus_echotest_handler(void *data) {
 			goto error;
 		}
 		json_t *bitrate = json_object_get(root, "bitrate");
-		if(bitrate && !json_is_integer(bitrate)) {
-			JANUS_LOG(LOG_ERR, "Invalid element (bitrate should be an integer)\n");
+		if(bitrate && (!json_is_integer(bitrate) || json_integer_value(bitrate) < 0)) {
+			JANUS_LOG(LOG_ERR, "Invalid element (bitrate should be a positive integer)\n");
 			error_code = JANUS_ECHOTEST_ERROR_INVALID_ELEMENT;
-			g_snprintf(error_cause, 512, "Invalid value (bitrate should be an integer)");
+			g_snprintf(error_cause, 512, "Invalid value (bitrate should be a positive integer)");
 			goto error;
 		}
 		if(audio) {

diff --git a/plugins/janus_recordplay.c b/plugins/janus_recordplay.c
@@ -794,21 +794,21 @@ struct janus_plugin_result *janus_recordplay_handle_message(janus_plugin_session
 	} else if(!strcasecmp(request_text, "configure")) {
 		json_t *video_bitrate_max = json_object_get(root, "video-bitrate-max");
 		if(video_bitrate_max) {
-			if(!json_is_integer(video_bitrate_max)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (video-bitrate-max should be an integer)\n");
+			if(!json_is_integer(video_bitrate_max) || json_integer_value(video_bitrate_max) < 0) {
+				JANUS_LOG(LOG_ERR, "Invalid element (video-bitrate-max should be a positive integer)\n");
 				error_code = JANUS_RECORDPLAY_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (video-bitrate-max should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (video-bitrate-max should be a positive integer)");
 				goto error;
 			}
 			session->video_bitrate = json_integer_value(video_bitrate_max);
 			JANUS_LOG(LOG_VERB, "Video bitrate has been set to %"SCNu64"\n", session->video_bitrate);
 		}
 		json_t *video_keyframe_interval= json_object_get(root, "video-keyframe-interval");
 		if(video_keyframe_interval) {
-			if(!json_is_integer(video_keyframe_interval)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (video-keyframe-interval should be an integer)\n");
+			if(!json_is_integer(video_keyframe_interval) || json_integer_value(video_keyframe_interval) < 0) {
+				JANUS_LOG(LOG_ERR, "Invalid element (video-keyframe-interval should be a positive integer)\n");
 				error_code = JANUS_RECORDPLAY_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (video-keyframe-interval should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (video-keyframe-interval should be a positive integer)");
 				goto error;
 			}
 			session->video_keyframe_interval = json_integer_value(video_keyframe_interval);
@@ -1257,10 +1257,10 @@ static void *janus_recordplay_handler(void *data) {
 				g_snprintf(error_cause, 512, "Missing element (id)");
 				goto error;
 			}
-			if(!json_is_integer(id)) {
-				JANUS_LOG(LOG_ERR, "Invalid element (id should be an integer)\n");
+			if(!json_is_integer(id) || json_integer_value(id) < 0) {
+				JANUS_LOG(LOG_ERR, "Invalid element (id should be a positive integer)\n");
 				error_code = JANUS_RECORDPLAY_ERROR_INVALID_ELEMENT;
-				g_snprintf(error_cause, 512, "Invalid element (id should be an integer)");
+				g_snprintf(error_cause, 512, "Invalid element (id should be a positive integer)");
 				goto error;
 			}
 			guint64 id_value = json_integer_value(id);