ubus: deny requests with a "ubus_rpc_session" toplevel attribute to prevent injecting...

diff --git a/ubus.c b/ubus.c
index 3c1124662eccc503d969c99a5ecac737bb1a7e95..0d41c2dd6b7f3b712f9dd3e725e7b6f2f0a6f2cc 100644 (file)
--- a/ubus.c
+++ b/ubus.c
@@ -250,8 +250,11 @@ static void uh_ubus_send_request(struct client *cl, json_object *obj, const char
        int ret, rem;
 
        blob_buf_init(&req, 0);
-       blobmsg_for_each_attr(cur, args, rem)
+       blobmsg_for_each_attr(cur, args, rem) {
+               if (!strcmp(blobmsg_name(cur), "ubus_rpc_session"))
+                       return uh_ubus_json_error(cl, ERROR_PARAMS);
                blobmsg_add_blob(&req, cur);
+       }
 
        blobmsg_add_string(&req, "ubus_rpc_session", sid);