properly check contract hash, instead of just computing it twice

2015-09-28 22:56:20 +02:00 · 2015-09-28 22:56:20 +02:00 · 383f3eb850
commit 383f3eb850
parent 837b7f5f14
1 changed files with 11 additions and 1 deletions
--- a/src/mint/taler-mint-httpd_deposit.c
+++ b/src/mint/taler-mint-httpd_deposit.c
@ -136,6 +136,7 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
  struct TALER_MINTDB_Deposit deposit;
  struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
  struct TMH_KS_StateHandle *ks;
+  struct GNUNET_HashCode my_h_wire;
  struct TMH_PARSE_FieldSpecification spec[] = {
    TMH_PARSE_member_denomination_public_key ("denom_pub", &deposit.coin.denom_pub),
    TMH_PARSE_member_denomination_signature ("ub_sig", &deposit.coin.denom_sig),
@ -169,13 +170,22 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
  }
  if (GNUNET_OK !=
      TALER_hash_json (wire,
-                       &deposit.h_wire))
+                       &my_h_wire))
  {
    TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
    TMH_PARSE_release_data (spec);
    return TMH_RESPONSE_reply_arg_invalid (connection,
                                           "wire");
  }
+  if (0 != memcmp (&deposit.h_wire,
+		   &my_h_wire,
+		   sizeof (struct GNUNET_HashCode)))
+  {
+    /* Client hashed contract differently than we did, reject */
+    TMH_PARSE_release_data (spec);
+    return TMH_RESPONSE_reply_arg_invalid (connection,
+                                           "H_wire");
+  }
  ks = TMH_KS_acquire ();
  dki = TMH_KS_denomination_key_lookup (ks,
                                        &deposit.coin.denom_pub,