Merge pull request #2244 from contiki-os/revert-2213-mqtt-html-sanitize

Revert "Validate MQTT broker IP and escape quotes when displaying"
This commit is contained in:
George Oikonomou 2017-06-03 00:00:22 +01:00 committed by GitHub
commit 6e3387c830
2 changed files with 5 additions and 47 deletions

View file

@ -137,10 +137,6 @@ PROCESS(httpd_simple_process, "CC26XX Web Server");
#define REQUEST_TYPE_GET 1 #define REQUEST_TYPE_GET 1
#define REQUEST_TYPE_POST 2 #define REQUEST_TYPE_POST 2
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/* Temporary buffer for holding escaped HTML used by html_escape_quotes */
#define HTML_ESCAPED_BUFFER_SIZE 128
static char html_escaped_buf[HTML_ESCAPED_BUFFER_SIZE];
/*---------------------------------------------------------------------------*/
static const char *NOT_FOUND = "<html><body bgcolor=\"white\">" static const char *NOT_FOUND = "<html><body bgcolor=\"white\">"
"<center>" "<center>"
"<h1>404 - file not found</h1>" "<h1>404 - file not found</h1>"
@ -309,30 +305,6 @@ url_unescape(const char *src, size_t srclen, char *dst, size_t dstlen)
return i == srclen; return i == srclen;
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static char*
html_escape_quotes(const char *src)
{
memset(html_escaped_buf, 0, HTML_ESCAPED_BUFFER_SIZE);
size_t dstpos = 0;
for(size_t i = 0; i < HTML_ESCAPED_BUFFER_SIZE; i++) {
if(src[i] == '\0') {
break;
} else if(src[i] == '"') {
if(dstpos + 6 > HTML_ESCAPED_BUFFER_SIZE) {
break;
}
strcpy(&html_escaped_buf[dstpos], "&quot;");
dstpos += 6;
} else {
html_escaped_buf[dstpos++] = src[i];
}
}
html_escaped_buf[HTML_ESCAPED_BUFFER_SIZE - 1] = '\0';
return html_escaped_buf;
}
/*---------------------------------------------------------------------------*/
void void
httpd_simple_register_post_handler(httpd_simple_post_handler_t *h) httpd_simple_register_post_handler(httpd_simple_post_handler_t *h)
{ {
@ -703,8 +675,7 @@ PT_THREAD(generate_mqtt_config(struct httpd_state *s))
config_div_right)); config_div_right));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "value=\"%s\" ", enqueue_chunk(s, 0, "value=\"%s\" ",
html_escape_quotes( cc26xx_web_demo_config.mqtt_config.type_id));
cc26xx_web_demo_config.mqtt_config.type_id)));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "name=\"type_id\">%s", config_div_close)); enqueue_chunk(s, 0, "name=\"type_id\">%s", config_div_close));
@ -716,8 +687,7 @@ PT_THREAD(generate_mqtt_config(struct httpd_state *s))
config_div_right)); config_div_right));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "value=\"%s\" ", enqueue_chunk(s, 0, "value=\"%s\" ",
html_escape_quotes( cc26xx_web_demo_config.mqtt_config.org_id));
cc26xx_web_demo_config.mqtt_config.org_id)));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "name=\"org_id\">%s", config_div_close)); enqueue_chunk(s, 0, "name=\"org_id\">%s", config_div_close));
@ -741,8 +711,7 @@ PT_THREAD(generate_mqtt_config(struct httpd_state *s))
config_div_right)); config_div_right));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "value=\"%s\" ", enqueue_chunk(s, 0, "value=\"%s\" ",
html_escape_quotes( cc26xx_web_demo_config.mqtt_config.cmd_type));
cc26xx_web_demo_config.mqtt_config.cmd_type)));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "name=\"cmd_type\">%s", enqueue_chunk(s, 0, "name=\"cmd_type\">%s",
config_div_close)); config_div_close));
@ -755,8 +724,7 @@ PT_THREAD(generate_mqtt_config(struct httpd_state *s))
config_div_right)); config_div_right));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "value=\"%s\" ", enqueue_chunk(s, 0, "value=\"%s\" ",
html_escape_quotes( cc26xx_web_demo_config.mqtt_config.event_type_id));
cc26xx_web_demo_config.mqtt_config.event_type_id)));
PT_WAIT_THREAD(&s->generate_pt, PT_WAIT_THREAD(&s->generate_pt,
enqueue_chunk(s, 0, "name=\"event_type_id\">%s", enqueue_chunk(s, 0, "name=\"event_type_id\">%s",
config_div_close)); config_div_close));

View file

@ -64,9 +64,6 @@
*/ */
static const char *broker_ip = "0064:ff9b:0000:0000:0000:0000:b8ac:7cbd"; static const char *broker_ip = "0064:ff9b:0000:0000:0000:0000:b8ac:7cbd";
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
#define ADDRESS_CONVERSION_OK 1
#define ADDRESS_CONVERSION_ERROR 0
/*---------------------------------------------------------------------------*/
/* /*
* A timeout used when waiting for something to happen (e.g. to connect or to * A timeout used when waiting for something to happen (e.g. to connect or to
* disconnect) * disconnect)
@ -359,14 +356,7 @@ ip_addr_post_handler(char *key, int key_len, char *val, int val_len)
return HTTPD_SIMPLE_POST_HANDLER_UNKNOWN; return HTTPD_SIMPLE_POST_HANDLER_UNKNOWN;
} }
/* if(val_len > MQTT_CLIENT_CONFIG_IP_ADDR_STR_LEN) {
* uiplib_ip6addrconv will immediately start writing into the supplied buffer
* even if it subsequently fails. Thus, pass an intermediate buffer
*/
uip_ip6addr_t tmp_addr;
if(val_len > MQTT_CLIENT_CONFIG_IP_ADDR_STR_LEN
|| uiplib_ip6addrconv(val, &tmp_addr) != ADDRESS_CONVERSION_OK) {
/* Ours but bad value */ /* Ours but bad value */
rv = HTTPD_SIMPLE_POST_HANDLER_ERROR; rv = HTTPD_SIMPLE_POST_HANDLER_ERROR;
} else { } else {