From 29fe7a813b17af898dbe0c4e978dd05766f41aec Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Wed, 7 Jan 2015 11:30:01 +0100
Subject: [PATCH] jsonrpc-s: safety check for str value of jsonrpc and method
 fileds

- reported by Alex Balashov
---
 modules/jsonrpc-s/jsonrpc-s_mod.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/jsonrpc-s/jsonrpc-s_mod.c b/modules/jsonrpc-s/jsonrpc-s_mod.c
index b004108231f..2946288ebfa 100644
--- a/modules/jsonrpc-s/jsonrpc-s_mod.c
+++ b/modules/jsonrpc-s/jsonrpc-s_mod.c
@@ -935,8 +935,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
 
 	/* sanity checks on jsonrpc request */
 	nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "jsonrpc");
-	if(nj==NULL) {
-		LM_ERR("missing jsonrpc field in request\n");
+	if(nj==NULL || nj->valuestring==NULL) {
+		LM_ERR("missing or invalid jsonrpc field in request\n");
 		goto send_reply;
 	}
 	val.s = nj->valuestring;
@@ -947,8 +947,8 @@ static int jsonrpc_dispatch(sip_msg_t* msg, char* s1, char* s2)
 	}
 	/* run jsonrpc command */
 	nj = srjson_GetObjectItem(ctx->jreq, ctx->jreq->root, "method");
-	if(nj==NULL) {
-		LM_ERR("missing jsonrpc method field in request\n");
+	if(nj==NULL || nj->valuestring==NULL) {
+		LM_ERR("missing or invalid jsonrpc method field in request\n");
 		goto send_reply;
 	}
 	val.s = nj->valuestring;