commando: fix crash when rune is completely bogus.

The error routine returns a string literal in this case, which we can't take(). Reported-by: @jb55 Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-12-19 07:04:22 +01:00 · 2022-07-21 11:19:38 +09:30
parent 43e5ef3cc4
commit aaf743e438
2 changed files with 11 additions and 2 deletions
--- a/plugins/commando.c
+++ b/plugins/commando.c
@@ -344,10 +344,11 @@ static const char *check_rune(const tal_t *ctx,
 	cinfo.params = params;
 	cinfo.usage = NULL;
 	strmap_init(&cinfo.cached_params);
-	err = rune_test(ctx, master_rune, rune, check_condition, &cinfo);
+	err = rune_test(tmpctx, master_rune, rune, check_condition, &cinfo);
 	/* Just in case they manage to make us speak non-JSON, escape! */
 	if (err)
-		err = json_escape(ctx, take(err))->s;
+		err = json_escape(ctx, err)->s;
+
 	strmap_clear(&cinfo.cached_params);

 	/* If it succeeded, *now* we increment any associated usage counter. */
--- a/tests/test_plugin.py
+++ b/tests/test_plugin.py
@@ -2559,6 +2559,14 @@ def test_commando(node_factory, executor):
        fut.result(10)

    rune = l1.rpc.commando_rune()['rune']
+
+    # Bad rune fails
+    with pytest.raises(RpcError, match="Not authorized: Not derived from master"):
+        l2.rpc.call(method='commando',
+                    payload={'peer_id': l1.info['id'],
+                             'rune': 'VXY4AAkrPyH2vzSvOHnI7PDVfS6O04bRQLUCIUFJD5Y9NjQmbWV0aG9kPWludm9pY2UmcmF0ZT0yMZ==',
+                             'method': 'listpeers'})
+
    # This works
    res = l2.rpc.call(method='commando',
                      payload={'peer_id': l1.info['id'],