HTTP /restful/rhizome/newsince/... token validation

Ensure that token has the same UUID as the Rhizome database.
2024-12-20 05:37:57 +00:00 · 2013-11-19 16:56:24 +10:30 · 2013-11-19 16:56:24 +10:30 · 6e4acb6ab9
commit 6e4acb6ab9
parent fce0893173
2 changed files with 7 additions and 0 deletions
--- a/rhizome_http.c
+++ b/rhizome_http.c
@ -380,6 +380,8 @@ static int strn_to_list_token(const char *str, uint64_t *rowidp, const char **af
  unsigned char token[sizeof rhizome_db_uuid.u.binary + sizeof *rowidp];
  if (base64url_decode(token, sizeof token, str, 0, afterp, 0, NULL) != sizeof token)
    return 0;
+  if (cmp_uuid_t(&rhizome_db_uuid, (uuid_t *) &token) != 0)
+    return 0;
  memcpy(rowidp, token + sizeof rhizome_db_uuid.u.binary, sizeof *rowidp);
  return 1;
 }
--- a/uuid.h
+++ b/uuid.h
@ -22,6 +22,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 #include <stdint.h>
 #include <alloca.h>
+#include <string.h>
 #include "strbuf.h"

 #ifndef __SERVALDNA_UUID_H_INLINE
@ -73,6 +74,10 @@ enum uuid_version {
  UUID_VERSION_NAME_SHA1 = 5
 };

+__SERVALDNA_UUID_H_INLINE int cmp_uuid_t(const uuid_t *a, const uuid_t *b) {
+  return memcmp(a->u.binary, b->u.binary, sizeof a->u.binary);
+}
+
 __SERVALDNA_UUID_H_INLINE int uuid_is_valid(const uuid_t *any_uuid) {
  return (any_uuid->u.record.clock_seq_hi_and_reserved & 0xc0) == 0x80;
 }