Fixed: [RPC edit-config payloads are not fully validated](https://github.com/clicon/clixon/issues/337)

apps/backend/backend_client.c

@@ -274,7 +274,15 @@ clixon_stats_module_get(clicon_handle h,
  * @param[in]  regarg  User argument given at rpc_callback_register() 
  * @retval     0       OK
  * @retval    -1       Error
- */
+ * @note  According to RFC 7950 8.3: constraints MUST be enforced:
+ * o  during parsing of RPC payloads
+ * o  during processing of the <edit-config> operation
+ * But Clixon is flexible in allowing invalid XML payload here, only some specialized
+ * validations are made.
+ * However, what really should be done is to apply the change to the datastore and then
+ * validate, if error, discard to previous state. 
+ * But this could discard other previous changes to candidate.
+  */
 static int
 from_client_edit_config(clicon_handle h,
 			cxobj        *xn,
@@ -383,14 +391,19 @@ from_client_edit_config(clicon_handle h,
 	    goto done;
 	goto ok;
     }
+    /* Limited validation of incoming payload
+     */
+    if ((ret = xml_yang_check_list_unique_minmax(xc, &xret)) < 0)
+	goto done;
     /* xmldb_put (difflist handling) requires list keys */
-    if ((ret = xml_yang_validate_list_key_only(xc, &xret)) < 0)
+    if (ret==1 && (ret = xml_yang_validate_list_key_only(xc, &xret)) < 0)
 	goto done;
     if (ret == 0){
 	if (clixon_xml2cbuf(cbret, xret, 0, 0, -1, 0) < 0)
 	    goto done;
 	goto ok;
     }
+
     /* Cant do this earlier since we dont have a yang spec to
      * the upper part of the tree, until we get the "config" tree.
      */
@@ -1234,7 +1247,9 @@ from_client_msg(clicon_handle        h,
 	clicon_err(OE_XML, errno, "cbuf_new");
 	goto done;
     }
-    /* Decode msg from client -> xml top (ct) and session id */
+    /* Decode msg from client -> xml top (ct) and session id 
+     * Bind is a part of the decode function
+     */
     if ((ret = clicon_msg_decode(msg, yspec, &id, &xt, &xret)) < 0){
 	if (netconf_malformed_message(cbret, "XML parse error") < 0)
 	    goto done;