izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add additional pin validation (#2007)

Browse Source
This commit is contained in:
ReenigneArcher
2024-01-13 22:03:49 -05:00
committed by GitHub
parent 545af98459
commit 937d0d810c
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/nvhttp.cpp
View File

@@ -324,6 +324,7 @@ namespace nvhttp {
tree.put("root.plaincert", util::hex_vec(conf_intern.servercert, true)); tree.put("root.plaincert", util::hex_vec(conf_intern.servercert, true));
tree.put("root.<xmlattr>.status_code", 200); tree.put("root.<xmlattr>.status_code", 200);
} }
void void
serverchallengeresp(pair_session_t &sess, pt::ptree &tree, const args_t &args) { serverchallengeresp(pair_session_t &sess, pt::ptree &tree, const args_t &args) {
auto encrypted_response = util::from_hex_vec(get_arg(args, "serverchallengeresp"), true); auto encrypted_response = util::from_hex_vec(get_arg(args, "serverchallengeresp"), true);
@@ -573,6 +574,23 @@ namespace nvhttp {
return false; return false;
} }
// ensure pin is 4 digits
if (pin.size() != 4) {
tree.put("root.paired", 0);
tree.put("root.<xmlattr>.status_code", 400);
tree.put(
"root.<xmlattr>.status_message", "Pin must be 4 digits, " + std::to_string(pin.size()) + " provided");
return false;
}
// ensure all pin characters are numeric
if (!std::all_of(pin.begin(), pin.end(), ::isdigit)) {
tree.put("root.paired", 0);
tree.put("root.<xmlattr>.status_code", 400);
tree.put("root.<xmlattr>.status_message", "Pin must be numeric");
return false;
}
auto &sess = std::begin(map_id_sess)->second; auto &sess = std::begin(map_id_sess)->second;
getservercert(sess, tree, pin); getservercert(sess, tree, pin);