commando: fix crash when rune is completely bogus.

rustyrussell · niftynei · commit aaf743e43849 · 2022-07-21T15:37:05.000-05:00
The error routine returns a string literal in this case, which we can't take(). Reported-by: @jb55 Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
diff --git a/plugins/commando.c b/plugins/commando.c
@@ -344,10 +344,11 @@ static const char *check_rune(const tal_t *ctx,
 	cinfo.params = params;
 	cinfo.usage = NULL;
 	strmap_init(&cinfo.cached_params);
-	err = rune_test(ctx, master_rune, rune, check_condition, &cinfo);
+	err = rune_test(tmpctx, master_rune, rune, check_condition, &cinfo);
 	/* Just in case they manage to make us speak non-JSON, escape! */
 	if (err)
-		err = json_escape(ctx, take(err))->s;
+		err = json_escape(ctx, err)->s;
+
 	strmap_clear(&cinfo.cached_params);
 
 	/* If it succeeded, *now* we increment any associated usage counter. */
diff --git a/tests/test_plugin.py b/tests/test_plugin.py
@@ -2559,6 +2559,14 @@ def test_commando(node_factory, executor):
         fut.result(10)
 
     rune = l1.rpc.commando_rune()['rune']
+
+    # Bad rune fails
+    with pytest.raises(RpcError, match="Not authorized: Not derived from master"):
+        l2.rpc.call(method='commando',
+                    payload={'peer_id': l1.info['id'],
+                             'rune': 'VXY4AAkrPyH2vzSvOHnI7PDVfS6O04bRQLUCIUFJD5Y9NjQmbWV0aG9kPWludm9pY2UmcmF0ZT0yMZ==',
+                             'method': 'listpeers'})
+
     # This works
     res = l2.rpc.call(method='commando',
                       payload={'peer_id': l1.info['id'],
