tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-26 23:24:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

API: Handle permission exceptions soon enough, returning 404

Browse Source 
fixes #7513
This commit is contained in:
Michael Friedrich 2019-09-23 09:48:50 +02:00
parent f6205c9d4b
commit f419efd778
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/remote/httphandler.cpp
View File

@ -98,11 +98,22 @@ void HttpHandler::ProcessRequest(
} }
bool processed = false; bool processed = false;
for (const HttpHandler::Ptr& handler : handlers) {
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) { /*
processed = true; * HandleRequest may throw a permission exception.
break; * DO NOT return a specific permission error. This
* allows attackers to guess from words which objects
* do exist.
*/
try {
for (const HttpHandler::Ptr& handler : handlers) {
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
processed = true;
break;
}
} }
} catch (const std::exception&) {
processed = false;
} }
if (!processed) { if (!processed) {