fix #6408: make sure all timestamps are always rounded when they arrive over JSON, or 400 the requester; similarly don't tolerate anything else as client

This commit is contained in:
Christian Grothoff 2020-07-05 21:54:11 +02:00
parent 6de49ea2c0
commit 54e63f01df
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
17 changed files with 234 additions and 65 deletions

View File

@ -224,18 +224,18 @@ TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("h_contract_terms", &dc.h_contract_terms),
GNUNET_JSON_spec_fixed_auto ("h_wire", &dc.h_wire),
GNUNET_JSON_spec_absolute_time ("exchange_timestamp",
TALER_JSON_spec_absolute_time ("exchange_timestamp",
&dc.exchange_timestamp),
GNUNET_JSON_spec_absolute_time ("refund_deadline", &dc.refund_deadline),
TALER_JSON_spec_absolute_time ("refund_deadline", &dc.refund_deadline),
TALER_JSON_spec_amount ("amount_without_fee", &dc.amount_without_fee),
GNUNET_JSON_spec_fixed_auto ("coin_pub", &dc.coin_pub),
GNUNET_JSON_spec_fixed_auto ("merchant_pub", &dc.merchant),
GNUNET_JSON_spec_fixed_auto ("exchange_sig", &dc.exchange_sig),
GNUNET_JSON_spec_fixed_auto ("exchange_pub", &dc.exchange_pub),
GNUNET_JSON_spec_fixed_auto ("master_pub", &es.master_public_key),
GNUNET_JSON_spec_absolute_time ("ep_start", &es.ep_start),
GNUNET_JSON_spec_absolute_time ("ep_expire", &es.ep_expire),
GNUNET_JSON_spec_absolute_time ("ep_end", &es.ep_end),
TALER_JSON_spec_absolute_time ("ep_start", &es.ep_start),
TALER_JSON_spec_absolute_time ("ep_expire", &es.ep_expire),
TALER_JSON_spec_absolute_time ("ep_end", &es.ep_end),
GNUNET_JSON_spec_fixed_auto ("master_sig", &es.master_sig),
GNUNET_JSON_spec_end ()
};

View File

@ -24,6 +24,7 @@ taler_bank_transfer_SOURCES = \
taler_bank_transfer_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \
libtalerbank.la \
-lgnunetcurl \
-lgnunetutil \

View File

@ -91,7 +91,7 @@ handle_admin_add_incoming_finished (void *cls,
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint64 ("row_id",
&row_id),
GNUNET_JSON_spec_absolute_time ("timestamp",
TALER_JSON_spec_absolute_time ("timestamp",
&timestamp),
GNUNET_JSON_spec_end ()
};

View File

@ -90,7 +90,7 @@ parse_account_history (struct TALER_BANK_CreditHistoryHandle *hh,
struct GNUNET_JSON_Specification hist_spec[] = {
TALER_JSON_spec_amount ("amount",
&td.amount),
GNUNET_JSON_spec_absolute_time ("date",
TALER_JSON_spec_absolute_time ("date",
&td.execution_date),
GNUNET_JSON_spec_uint64 ("row_id",
&row_id),

View File

@ -90,7 +90,7 @@ parse_account_history (struct TALER_BANK_DebitHistoryHandle *hh,
struct GNUNET_JSON_Specification hist_spec[] = {
TALER_JSON_spec_amount ("amount",
&td.amount),
GNUNET_JSON_spec_absolute_time ("date",
TALER_JSON_spec_absolute_time ("date",
&td.execution_date),
GNUNET_JSON_spec_uint64 ("row_id",
&row_id),

View File

@ -184,7 +184,7 @@ handle_transfer_finished (void *cls,
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint64 ("row_id",
&row_id),
GNUNET_JSON_spec_absolute_time ("timestamp",
TALER_JSON_spec_absolute_time ("timestamp",
&timestamp),
GNUNET_JSON_spec_end ()
};

View File

@ -21,10 +21,11 @@ taler_exchange_keyup_SOURCES = \
taler-exchange-keyup.c
taler_exchange_keyup_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/pq/libtalerpq.la \
$(top_builddir)/src/bank-lib/libtalerbank.la \
$(top_builddir)/src/exchangedb/libtalerexchangedb.la \
$(top_builddir)/src/bank-lib/libtalerbank.la \
$(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/pq/libtalerpq.la \
$(top_builddir)/src/util/libtalerutil.la \
-lgnunetutil $(XLIB)
taler_exchange_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS)

View File

@ -336,11 +336,11 @@ TEH_handler_deposit (struct MHD_Connection *connection,
&deposit.h_wire),
GNUNET_JSON_spec_fixed_auto ("coin_sig",
&deposit.csig),
GNUNET_JSON_spec_absolute_time ("timestamp",
TALER_JSON_spec_absolute_time ("timestamp",
&deposit.timestamp),
GNUNET_JSON_spec_absolute_time ("refund_deadline",
TALER_JSON_spec_absolute_time ("refund_deadline",
&deposit.refund_deadline),
GNUNET_JSON_spec_absolute_time ("wire_transfer_deadline",
TALER_JSON_spec_absolute_time ("wire_transfer_deadline",
&deposit.wire_deadline),
GNUNET_JSON_spec_end ()
};

View File

@ -80,6 +80,31 @@ TALER_JSON_spec_amount_nbo (const char *name,
struct TALER_AmountNBO *r_amount);
/**
* Provide specification to parse given JSON object to an absolute time.
* The absolute time value is expected to be already rounded.
*
* @param name name of the time field in the JSON
* @param[out] r_time where the time has to be written
*/
struct GNUNET_JSON_Specification
TALER_JSON_spec_absolute_time (const char *name,
struct GNUNET_TIME_Absolute *r_time);
/**
* Provide specification to parse given JSON object to an absolute time
* in network byte order.
* The absolute time value is expected to be already rounded.
*
* @param name name of the time field in the JSON
* @param[out] r_time where the time has to be written
*/
struct GNUNET_JSON_Specification
TALER_JSON_spec_absolute_time_nbo (const char *name,
struct GNUNET_TIME_AbsoluteNBO *r_time);
/**
* Generate line in parser specification for denomination public key.
*

View File

@ -174,6 +174,147 @@ TALER_JSON_spec_amount_nbo (const char *name,
}
/**
* Parse given JSON object to *rounded* absolute time.
*
* @param cls closure, NULL
* @param root the json object representing data
* @param[out] spec where to write the data
* @return #GNUNET_OK upon successful parsing; #GNUNET_SYSERR upon error
*/
static int
parse_abs_time (void *cls,
json_t *root,
struct GNUNET_JSON_Specification *spec)
{
struct GNUNET_TIME_Absolute *abs = spec->ptr;
json_t *json_t_ms;
unsigned long long int tval;
if (! json_is_object (root))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
json_t_ms = json_object_get (root, "t_ms");
if (json_is_integer (json_t_ms))
{
tval = json_integer_value (json_t_ms);
/* Time is in milliseconds in JSON, but in microseconds in GNUNET_TIME_Absolute */
abs->abs_value_us = tval * 1000LL;
if ((abs->abs_value_us) / 1000LL != tval)
{
/* Integer overflow */
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_TIME_round_abs (abs))
{
/* time not rounded */
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
return GNUNET_OK;
}
if (json_is_string (json_t_ms))
{
const char *val;
val = json_string_value (json_t_ms);
if ((0 == strcasecmp (val, "never")))
{
*abs = GNUNET_TIME_UNIT_FOREVER_ABS;
return GNUNET_OK;
}
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
/**
* Provide specification to parse given JSON object to an absolute time.
* The absolute time value is expected to be already rounded.
*
* @param name name of the time field in the JSON
* @param[out] r_time where the time has to be written
*/
struct GNUNET_JSON_Specification
TALER_JSON_spec_absolute_time (const char *name,
struct GNUNET_TIME_Absolute *r_time)
{
struct GNUNET_JSON_Specification ret = {
.parser = &parse_abs_time,
.cleaner = NULL,
.cls = NULL,
.field = name,
.ptr = r_time,
.ptr_size = sizeof(uint64_t),
.size_ptr = NULL
};
return ret;
}
/**
* Parse given JSON object to absolute time.
*
* @param cls closure, NULL
* @param root the json object representing data
* @param[out] spec where to write the data
* @return #GNUNET_OK upon successful parsing; #GNUNET_SYSERR upon error
*/
static int
parse_abs_time_nbo (void *cls,
json_t *root,
struct GNUNET_JSON_Specification *spec)
{
struct GNUNET_TIME_AbsoluteNBO *abs = spec->ptr;
struct GNUNET_TIME_Absolute a;
struct GNUNET_JSON_Specification ispec;
ispec = *spec;
ispec.parser = &parse_abs_time;
ispec.ptr = &a;
if (GNUNET_OK !=
parse_abs_time (NULL,
root,
&ispec))
return GNUNET_SYSERR;
*abs = GNUNET_TIME_absolute_hton (a);
return GNUNET_OK;
}
/**
* Provide specification to parse given JSON object to an absolute time
* in network byte order.
* The absolute time value is expected to be already rounded.
*
* @param name name of the time field in the JSON
* @param[out] r_time where the time has to be written
*/
struct GNUNET_JSON_Specification
TALER_JSON_spec_absolute_time_nbo (const char *name,
struct GNUNET_TIME_AbsoluteNBO *r_time)
{
struct GNUNET_JSON_Specification ret = {
.parser = &parse_abs_time_nbo,
.cleaner = NULL,
.cls = NULL,
.field = name,
.ptr = r_time,
.ptr_size = sizeof(uint64_t),
.size_ptr = NULL
};
return ret;
}
/**
* Generate line in parser specification for denomination public key.
*

View File

@ -109,7 +109,7 @@ TALER_EXCHANGE_parse_reserve_history (
GNUNET_JSON_spec_varsize ("wire_reference",
&wire_reference,
&wire_reference_size),
GNUNET_JSON_spec_absolute_time ("timestamp",
TALER_JSON_spec_absolute_time ("timestamp",
&timestamp),
GNUNET_JSON_spec_string ("sender_account_url",
&wire_url),
@ -256,7 +256,7 @@ TALER_EXCHANGE_parse_reserve_history (
&rh->details.recoup_details.exchange_sig),
GNUNET_JSON_spec_fixed_auto ("exchange_pub",
&rh->details.recoup_details.exchange_pub),
GNUNET_JSON_spec_absolute_time_nbo ("timestamp",
TALER_JSON_spec_absolute_time_nbo ("timestamp",
&pc.timestamp),
GNUNET_JSON_spec_end ()
};
@ -328,7 +328,7 @@ TALER_EXCHANGE_parse_reserve_history (
&rh->details.close_details.exchange_pub),
TALER_JSON_spec_amount_nbo ("closing_fee",
&rcc.closing_fee),
GNUNET_JSON_spec_absolute_time_nbo ("timestamp",
TALER_JSON_spec_absolute_time_nbo ("timestamp",
&rcc.timestamp),
GNUNET_JSON_spec_end ()
};
@ -523,9 +523,9 @@ TALER_EXCHANGE_verify_coin_history (
&dr.h_contract_terms),
GNUNET_JSON_spec_fixed_auto ("h_wire",
&dr.h_wire),
GNUNET_JSON_spec_absolute_time_nbo ("timestamp",
TALER_JSON_spec_absolute_time_nbo ("timestamp",
&dr.wallet_timestamp),
GNUNET_JSON_spec_absolute_time_nbo ("refund_deadline",
TALER_JSON_spec_absolute_time_nbo ("refund_deadline",
&dr.refund_deadline),
TALER_JSON_spec_amount_nbo ("deposit_fee",
&dr.deposit_fee),
@ -709,7 +709,7 @@ TALER_EXCHANGE_verify_coin_history (
&exchange_pub),
GNUNET_JSON_spec_fixed_auto ("reserve_pub",
&pc.reserve_pub),
GNUNET_JSON_spec_absolute_time_nbo ("timestamp",
TALER_JSON_spec_absolute_time_nbo ("timestamp",
&pc.timestamp),
GNUNET_JSON_spec_end ()
};

View File

@ -198,7 +198,7 @@ verify_deposit_signature_ok (struct TALER_EXCHANGE_DepositHandle *dh,
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("exchange_sig", exchange_sig),
GNUNET_JSON_spec_fixed_auto ("exchange_pub", exchange_pub),
GNUNET_JSON_spec_absolute_time_nbo ("exchange_timestamp",
TALER_JSON_spec_absolute_time_nbo ("exchange_timestamp",
&dh->depconf.exchange_timestamp),
GNUNET_JSON_spec_end ()
};

View File

@ -149,7 +149,7 @@ handle_deposit_wtid_finished (void *cls,
struct TALER_EXCHANGE_DepositData dd;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("wtid", &dwh->depconf.wtid),
GNUNET_JSON_spec_absolute_time ("execution_time", &dd.execution_time),
TALER_JSON_spec_absolute_time ("execution_time", &dd.execution_time),
TALER_JSON_spec_amount ("coin_contribution", &dd.coin_contribution),
GNUNET_JSON_spec_fixed_auto ("exchange_sig", &dd.exchange_sig),
GNUNET_JSON_spec_fixed_auto ("exchange_pub", &dd.exchange_pub),
@ -196,7 +196,7 @@ handle_deposit_wtid_finished (void *cls,
/* Transaction known, but not executed yet */
struct GNUNET_TIME_Absolute execution_time;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_absolute_time ("execution_time", &execution_time),
TALER_JSON_spec_absolute_time ("execution_time", &execution_time),
GNUNET_JSON_spec_end ()
};

View File

@ -374,11 +374,11 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
&sign_key_issue_sig),
GNUNET_JSON_spec_fixed_auto ("key",
&sign_key->key),
GNUNET_JSON_spec_absolute_time ("stamp_start",
TALER_JSON_spec_absolute_time ("stamp_start",
&sign_key->valid_from),
GNUNET_JSON_spec_absolute_time ("stamp_expire",
TALER_JSON_spec_absolute_time ("stamp_expire",
&sign_key->valid_until),
GNUNET_JSON_spec_absolute_time ("stamp_end",
TALER_JSON_spec_absolute_time ("stamp_end",
&sign_key->valid_legal),
GNUNET_JSON_spec_end ()
};
@ -441,13 +441,13 @@ parse_json_denomkey (struct TALER_EXCHANGE_DenomPublicKey *denom_key,
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("master_sig",
&denom_key->master_sig),
GNUNET_JSON_spec_absolute_time ("stamp_expire_deposit",
TALER_JSON_spec_absolute_time ("stamp_expire_deposit",
&denom_key->expire_deposit),
GNUNET_JSON_spec_absolute_time ("stamp_expire_withdraw",
TALER_JSON_spec_absolute_time ("stamp_expire_withdraw",
&denom_key->withdraw_valid_until),
GNUNET_JSON_spec_absolute_time ("stamp_start",
TALER_JSON_spec_absolute_time ("stamp_start",
&denom_key->valid_from),
GNUNET_JSON_spec_absolute_time ("stamp_expire_legal",
TALER_JSON_spec_absolute_time ("stamp_expire_legal",
&denom_key->expire_legal),
TALER_JSON_spec_amount ("value",
&denom_key->value),
@ -825,7 +825,7 @@ decode_keys_json (const json_t *resp_obj,
check_sig is false! */
GNUNET_JSON_spec_fixed_auto ("master_public_key",
&key_data->master_pub),
GNUNET_JSON_spec_absolute_time ("list_issue_date",
TALER_JSON_spec_absolute_time ("list_issue_date",
&key_data->list_issue_date),
GNUNET_JSON_spec_relative_time ("reserve_closing_delay",
&key_data->reserve_closing_delay),
@ -887,7 +887,8 @@ decode_keys_json (const json_t *resp_obj,
GNUNET_JSON_parse (resp_obj,
(check_sig) ? mspec : &mspec[2],
NULL, NULL));
EXITIF (GNUNET_OK !=
GNUNET_TIME_round_rel (&key_data->reserve_closing_delay));
/* parse the master public key and issue date of the response */
if (check_sig)
hash_context = GNUNET_CRYPTO_hash_context_start ();
@ -1568,7 +1569,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
&keys),
GNUNET_JSON_spec_string ("exchange_url",
&url),
GNUNET_JSON_spec_absolute_time ("expire",
TALER_JSON_spec_absolute_time ("expire",
&expire),
GNUNET_JSON_spec_end ()
};

View File

@ -93,7 +93,7 @@ check_transfers_get_response_ok (
TALER_JSON_spec_amount ("wire_fee", &td.wire_fee),
GNUNET_JSON_spec_fixed_auto ("merchant_pub", &merchant_pub),
GNUNET_JSON_spec_fixed_auto ("h_wire", &td.h_wire),
GNUNET_JSON_spec_absolute_time ("execution_time", &td.execution_time),
TALER_JSON_spec_absolute_time ("execution_time", &td.execution_time),
GNUNET_JSON_spec_json ("deposits", &details_j),
GNUNET_JSON_spec_fixed_auto ("exchange_sig", &td.exchange_sig),
GNUNET_JSON_spec_fixed_auto ("exchange_pub", &td.exchange_pub),

View File

@ -148,9 +148,9 @@ parse_fees (json_t *fees)
&wa->wire_fee),
TALER_JSON_spec_amount ("closing_fee",
&wa->closing_fee),
GNUNET_JSON_spec_absolute_time ("start_date",
TALER_JSON_spec_absolute_time ("start_date",
&wa->start_date),
GNUNET_JSON_spec_absolute_time ("end_date",
TALER_JSON_spec_absolute_time ("end_date",
&wa->end_date),
GNUNET_JSON_spec_end ()
};

View File

@ -283,7 +283,7 @@ deposit_confirmation_run (void *cls,
/* timestamp is mandatory */
{
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_absolute_time ("timestamp", &timestamp),
TALER_JSON_spec_absolute_time ("timestamp", &timestamp),
GNUNET_JSON_spec_end ()
};
@ -300,7 +300,7 @@ deposit_confirmation_run (void *cls,
/* refund deadline is optional, defaults to zero */
{
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_absolute_time ("refund_deadline", &refund_deadline),
TALER_JSON_spec_absolute_time ("refund_deadline", &refund_deadline),
GNUNET_JSON_spec_end ()
};