taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add checks to ensure payto:// URI is well-formed to taler-exchange-offline, and taler-exchange-httpd where applicable (fixes #6675)

Browse Source
This commit is contained in:
Christian Grothoff 2021-01-06 15:52:12 +01:00
parent 1f91211263
commit 73a9fe56eb
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
3 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/exchange-tools/taler-exchange-offline.c
View File

@ -1236,6 +1236,21 @@ upload_wire_add (const char *exchange_url,
test_shutdown (); test_shutdown ();
return; return;
} }
{
char *wire_method;
wire_method = TALER_payto_get_method (payto_uri);
if (NULL == wire_method)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"payto:// URI `%s' is malformed\n",
payto_uri);
global_ret = 7;
test_shutdown ();
return;
}
GNUNET_free (wire_method);
}
war = GNUNET_new (struct WireAddRequest); war = GNUNET_new (struct WireAddRequest);
war->idx = idx; war->idx = idx;
war->h = war->h =
@ -2043,6 +2058,21 @@ do_add_wire (char *const *args)
now = GNUNET_TIME_absolute_get (); now = GNUNET_TIME_absolute_get ();
(void) GNUNET_TIME_round_abs (&now); (void) GNUNET_TIME_round_abs (&now);
{
char *wire_method;
wire_method = TALER_payto_get_method (args[0]);
if (NULL == wire_method)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"payto:// URI `%s' is malformed\n",
args[0]);
global_ret = 7;
test_shutdown ();
return;
}
GNUNET_free (wire_method);
}
TALER_exchange_offline_wire_add_sign (args[0], TALER_exchange_offline_wire_add_sign (args[0],
now, now,
&master_priv, &master_priv,

17
src/exchange/taler-exchange-httpd_management_wire.c
View File

@ -195,6 +195,23 @@ TEH_handler_management_denominations_wire (
TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DETAILS_SIGNATURE_INVALID, TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DETAILS_SIGNATURE_INVALID,
NULL); NULL);
} }
{
char *wire_method;
wire_method = TALER_payto_get_method (awc.payto_uri);
if (NULL == wire_method)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"payto:// URI `%s' is malformed\n",
awc.payto_uri);
return TALER_MHD_reply_with_error (
connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
"payto_uri");
}
GNUNET_free (wire_method);
}
qs = TEH_DB_run_transaction (connection, qs = TEH_DB_run_transaction (connection,
"add wire", "add wire",

11
src/exchange/taler-exchange-httpd_wire.c
View File

@ -232,6 +232,15 @@ build_wire_state (void)
"payto_uri")); "payto_uri"));
GNUNET_assert (NULL != payto_uri); GNUNET_assert (NULL != payto_uri);
wire_method = TALER_payto_get_method (payto_uri); wire_method = TALER_payto_get_method (payto_uri);
if (NULL == wire_method)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"payto:// URI `%s' stored in our database is malformed\n",
payto_uri);
json_decref (wire_accounts_array);
json_decref (wire_fee_object);
return NULL;
}
if (NULL == json_object_get (wire_fee_object, if (NULL == json_object_get (wire_fee_object,
wire_method)) wire_method))
{ {
@ -248,6 +257,7 @@ build_wire_state (void)
json_decref (a); json_decref (a);
json_decref (wire_fee_object); json_decref (wire_fee_object);
json_decref (wire_accounts_array); json_decref (wire_accounts_array);
GNUNET_free (wire_method);
return NULL; return NULL;
} }
if (0 == json_array_size (a)) if (0 == json_array_size (a))
@ -257,6 +267,7 @@ build_wire_state (void)
wire_method); wire_method);
json_decref (wire_accounts_array); json_decref (wire_accounts_array);
json_decref (wire_fee_object); json_decref (wire_fee_object);
GNUNET_free (wire_method);
return NULL; return NULL;
} }
GNUNET_assert (0 == GNUNET_assert (0 ==