tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-09-22 17:28:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7528 from Icinga/bugfix/api-put-error-handling

Browse Source 
API: Handle permission exceptions soon enough, returning 404
This commit is contained in:
Michael Friedrich 2019-11-15 11:53:59 +01:00 committed by GitHub
commit 38080405df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/remote/httphandler.cpp
View File

@ -98,11 +98,22 @@ void HttpHandler::ProcessRequest(
} }
bool processed = false; bool processed = false;
for (const HttpHandler::Ptr& handler : handlers) {
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) { /*
processed = true; * HandleRequest may throw a permission exception.
break; * DO NOT return a specific permission error. This
* allows attackers to guess from words which objects
* do exist.
*/
try {
for (const HttpHandler::Ptr& handler : handlers) {
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
processed = true;
break;
}
} }
} catch (const std::exception&) {
processed = false;
} }
if (!processed) { if (!processed) {