API: Don't crash when given non-string as nameserver

Fixes #1375.

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 0cf9dec7ace021ac8ed7af88e4b0032025f82783..1d6dc1bc903ba75adb761491d41c44a0db677063 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -419,6 +419,12 @@ static void apiServerZones(HttpRequest* req, HttpResponse* resp) {
     if (!nameservers.IsArray() || nameservers.Size() == 0)
       throw ApiException("Need at least one nameserver");
 
+    for (SizeType i = 0; i < nameservers.Size(); ++i) {
+      if (!nameservers[i].IsString()) {
+        throw ApiException("Nameservers must be strings.");
+      }
+    }
+
     // no going back after this
     if(!B.createDomain(zonename))
       throw ApiException("Creating domain '"+zonename+"' failed");

diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index 451bba361aebaf638239d2dd16cbbc8a9f48281a..e8ea4f6d2564299ccd9eff9c5048f20ab7c4137e 100644 (file)
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -76,6 +76,21 @@ class AuthZones(ApiTestCase):
                 self.assertEquals(data[k], payload[k])
         self.assertEquals(data['id'], expected_id)
 
+    def test_CreateZoneWithNameserversNonString(self):
+        # ensure we don't crash
+        name = unique_zone_name()
+        payload = {
+            'name': name,
+            'kind': 'Native',
+            'nameservers': [{'a': 'ns1.example.com'}]  # invalid
+        }
+        print payload
+        r = self.session.post(
+            self.url("/servers/localhost/zones"),
+            data=json.dumps(payload),
+            headers={'content-type': 'application/json'})
+        self.assertEquals(r.status_code, 422)
+
     def test_GetZoneWithSymbols(self):
         payload, data = self.create_zone(name='foo/bar.'+unique_zone_name())
         name = payload['name']