tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7528 from Icinga/bugfix/api-put-error-handling 

API: Handle permission exceptions soon enough, returning 404
This commit is contained in:
Michael Friedrich 2019-11-15 11:53:59 +01:00 committed by GitHub
parent 09892a9cd5 f419efd778
commit 38080405df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/remote/httphandler.cpp
View File

@ -98,11 +98,22 @@ void HttpHandler::ProcessRequest(
}
bool processed = false;
for (const HttpHandler::Ptr& handler : handlers) {
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
processed = true;
break;
/*
* HandleRequest may throw a permission exception.
* DO NOT return a specific permission error. This
* allows attackers to guess from words which objects
* do exist.
*/
try {
for (const HttpHandler::Ptr& handler : handlers) {
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
processed = true;
break;
}
}
} catch (const std::exception&) {
processed = false;
}
if (!processed) {