validate webserver parameters

diff --git a/pdns/statbag.cc b/pdns/statbag.cc
index e4cc283fa7223c1c51987576fbb1f5b7c2fd827d..40a98d3f228f6d3020506eaa6ccc4642c6e9b692 100644 (file)
--- a/pdns/statbag.cc
+++ b/pdns/statbag.cc
@@ -302,4 +302,7 @@ vector<string>StatBag::listRings()
   return ret;
 }
 
-
+bool StatBag::ringExists(const string &name)
+{
+  return d_rings.count(name);
+}

diff --git a/pdns/statbag.hh b/pdns/statbag.hh
index ca7af1a64072e0686f2fad579ddde578fd97eefa..4baabbd8e011a505d3605f5ed920be3bdf5e79b1 100644 (file)
--- a/pdns/statbag.hh
+++ b/pdns/statbag.hh
@@ -86,6 +86,7 @@ public:
   }
 
   vector<string>listRings();
+  bool ringExists(const string &name);
   void resetRing(const string &name);
   void resizeRing(const string &name, unsigned int newsize);
   unsigned int getRingSize(const string &name);

diff --git a/pdns/ws.cc b/pdns/ws.cc
index 8346f3e9f8563d0e196932a3409886fc3ab19b45..533f66337357c5b246d84087982af1e2a1512dc2 100644 (file)
--- a/pdns/ws.cc
+++ b/pdns/ws.cc
@@ -187,14 +187,17 @@ string StatWebServer::makePercentage(const double& val)
 
 void StatWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
 {
-  if(!req->parameters["resetring"].empty()){
-    S.resetRing(req->parameters["resetring"]);
+  if(!req->parameters["resetring"].empty()) {
+    if (S.ringExists(req->parameters["resetring"]))
+      S.resetRing(req->parameters["resetring"]);
     resp->status = 301;
     resp->headers["Location"] = "/";
     return;
   }
   if(!req->parameters["resizering"].empty()){
-    S.resizeRing(req->parameters["resizering"], atoi(req->parameters["size"].c_str()));
+    int size=atoi(req->parameters["size"].c_str());
+    if (S.ringExists(req->parameters["resizering"]) && size > 0 && size <= 500000)
+      S.resizeRing(req->parameters["resizering"], atoi(req->parameters["size"].c_str()));
     resp->status = 301;
     resp->headers["Location"] = "/";
     return;