From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Fri, 15 Feb 2019 20:46:59 +0000 (+0100)
Subject: API: improve handling of out of range modified_at value
X-Git-Tag: auth-4.2.0-beta1~19^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1148587f55826b0564765bd1cc97320bfbab7e58;p=pdns

API: improve handling of out of range modified_at value

Fixes #6114.
---

diff --git a/pdns/json.cc b/pdns/json.cc
index 34354655f..b1847d06a 100644
--- a/pdns/json.cc
+++ b/pdns/json.cc
@@ -46,7 +46,11 @@ int intFromJson(const Json container, const std::string& key, const int default_
   if (val.is_number()) {
     return val.int_value();
   } else if (val.is_string()) {
-    return std::stoi(val.string_value());
+    try {
+      return std::stoi(val.string_value());
+    } catch (std::out_of_range&) {
+      throw JsonException("Value for key '" + string(key) + "' is out of range");
+    }
   } else {
     // TODO: check if value really isn't present
     return default_value;
@@ -59,7 +63,11 @@ double doubleFromJson(const Json container, const std::string& key)
   if (val.is_number()) {
     return val.number_value();
   } else if (val.is_string()) {
-    return std::stod(val.string_value());
+    try {
+      return std::stod(val.string_value());
+    } catch (std::out_of_range&) {
+      throw JsonException("Value for key '" + string(key) + "' is out of range");
+    }
   } else {
     throw JsonException("Key '" + string(key) + "' not an Integer or not present");
   }
diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index 9c72fdc10..07325e9de 100644
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -1475,6 +1475,29 @@ $ORIGIN %NAME%
         self.assertNotEquals(serverset['records'], [])
         self.assertEquals(serverset['comments'], [])
 
+    def test_zone_comment_out_of_range_modified_at(self):
+        # Test if comments on an rrset stay intact if the rrset is replaced
+        name, payload, zone = self.create_zone()
+        rrset = {
+            'changetype': 'replace',
+            'name': name,
+            'type': 'NS',
+            'comments': [
+                {
+                    'account': 'test1',
+                    'content': 'oh hi there',
+                    'modified_at': '4294967297'
+                }
+            ]
+        }
+        payload = {'rrsets': [rrset]}
+        r = self.session.patch(
+            self.url("/api/v1/servers/localhost/zones/" + name),
+            data=json.dumps(payload),
+            headers={'content-type': 'application/json'})
+        self.assertEquals(r.status_code, 422)
+        self.assertIn("Value for key 'modified_at' is out of range", r.json()['error'])
+
     def test_zone_comment_stay_intact(self):
         # Test if comments on an rrset stay intact if the rrset is replaced
         name, payload, zone = self.create_zone()