From cf0249b4438b8859c97e5c499db1de5615e7e6ae Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 21 Sep 2015 15:33:27 +0200 Subject: fix NPE if denomination key not found --- src/mint/taler-mint-httpd_refresh.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'src/mint/taler-mint-httpd_refresh.c') diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index b54b2010..bb1c570f 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -61,6 +61,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, { unsigned int i; struct TMH_KS_StateHandle *key_state; + struct TALER_MINTDB_DenominationKeyIssueInformation *dk; struct TALER_MINTDB_DenominationKeyInformationP *dki; struct TALER_Amount cost; struct TALER_Amount total_cost; @@ -76,9 +77,17 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, key_state = TMH_KS_acquire (); for (i=0;iissue; + dk = TMH_KS_denomination_key_lookup (key_state, + &denom_pubs[i], + TMH_KS_DKU_WITHDRAW); + if (NULL == dk) + { + GNUNET_break_op (0); + TMH_KS_release (key_state); + return TMH_RESPONSE_reply_arg_invalid (connection, + "new_denoms"); + } + dki = &dk->issue; TALER_amount_ntoh (&value, &dki->properties.value); TALER_amount_ntoh (&fee_withdraw, -- cgit v1.2.3 From 49739455b0c522a9257966dcad92a76081450009 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 21 Sep 2015 15:39:59 +0200 Subject: fix NPE if denomination key not found --- src/mint/taler-mint-httpd.c | 26 ++++++++++++++++++++++++++ src/mint/taler-mint-httpd_db.c | 34 +++++++++++++++++++++++----------- src/mint/taler-mint-httpd_deposit.c | 2 +- src/mint/taler-mint-httpd_refresh.c | 13 ++++++++++--- 4 files changed, 60 insertions(+), 15 deletions(-) (limited to 'src/mint/taler-mint-httpd_refresh.c') diff --git a/src/mint/taler-mint-httpd.c b/src/mint/taler-mint-httpd.c index 55ecd58d..328fa035 100644 --- a/src/mint/taler-mint-httpd.c +++ b/src/mint/taler-mint-httpd.c @@ -609,6 +609,31 @@ connection_done (void *cls, #endif +/** + * Function called for logging by MHD. + * + * @param cls closure, NULL + * @param fm format string (`printf()`-style) + * @param ap arguments to @a fm + */ +static void +handle_mhd_logs (void *cls, + const char *fm, + va_list ap) +{ + char buf[2048]; + + vsnprintf (buf, + sizeof (buf), + fm, + ap); + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libmicrohttpd", + "%s", + buf); +} + + /** * The main function of the taler-mint-httpd server ("the mint"). * @@ -665,6 +690,7 @@ main (int argc, serve_port, NULL, NULL, &handle_mhd_request, NULL, + MHD_OPTION_EXTERNAL_LOGGER, &handle_mhd_logs, NULL, MHD_OPTION_NOTIFY_COMPLETED, &handle_mhd_completion_callback, NULL, MHD_OPTION_CONNECTION_TIMEOUT, connection_timeout, #if HAVE_DEVELOPER diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index dad06e8e..5918607c 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -187,6 +187,12 @@ TMH_DB_execute_deposit (struct MHD_Connection *connection, dki = TMH_KS_denomination_key_lookup (mks, &deposit->coin.denom_pub, TMH_KS_DKU_DEPOSIT); + if (NULL == dki) + { + TMH_KS_release (mks); + return TMH_RESPONSE_reply_arg_invalid (connection, + "denom_pub"); + } TALER_amount_ntoh (&value, &dki->issue.properties.value); TMH_KS_release (mks); @@ -386,6 +392,13 @@ execute_reserve_withdraw_transaction (struct MHD_Connection *connection, tdki = TMH_KS_denomination_key_lookup (key_state, &pos->details.withdraw->denom_pub, TMH_KS_DKU_WITHDRAW); + if (NULL == tdki) + { + GNUNET_break (0); + TMH_plugin->rollback (TMH_plugin->cls, + session); + return TMH_RESPONSE_reply_internal_db_error (connection); + } TALER_amount_ntoh (&value, &tdki->issue.properties.value); if (0 == (res & 2)) @@ -587,6 +600,7 @@ refresh_accept_melts (struct MHD_Connection *connection, const struct TMH_DB_MeltDetails *coin_details, uint16_t oldcoin_index) { + struct TALER_MINTDB_DenominationKeyIssueInformation *dk; struct TALER_MINTDB_DenominationKeyInformationP *dki; struct TALER_MINTDB_TransactionList *tl; struct TALER_Amount coin_value; @@ -595,16 +609,15 @@ refresh_accept_melts (struct MHD_Connection *connection, struct TALER_MINTDB_RefreshMelt melt; int res; - dki = &TMH_KS_denomination_key_lookup (key_state, - &coin_details->coin_info.denom_pub, - TMH_KS_DKU_DEPOSIT)->issue; - - if (NULL == dki) + dk = TMH_KS_denomination_key_lookup (key_state, + &coin_details->coin_info.denom_pub, + TMH_KS_DKU_DEPOSIT); + if (NULL == dk) return (MHD_YES == TMH_RESPONSE_reply_arg_unknown (connection, "denom_pub")) ? GNUNET_NO : GNUNET_SYSERR; - + dki = &dk->issue; TALER_amount_ntoh (&coin_value, &dki->properties.value); /* fee for THIS transaction; the melt amount includes the fee! */ @@ -934,7 +947,7 @@ check_commitment (struct MHD_Connection *connection, &commit_links[j].transfer_pub, sizeof (struct TALER_TransferPublicKeyP))) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "transfer keys do not match\n"); GNUNET_free (commit_links); return send_melt_commitment_error (connection, @@ -966,7 +979,7 @@ check_commitment (struct MHD_Connection *connection, &last_shared_secret, sizeof (struct GNUNET_HashCode))) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "shared secrets do not match\n"); GNUNET_free (commit_links); return send_melt_commitment_error (connection, @@ -1041,7 +1054,7 @@ check_commitment (struct MHD_Connection *connection, commit_coins[j].coin_ev, buf_len)) ) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "blind envelope does not match for k=%u, old=%d\n", off, (int) j); @@ -1389,7 +1402,6 @@ handle_transfer_data (void *cls, session_hash); if (NULL == ldl) { - GNUNET_break (0); ctx->status = GNUNET_NO; if (MHD_NO == TMH_RESPONSE_reply_json_pack (ctx->connection, @@ -1463,7 +1475,7 @@ TMH_DB_execute_refresh_link (struct MHD_Connection *connection, for (i=0;ifree_link_data_list (TMH_plugin->cls, ctx.sessions[i].ldl); - GNUNET_free (ctx.sessions); + GNUNET_free_non_null (ctx.sessions); return res; } diff --git a/src/mint/taler-mint-httpd_deposit.c b/src/mint/taler-mint-httpd_deposit.c index c6ebe1d0..39696f47 100644 --- a/src/mint/taler-mint-httpd_deposit.c +++ b/src/mint/taler-mint-httpd_deposit.c @@ -111,7 +111,7 @@ verify_and_execute_deposit (struct MHD_Connection *connection, TMH_KS_release (key_state); return TMH_DB_execute_deposit (connection, - deposit); + deposit); } diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index bb1c570f..72288b0a 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -115,9 +115,16 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, { /* calculate contribution of the i-th melt by subtracting the fee; add the rest to the total_melt value */ - dki = &TMH_KS_denomination_key_lookup (key_state, - &coin_melt_details[i].coin_info.denom_pub, - TMH_KS_DKU_DEPOSIT)->issue; + dk = TMH_KS_denomination_key_lookup (key_state, + &coin_melt_details[i].coin_info.denom_pub, + TMH_KS_DKU_DEPOSIT); + if (NULL == dk) + { + GNUNET_break (0); + return TMH_RESPONSE_reply_arg_invalid (connection, + "denom_pub"); + } + dki = &dk->issue; TALER_amount_ntoh (&fee_melt, &dki->properties.fee_refresh); if (GNUNET_OK != -- cgit v1.2.3 From 3cb9cc788711cc2cc4eda0e06799f6628623e827 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 22 Sep 2015 09:09:42 +0200 Subject: do not try to free NULL --- src/mint-lib/test-mint-home/config/mint-common.conf | 2 +- src/mint/taler-mint-httpd_refresh.c | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'src/mint/taler-mint-httpd_refresh.c') diff --git a/src/mint-lib/test-mint-home/config/mint-common.conf b/src/mint-lib/test-mint-home/config/mint-common.conf index b2b94826..1a61f4f8 100644 --- a/src/mint-lib/test-mint-home/config/mint-common.conf +++ b/src/mint-lib/test-mint-home/config/mint-common.conf @@ -17,7 +17,7 @@ MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG DB = postgres # Is this is a testcase, use transient DB actions? -TESTRUN = YES +TESTRUN = NO [mintdb-postgres] diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 72288b0a..29fd4bae 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -536,7 +536,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection, free_commit_coins (commit_coin, TALER_CNC_KAPPA, num_newcoins); - GNUNET_free (link_enc); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } rcc->refresh_link -- cgit v1.2.3 From 3c8c127e0e629f4075287ad33e54d5c51b24eddb Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 22 Sep 2015 10:00:01 +0200 Subject: fixing use of wrong array length (bad), and misc leaks --- src/mint/taler-mint-httpd_refresh.c | 94 +++++++++++------------------------ src/mint/taler-mint-httpd_responses.c | 2 +- src/mint/taler-mint-httpd_wire.c | 1 + src/mint/test_taler_mint_httpd_afl.sh | 8 ++- 4 files changed, 38 insertions(+), 67 deletions(-) (limited to 'src/mint/taler-mint-httpd_refresh.c') diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 29fd4bae..4d89fe89 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -417,10 +417,8 @@ handle_refresh_melt_json (struct MHD_Connection *connection, &denom_pubs[i].rsa_public_key); if (GNUNET_OK != res) { - for (j=0;jrefresh_link = TALER_refresh_link_encrypted_decode (link_enc, @@ -563,19 +539,11 @@ handle_refresh_melt_json (struct MHD_Connection *connection, TMH_PARSE_JNC_RET_DATA, &rcl->transfer_pub, sizeof (struct TALER_TransferPublicKeyP)); - if (GNUNET_OK != res) { GNUNET_break_op (0); - GNUNET_break (GNUNET_SYSERR != res); - GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, - TALER_CNC_KAPPA, - num_newcoins); - free_commit_links (commit_link, - TALER_CNC_KAPPA, - num_oldcoins); - return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + goto cleanup; } res = TMH_PARSE_navigate_json (connection, secret_encs, @@ -584,30 +552,20 @@ handle_refresh_melt_json (struct MHD_Connection *connection, TMH_PARSE_JNC_RET_DATA, &rcl->shared_secret_enc, sizeof (struct TALER_EncryptedLinkSecretP)); - if (GNUNET_OK != res) { GNUNET_break_op (0); - GNUNET_break (GNUNET_SYSERR != res); - GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, - TALER_CNC_KAPPA, - num_newcoins); - free_commit_links (commit_link, - TALER_CNC_KAPPA, - num_oldcoins); - return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + goto cleanup; } - GNUNET_CRYPTO_hash_context_read (hash_context, rcl, sizeof (struct TALER_RefreshCommitLinkP)); } - } GNUNET_CRYPTO_hash_context_finish (hash_context, &session_hash); - + hash_context = NULL; for (i=0;inum_newcoins;i++) + for (i=0;inum_oldcoins;i++) { const struct TALER_RefreshCommitLinkP *cl; json_t *cl_json; diff --git a/src/mint/taler-mint-httpd_wire.c b/src/mint/taler-mint-httpd_wire.c index 9c00b5d4..1eb3f6be 100644 --- a/src/mint/taler-mint-httpd_wire.c +++ b/src/mint/taler-mint-httpd_wire.c @@ -127,6 +127,7 @@ TMH_WIRE_handler_wire_test (struct TMH_RequestHandler *rh, &wire_test_redirect)) { /* oopsie, configuration error */ + MHD_destroy_response (response); return TMH_RESPONSE_reply_internal_error (connection, "REDIRECT_URL not configured"); } diff --git a/src/mint/test_taler_mint_httpd_afl.sh b/src/mint/test_taler_mint_httpd_afl.sh index bbcf8edb..d2c40c21 100755 --- a/src/mint/test_taler_mint_httpd_afl.sh +++ b/src/mint/test_taler_mint_httpd_afl.sh @@ -21,17 +21,21 @@ # # We read the JSON snippets from afl-tests/ # +PREFIX= +# Uncomment this line to run with valgrind... +PREFIX="valgrind --leak-check=yes --log-file=valgrind.%p" # Setup keys. taler-mint-keyup -d test-mint-home -m test-mint-home/master.priv # Setup database (just to be sure) taler-mint-dbinit -d test-mint-home &> /dev/null || true # Only log hard errors, we expect lots of warnings... -export GNUNET_FORCE_LOG="taler-mint-httpd;;;;ERROR/libmicrohttpd;;;;ERROR/" +export GNUNET_FORCE_LOG="taler-mint-httpd;;;;ERROR/libmicrohttpd;;;;ERROR/util;;;;ERROR/" # Run test... for n in afl-tests/* do echo -n "Test $n " - taler-mint-httpd -d test-mint-home/ -t 1 -f $n -C > /dev/null || { echo "FAIL!"; exit 1; } + $PREFIX taler-mint-httpd -d test-mint-home/ -t 1 -f $n -C > /dev/null || { echo "FAIL!"; } +# $PREFIX taler-mint-httpd -d test-mint-home/ -t 1 -f $n -C > /dev/null || { echo "FAIL!"; exit 1; } echo "OK" done exit 0 -- cgit v1.2.3