Skip to content

Commit e811c71

Browse files
ELF-NigelELF-Nigel
committed
Harden download JSON parsing
1 parent 9f93008 commit e811c71

1 file changed

Lines changed: 12 additions & 5 deletions

File tree

auth.cpp

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1960,7 +1960,6 @@ std::vector<unsigned char> KeyAuth::api::download(std::string fileid) {
19601960
return std::vector<unsigned char>(value.data(), value.data() + value.length() );
19611961
};
19621962

1963-
19641963
auto data =
19651964
XorStr("type=file") +
19661965
XorStr("&fileid=") + fileid +
@@ -1970,14 +1969,22 @@ std::vector<unsigned char> KeyAuth::api::download(std::string fileid) {
19701969

19711970
for (int attempt = 0; attempt < 2; ++attempt) {
19721971
auto response = req(data, get_url());
1973-
auto json = response_decoder.parse(response);
1974-
std::string message = json[(XorStr("message"))];
1972+
auto json = nlohmann::json::parse(response, nullptr, false);
1973+
if (json.is_discarded() || !json.is_object()) {
1974+
api::response.success = false;
1975+
api::response.message = XorStr("invalid JSON response from download endpoint");
1976+
api::response.message += " [";
1977+
api::response.message += k_build_tag;
1978+
api::response.message += "]";
1979+
return {};
1980+
}
19751981

19761982
load_response_data(json);
1977-
if (json[XorStr("success")]) {
1983+
const bool success = json.value(XorStr("success"), false);
1984+
if (success) {
19781985
std::string contents;
19791986
const std::string key_contents = XorStr("contents");
1980-
if (json.contains(key_contents) && !json[key_contents].is_null()) {
1987+
if (json.contains(key_contents) && json[key_contents].is_string()) {
19811988
contents = json[key_contents].get<std::string>();
19821989
}
19831990
if (!contents.empty()) {

0 commit comments

Comments
 (0)