From 087421efd9d923eeb0a1f1cec8dc1d81c2242ee6 Mon Sep 17 00:00:00 2001 From: Vincenzo Palazzo Date: Thu, 26 Aug 2021 11:11:40 +0200 Subject: [PATCH] Required jsonrpc inside the method request. As the json rpc specification tell, the "jsonrpc": "2.0" MUST be required. Signed-off-by: Vincenzo Palazzo --- lightningd/jsonrpc.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/lightningd/jsonrpc.c b/lightningd/jsonrpc.c index 1859325b2622..3a8c1cc918a8 100644 --- a/lightningd/jsonrpc.c +++ b/lightningd/jsonrpc.c @@ -700,7 +700,7 @@ static void replace_command(struct rpc_command_hook_payload *p, const char *buffer, const jsmntok_t *replacetok) { - const jsmntok_t *method = NULL, *params = NULL; + const jsmntok_t *method = NULL, *params = NULL, *jsonrpc = NULL; const char *bad; /* Must contain "method", "params" and "id" */ @@ -732,6 +732,12 @@ static void replace_command(struct rpc_command_hook_payload *p, goto fail; } + jsonrpc = json_get_member(buffer, replacetok, "jsonrpc"); + if (!jsonrpc || jsonrpc->type != JSMN_STRING || !json_tok_streq(buffer, jsonrpc, "2.0")) { + bad = "jsonrpc: \"2.0\" must be specified in the request"; + goto fail; + } + was_pending(command_exec(p->cmd->jcon, p->cmd, buffer, replacetok, params)); return; @@ -864,7 +870,7 @@ REGISTER_PLUGIN_HOOK(rpc_command, static struct command_result * parse_request(struct json_connection *jcon, const jsmntok_t tok[]) { - const jsmntok_t *method, *id, *params; + const jsmntok_t *method, *id, *params, *jsonrpc; struct command *c; struct rpc_command_hook_payload *rpc_hook; bool completed; @@ -878,17 +884,24 @@ parse_request(struct json_connection *jcon, const jsmntok_t tok[]) method = json_get_member(jcon->buffer, tok, "method"); params = json_get_member(jcon->buffer, tok, "params"); id = json_get_member(jcon->buffer, tok, "id"); + jsonrpc = json_get_member(jcon->buffer, tok, "jsonrpc"); if (!id) { json_command_malformed(jcon, "null", "No id"); return NULL; } + if (id->type != JSMN_STRING && id->type != JSMN_PRIMITIVE) { json_command_malformed(jcon, "null", "Expected string/primitive for id"); return NULL; } + if (!jsonrpc || jsonrpc->type != JSMN_STRING || !json_tok_streq(jcon->buffer, jsonrpc, "2.0")) { + json_command_malformed(jcon, "null", "jsonrpc: \"2.0\" must be specified in the request"); + return NULL; + } + /* Allocate the command off of the `jsonrpc` object and not * the connection since the command may outlive `conn`. */ c = tal(jcon->ld->jsonrpc, struct command);