diff options
Diffstat (limited to 'src/exchange/taler-exchange-httpd_withdraw.c')
| -rw-r--r-- | src/exchange/taler-exchange-httpd_withdraw.c | 4 | 
1 files changed, 4 insertions, 0 deletions
| diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index 7572f85d..3799187c 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -535,6 +535,10 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc,    /* Clean up and send back final response */    GNUNET_JSON_parse_free (spec); +  // FIXME: in CS-case, we MUST re-transmit any _existing_ signature +  // (if database had a record matching the nonce) +  // instead of sending a 'fresh' one back (as c0/c1 may differ in +  // a client attack!    {      MHD_RESULT ret; | 
