From 344c53c51dac9d5bb09c261c36f3e4d58de1a321 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 18 May 2022 18:05:32 +0200 Subject: [PATCH] enforce valid payto:// URI in exchange /wire response --- contrib/gana | 2 +- src/exchange-tools/taler-exchange-offline.c | 28 +++++++++++++++++++ ...er-exchange-httpd_management_wire_enable.c | 17 +++++++++++ src/lib/exchange_api_management_wire_enable.c | 12 ++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/contrib/gana b/contrib/gana index fa6373d8e..99d8d9e03 160000 --- a/contrib/gana +++ b/contrib/gana @@ -1 +1 @@ -Subproject commit fa6373d8e2432cd63da881e05f4100240e688cdf +Subproject commit 99d8d9e0336bacebab5af4ae00c3f685ffd90f60 diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c index 687ef5682..8d8c4c62b 100644 --- a/src/exchange-tools/taler-exchange-offline.c +++ b/src/exchange-tools/taler-exchange-offline.c @@ -1395,6 +1395,20 @@ upload_wire_add (const char *exchange_url, } GNUNET_free (wire_method); } + { + char *msg = TALER_payto_validate (payto_uri); + + if (NULL != msg) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "payto URI is malformed: %s\n", + msg); + GNUNET_free (msg); + test_shutdown (); + global_ret = EXIT_INVALIDARGUMENT; + return; + } + } war = GNUNET_new (struct WireAddRequest); war->idx = idx; war->h = @@ -2460,6 +2474,20 @@ do_add_wire (char *const *args) if (GNUNET_OK != load_offline_key (GNUNET_NO)) return; + { + char *msg = TALER_payto_validate (args[0]); + + if (NULL != msg) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "payto URI is malformed: %s\n", + msg); + GNUNET_free (msg); + test_shutdown (); + global_ret = EXIT_INVALIDARGUMENT; + return; + } + } now = GNUNET_TIME_timestamp_get (); { char *wire_method; diff --git a/src/exchange/taler-exchange-httpd_management_wire_enable.c b/src/exchange/taler-exchange-httpd_management_wire_enable.c index dfdebec49..25ee0eeac 100644 --- a/src/exchange/taler-exchange-httpd_management_wire_enable.c +++ b/src/exchange/taler-exchange-httpd_management_wire_enable.c @@ -166,6 +166,23 @@ TEH_handler_management_post_wire ( return MHD_YES; /* failure */ } TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; + { + char *msg = TALER_payto_validate (awc.payto_uri); + + if (NULL != msg) + { + MHD_RESULT ret; + + GNUNET_break_op (0); + ret = TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PAYTO_URI_MALFORMED, + msg); + GNUNET_free (msg); + return ret; + } + } if (GNUNET_OK != TALER_exchange_offline_wire_add_verify (awc.payto_uri, awc.validity_start, diff --git a/src/lib/exchange_api_management_wire_enable.c b/src/lib/exchange_api_management_wire_enable.c index c4d5b13b4..6e3dbad19 100644 --- a/src/lib/exchange_api_management_wire_enable.c +++ b/src/lib/exchange_api_management_wire_enable.c @@ -138,6 +138,18 @@ TALER_EXCHANGE_management_enable_wire ( CURL *eh; json_t *body; + { + char *msg = TALER_payto_validate (payto_uri); + + if (NULL != msg) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "payto URI is malformed: %s\n", + msg); + GNUNET_free (msg); + return NULL; + } + } wh = GNUNET_new (struct TALER_EXCHANGE_ManagementWireEnableHandle); wh->cb = cb; wh->cb_cls = cb_cls;