From 06f5621fbac43c59b15fa4ef9e0fe92b828cec5b Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 6 Oct 2017 21:04:39 +0200 Subject: [PATCH] better logging if IBAN validation fails, also avoid potentially unbounded stack allocation --- src/exchange-lib/exchange_api_reserve.c | 15 ++++++++++++++- src/wire/plugin_wire_sepa.c | 8 ++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/exchange-lib/exchange_api_reserve.c b/src/exchange-lib/exchange_api_reserve.c index 40c9d491d..6af500ee2 100644 --- a/src/exchange-lib/exchange_api_reserve.c +++ b/src/exchange-lib/exchange_api_reserve.c @@ -827,7 +827,20 @@ reserve_withdraw_payment_required (struct TALER_EXCHANGE_ReserveWithdrawHandle * total incoming and outgoing amounts */ len = json_array_size (history); { - struct TALER_EXCHANGE_ReserveHistory rhistory[len]; + struct TALER_EXCHANGE_ReserveHistory *rhistory; + + /* Use heap allocation as "len" may be very big and thus this may + not fit on the stack. Use "GNUNET_malloc_large" as a malicious + exchange may theoretically try to crash us by giving a history + that does not fit into our memory. */ + rhistory = GNUNET_malloc_large (sizeof (struct TALER_EXCHANGE_ReserveHistory) * len); + if (NULL == rhistory) + { + GNUNET_break (0); + free_rhistory (rhistory, + len); + return GNUNET_SYSERR; + } if (GNUNET_OK != parse_reserve_history (wsh->exchange, diff --git a/src/wire/plugin_wire_sepa.c b/src/wire/plugin_wire_sepa.c index f0cef029f..5de3472b9 100644 --- a/src/wire/plugin_wire_sepa.c +++ b/src/wire/plugin_wire_sepa.c @@ -292,7 +292,10 @@ validate_iban (const char *iban) len = strlen (iban); if (len > 34) + { + GNUNET_break_op (0); return GNUNET_NO; + } strncpy (cc, iban, 2); strncpy (ibancpy, iban + 4, len - 4); strncpy (ibancpy + len - 4, iban, 4); @@ -305,7 +308,10 @@ validate_iban (const char *iban) sizeof (country_table) / sizeof (struct table_entry), sizeof (struct table_entry), &cmp_country_code)) + { + GNUNET_break_op (0); return GNUNET_NO; + } nbuf = GNUNET_malloc ((len * 2) + 1); for (i=0, j=0; i < len; i++) { @@ -338,6 +344,7 @@ validate_iban (const char *iban) &nread))) { GNUNET_free (nbuf); + GNUNET_break_op (0); return GNUNET_NO; } if (0 != remainder) @@ -347,6 +354,7 @@ validate_iban (const char *iban) GNUNET_free (nbuf); if (1 == remainder) return GNUNET_YES; + GNUNET_break_op (0); /* checksum wrong */ return GNUNET_NO; }