Commit dddadad1 authored by Łukasz Nowak's avatar Łukasz Nowak

Do not trust sent content.

parent 848d552e
...@@ -209,7 +209,11 @@ class NetworkcacheClient(object): ...@@ -209,7 +209,11 @@ class NetworkcacheClient(object):
headers=self.shadir_header_dict) headers=self.shadir_header_dict)
data = urllib2.urlopen(request).read() data = urllib2.urlopen(request).read()
# Filtering... # Filtering...
try:
data_list = json.loads(data) data_list = json.loads(data)
except Exception:
raise DirectoryNotFound('It was impossible to parse json response:\n%s'%
traceback.format_exc())
filtered_data_list = [] filtered_data_list = []
if self.signature_certificate_list is not None: if self.signature_certificate_list is not None:
for data in data_list: for data in data_list:
...@@ -227,8 +231,17 @@ class NetworkcacheClient(object): ...@@ -227,8 +231,17 @@ class NetworkcacheClient(object):
'Entries: %s.' % (key, str(data_list))) 'Entries: %s.' % (key, str(data_list)))
information_json, signature = filtered_data_list[0] information_json, signature = filtered_data_list[0]
try:
information_dict = json.loads(information_json) information_dict = json.loads(information_json)
except Exception:
raise DirectoryNotFound('It was impossible to parse json-in-json '
'response:\n%s' % traceback.format_exc())
try:
sha512 = information_dict.get('sha512') sha512 = information_dict.get('sha512')
except Exception:
raise DirectoryNotFound('It was impossible to fetch sha512 from '
'directory response (%r):\n%s' % (information_dict,
traceback.format_exc()))
return self.download(sha512) return self.download(sha512)
def _getSignatureString(self, content): def _getSignatureString(self, content):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment