[taler-exchange] branch master updated: add checks to ensure payto:// UR

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-exchange] branch master updated: add checks to ensure payto:// UR

From:	gnunet
Subject:	[taler-exchange] branch master updated: add checks to ensure payto:// URI is well-formed to taler-exchange-offline, and taler-exchange-httpd where applicable (fixes #6675)
Date:	Wed, 06 Jan 2021 15:52:14 +0100

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 73a9fe56 add checks to ensure payto:// URI is well-formed to 
taler-exchange-offline, and taler-exchange-httpd where applicable (fixes #6675)
73a9fe56 is described below

commit 73a9fe56eb2fd9c7126eeffa396998815112e2e5
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed Jan 6 15:52:12 2021 +0100

    add checks to ensure payto:// URI is well-formed to taler-exchange-offline, 
and taler-exchange-httpd where applicable (fixes #6675)
---
 src/exchange-tools/taler-exchange-offline.c        | 30 ++++++++++++++++++++++
 .../taler-exchange-httpd_management_wire.c         | 17 ++++++++++++
 src/exchange/taler-exchange-httpd_wire.c           | 11 ++++++++
 3 files changed, 58 insertions(+)

diff --git a/src/exchange-tools/taler-exchange-offline.c 
b/src/exchange-tools/taler-exchange-offline.c
index b6960df4..33aa50f4 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -1236,6 +1236,21 @@ upload_wire_add (const char *exchange_url,
     test_shutdown ();
     return;
   }
+  {
+    char *wire_method;
+
+    wire_method = TALER_payto_get_method (payto_uri);
+    if (NULL == wire_method)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto:// URI `%s' is malformed\n",
+                  payto_uri);
+      global_ret = 7;
+      test_shutdown ();
+      return;
+    }
+    GNUNET_free (wire_method);
+  }
   war = GNUNET_new (struct WireAddRequest);
   war->idx = idx;
   war->h =
@@ -2043,6 +2058,21 @@ do_add_wire (char *const *args)
   now = GNUNET_TIME_absolute_get ();
   (void) GNUNET_TIME_round_abs (&now);
 
+  {
+    char *wire_method;
+
+    wire_method = TALER_payto_get_method (args[0]);
+    if (NULL == wire_method)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto:// URI `%s' is malformed\n",
+                  args[0]);
+      global_ret = 7;
+      test_shutdown ();
+      return;
+    }
+    GNUNET_free (wire_method);
+  }
   TALER_exchange_offline_wire_add_sign (args[0],
                                         now,
                                         &master_priv,
diff --git a/src/exchange/taler-exchange-httpd_management_wire.c 
b/src/exchange/taler-exchange-httpd_management_wire.c
index 5454125f..83c3bbed 100644
--- a/src/exchange/taler-exchange-httpd_management_wire.c
+++ b/src/exchange/taler-exchange-httpd_management_wire.c
@@ -195,6 +195,23 @@ TEH_handler_management_denominations_wire (
       TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DETAILS_SIGNATURE_INVALID,
       NULL);
   }
+  {
+    char *wire_method;
+
+    wire_method = TALER_payto_get_method (awc.payto_uri);
+    if (NULL == wire_method)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto:// URI `%s' is malformed\n",
+                  awc.payto_uri);
+      return TALER_MHD_reply_with_error (
+        connection,
+        MHD_HTTP_BAD_REQUEST,
+        TALER_EC_GENERIC_PARAMETER_MALFORMED,
+        "payto_uri");
+    }
+    GNUNET_free (wire_method);
+  }
 
   qs = TEH_DB_run_transaction (connection,
                                "add wire",
diff --git a/src/exchange/taler-exchange-httpd_wire.c 
b/src/exchange/taler-exchange-httpd_wire.c
index 885d10d7..1942c7e4 100644
--- a/src/exchange/taler-exchange-httpd_wire.c
+++ b/src/exchange/taler-exchange-httpd_wire.c
@@ -232,6 +232,15 @@ build_wire_state (void)
                                                                   
"payto_uri"));
       GNUNET_assert (NULL != payto_uri);
       wire_method = TALER_payto_get_method (payto_uri);
+      if (NULL == wire_method)
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "payto:// URI `%s' stored in our database is malformed\n",
+                    payto_uri);
+        json_decref (wire_accounts_array);
+        json_decref (wire_fee_object);
+        return NULL;
+      }
       if (NULL == json_object_get (wire_fee_object,
                                    wire_method))
       {
@@ -248,6 +257,7 @@ build_wire_state (void)
           json_decref (a);
           json_decref (wire_fee_object);
           json_decref (wire_accounts_array);
+          GNUNET_free (wire_method);
           return NULL;
         }
         if (0 == json_array_size (a))
@@ -257,6 +267,7 @@ build_wire_state (void)
                       wire_method);
           json_decref (wire_accounts_array);
           json_decref (wire_fee_object);
+          GNUNET_free (wire_method);
           return NULL;
         }
         GNUNET_assert (0 ==

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-exchange] branch master updated: add checks to ensure payto:// URI is well-formed to taler-exchange-offline, and taler-exchange-httpd where applicable (fixes #6675), gnunet <=

Prev by Date: [taler-taler-merchant-demos] tag v0.8.1-dev.1 created (now c36ef03)
Next by Date: [taler-wallet-core] branch master updated (c032931f -> 3773a4cd)
Previous by thread: [taler-taler-merchant-demos] tag v0.8.1-dev.1 created (now c36ef03)
Next by thread: [taler-wallet-core] branch master updated (c032931f -> 3773a4cd)
Index(es):
- Date
- Thread