saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Ensure that tokens are hex to avoid hanging/errors in cherrypy

Browse source
This commit is contained in:
Erik Johnson 2018-08-24 10:35:55 -05:00 committed by Ch3LL
parent 4d865b4b9e
commit 652dbf63f4
No known key found for this signature in database
GPG key ID: 132B55A7C13EFA73
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
salt/netapi/rest_cherrypy/app.py
View file

@ -1078,6 +1078,13 @@ class LowDataAdapter(object):
if cherrypy.session.get('groups'):
chunk['__current_eauth_groups'] = cherrypy.session.get('groups')
if 'token' in chunk:
# Make sure that auth token is hex
try:
int(chunk['token'], 16)
except (TypeError, ValueError):
raise cherrypy.HTTPError(401, 'Invalid token')
if client:
chunk['client'] = client
@ -2078,7 +2085,11 @@ class Events(object):
:return bool: True if valid, False if not valid.
'''
if auth_token is None:
# Make sure that auth token is hex. If it's None, or something other
# than hex, this will raise a ValueError.
try:
int(auth_token, 16)
except ValueError:
return False
# First check if the given token is in our session table; if so it's a