From 28a10c22a6a3d3883ad04cef5504905b3381c06f Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 23 Jun 2015 19:47:13 +0200
Subject: [PATCH] fix remaining open issues to resolve #3772/3773

---
 src/mint-lib/mint_api_withdraw.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/mint-lib/mint_api_withdraw.c b/src/mint-lib/mint_api_withdraw.c
index fdcd5a391..b877cf4d3 100644
--- a/src/mint-lib/mint_api_withdraw.c
+++ b/src/mint-lib/mint_api_withdraw.c
@@ -120,6 +120,8 @@ parse_reserve_history (json_t *history,
                        unsigned int history_length,
                        struct TALER_MINT_ReserveHistory *rhistory)
 {
+  struct GNUNET_HashCode uuid[history_length];
+  unsigned int uuid_off;
   struct TALER_Amount total_in;
   struct TALER_Amount total_out;
   size_t off;
@@ -128,6 +130,7 @@ parse_reserve_history (json_t *history,
                          &total_in);
   TALER_amount_get_zero (currency,
                          &total_out);
+  uuid_off = 0;
   for (off=0;off<history_length;off++)
   {
     json_t *transaction;
@@ -193,6 +196,7 @@ parse_reserve_history (json_t *history,
                                        &reserve_pub->eddsa_pub),
         MAJ_spec_end
       };
+      unsigned int i;
 
       rhistory[off].type = TALER_MINT_RTT_WITHDRAWAL;
       if (GNUNET_OK !=
@@ -222,9 +226,27 @@ parse_reserve_history (json_t *history,
       }
       rhistory[off].details.out_authorization_sig = json_object_get (transaction,
                                                                      "signature");
+      /* Check check that the same withdraw transaction
+         isn't listed twice by the mint. We use the
+         "uuid" array to remember the hashes of all
+         purposes, and compare the hashes to find
+         duplicates. */
+      GNUNET_CRYPTO_hash (withdraw_purpose,
+                          ntohl (withdraw_purpose->purpose.size),
+                          &uuid[uuid_off]);
+      for (i=0;i<uuid_off;i++)
+      {
+        if (0 == memcmp (&uuid[uuid_off],
+                         &uuid[i],
+                         sizeof (struct GNUNET_HashCode)))
+        {
+          GNUNET_break_op (0);
+          MAJ_parse_free (withdraw_spec);
+          return GNUNET_SYSERR;
+        }
+      }
+      uuid_off++;
 
-      /* FIXME: ought to also check that the same withdraw transaction
-         isn't listed twice by the mint... #3772-9310 */
       if (GNUNET_OK !=
           TALER_amount_add (&total_out,
                             &total_out,
@@ -260,7 +282,6 @@ parse_reserve_history (json_t *history,
 }
 
 
-
 /**
  * Function called when we're done processing the
  * HTTP /withdraw/status request.