From: Chris Hofstaedtler Date: Fri, 15 Feb 2019 20:46:59 +0000 (+0100) Subject: API: improve handling of out of range modified_at value X-Git-Tag: auth-4.2.0-beta1~19^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1148587f55826b0564765bd1cc97320bfbab7e58;p=pdns API: improve handling of out of range modified_at value Fixes #6114. --- diff --git a/pdns/json.cc b/pdns/json.cc index 34354655f..b1847d06a 100644 --- a/pdns/json.cc +++ b/pdns/json.cc @@ -46,7 +46,11 @@ int intFromJson(const Json container, const std::string& key, const int default_ if (val.is_number()) { return val.int_value(); } else if (val.is_string()) { - return std::stoi(val.string_value()); + try { + return std::stoi(val.string_value()); + } catch (std::out_of_range&) { + throw JsonException("Value for key '" + string(key) + "' is out of range"); + } } else { // TODO: check if value really isn't present return default_value; @@ -59,7 +63,11 @@ double doubleFromJson(const Json container, const std::string& key) if (val.is_number()) { return val.number_value(); } else if (val.is_string()) { - return std::stod(val.string_value()); + try { + return std::stod(val.string_value()); + } catch (std::out_of_range&) { + throw JsonException("Value for key '" + string(key) + "' is out of range"); + } } else { throw JsonException("Key '" + string(key) + "' not an Integer or not present"); } diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py index 9c72fdc10..07325e9de 100644 --- a/regression-tests.api/test_Zones.py +++ b/regression-tests.api/test_Zones.py @@ -1475,6 +1475,29 @@ $ORIGIN %NAME% self.assertNotEquals(serverset['records'], []) self.assertEquals(serverset['comments'], []) + def test_zone_comment_out_of_range_modified_at(self): + # Test if comments on an rrset stay intact if the rrset is replaced + name, payload, zone = self.create_zone() + rrset = { + 'changetype': 'replace', + 'name': name, + 'type': 'NS', + 'comments': [ + { + 'account': 'test1', + 'content': 'oh hi there', + 'modified_at': '4294967297' + } + ] + } + payload = {'rrsets': [rrset]} + r = self.session.patch( + self.url("/api/v1/servers/localhost/zones/" + name), + data=json.dumps(payload), + headers={'content-type': 'application/json'}) + self.assertEquals(r.status_code, 422) + self.assertIn("Value for key 'modified_at' is out of range", r.json()['error']) + def test_zone_comment_stay_intact(self): # Test if comments on an rrset stay intact if the rrset is replaced name, payload, zone = self.create_zone()