Skip to content

Commit

Permalink
Check room_name and prevent access to user array
Browse files Browse the repository at this point in the history
  • Loading branch information
Chi-EEE committed Dec 14, 2023
1 parent 73f420e commit 0cb55f7
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
14 changes: 13 additions & 1 deletion app/backend/src/controllers/WebSocketChat.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ void WebSocketChat::handleConnectionClosed(const drogon::WebSocketConnectionPtr&

auto& room = RoomManager::instance()->getRoom(room_name);
room->removeUser(user);
if (room->getUsers().empty()) {
if (room->isEmpty()) {
RoomManager::instance()->removeRoom(room_name);
};

Expand Down Expand Up @@ -232,6 +232,12 @@ void WebSocketChat::handleNewConnection(const drogon::HttpRequestPtr& req,
inline void WebSocketChat::handleCreateRequest(const drogon::HttpRequestPtr& req, const drogon::WebSocketConnectionPtr& conn)
{
std::string room_name = req->getParameter("room_name");
// https://stackoverflow.com/a/6319898 : Remove all characters not string or number
room_name.erase(std::remove_if(room_name.begin(), room_name.end(), (int(*)(int))std::isalnum), room_name.end());
if (room_name.size() < 3) {
conn->forceClose();
return;
}
if (RoomManager::instance()->hasRoom(room_name)) {
spdlog::error("Room {} already exists | WebSocketChat::handleCreateRequest", room_name);
conn->forceClose();
Expand All @@ -257,6 +263,12 @@ inline void WebSocketChat::handleCreateRequest(const drogon::HttpRequestPtr& req
inline void WebSocketChat::handleJoinRequest(const drogon::HttpRequestPtr& req, const drogon::WebSocketConnectionPtr& conn)
{
std::string room_name = req->getParameter("room_name");
// https://stackoverflow.com/a/6319898 : Remove all characters not string or number
room_name.erase(std::remove_if(room_name.begin(), room_name.end(), (int(*)(int))std::isalnum), room_name.end());
if (room_name.size() < 3) {
conn->forceClose();
return;
}
if (!RoomManager::instance()->hasRoom(room_name)) {
spdlog::error("Room {} does not exist | WebSocketChat::handleJoinRequest", room_name);
conn->forceClose();
Expand Down
8 changes: 6 additions & 2 deletions app/backend/src/room/Room.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,12 @@ class Room
// TODO: Check if owner / car_user has left the room
}

std::vector<std::shared_ptr<User>> getUsers() {
return this->users;
int getSize() const {
return this->users.size();
}

bool isEmpty() const {
return this->users.size() == 0;
}

private:
Expand Down

0 comments on commit 0cb55f7

Please sign in to comment.