connection: check that method arguments exist

The common implementation of `application.callMethod()` involves checking `args.length` which leads to crash if `args` is null or undefined. This commit provides a quick-and-dirty patch for only this vulnerability until the common approach for message sanity checking will have been developed. PR-URL: #100
metarhia · Jan 22, 2018 · c5dcd5d · c5dcd5d
1 parent 18eae58
commit c5dcd5d
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/connection.js b/lib/connection.js
@@ -475,6 +475,10 @@ Connection.prototype._processCallPacket = function(packet, keys) {
 
   const callback = this._remoteCallbackWrapper.bind(this, packetId);
 
+  if (!args) {
+    return callback(errors.ERR_INVALID_SIGNATURE);
+  }
+
   try {
     this.application.callMethod(this,
       interfaceName, methodName, args, callback);