diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-09-15 12:39:15 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-09-15 12:39:15 +0200 |
commit | ebd2e7d763689430d37386903ac190da4943ce2c (patch) | |
tree | 52e62b3005e39923590b300dfa04a37fb88354a0 | |
parent | a3d272eb9d1fdb130e98fc9d67198106a2aef53d (diff) | |
download | exchange-ebd2e7d763689430d37386903ac190da4943ce2c.tar.gz exchange-ebd2e7d763689430d37386903ac190da4943ce2c.zip |
fix leaks and unnecessary fetch of RSA signature on refresh/reveal
-rw-r--r-- | src/exchange/taler-exchange-httpd_refresh_reveal.c | 20 | ||||
-rw-r--r-- | src/exchangedb/plugin_exchangedb_postgres.c | 9 | ||||
-rw-r--r-- | src/exchangedb/test_exchangedb.c | 9 | ||||
-rw-r--r-- | src/include/taler_exchangedb_plugin.h | 4 | ||||
-rw-r--r-- | src/lib/exchange_api_handle.c | 11 |
5 files changed, 20 insertions, 33 deletions
diff --git a/src/exchange/taler-exchange-httpd_refresh_reveal.c b/src/exchange/taler-exchange-httpd_refresh_reveal.c index a84e5dea7..8746ba5d0 100644 --- a/src/exchange/taler-exchange-httpd_refresh_reveal.c +++ b/src/exchange/taler-exchange-httpd_refresh_reveal.c | |||
@@ -273,20 +273,6 @@ refresh_reveal_preflight (void *cls, | |||
273 | 273 | ||
274 | 274 | ||
275 | /** | 275 | /** |
276 | * Helper function for #refresh_reveal_transaction() to free internal | ||
277 | * state of @a refresh_melt (but not the pointer itself!). | ||
278 | * | ||
279 | * @param refresh_melt memory to clean up | ||
280 | */ | ||
281 | static void | ||
282 | free_refresh_melt (struct TALER_EXCHANGEDB_RefreshMelt *refresh_melt) | ||
283 | { | ||
284 | GNUNET_CRYPTO_rsa_signature_free ( | ||
285 | refresh_melt->session.coin.denom_sig.rsa_signature); | ||
286 | } | ||
287 | |||
288 | |||
289 | /** | ||
290 | * Execute a "/refresh/reveal". The client is revealing to us the | 276 | * Execute a "/refresh/reveal". The client is revealing to us the |
291 | * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the | 277 | * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the |
292 | * revealed transfer keys would allow linkage to the blinded coins. | 278 | * revealed transfer keys would allow linkage to the blinded coins. |
@@ -335,8 +321,6 @@ refresh_reveal_transaction (void *cls, | |||
335 | GNUNET_break (0); | 321 | GNUNET_break (0); |
336 | *mhd_ret = TEH_RESPONSE_reply_internal_db_error (connection, | 322 | *mhd_ret = TEH_RESPONSE_reply_internal_db_error (connection, |
337 | TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR); | 323 | TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR); |
338 | if (refresh_melt.session.noreveal_index >= TALER_CNC_KAPPA) | ||
339 | free_refresh_melt (&refresh_melt); | ||
340 | return GNUNET_DB_STATUS_HARD_ERROR; | 324 | return GNUNET_DB_STATUS_HARD_ERROR; |
341 | } | 325 | } |
342 | 326 | ||
@@ -424,7 +408,6 @@ refresh_reveal_transaction (void *cls, | |||
424 | GNUNET_break_op (0); | 408 | GNUNET_break_op (0); |
425 | *mhd_ret = reply_refresh_reveal_missmatch (connection, | 409 | *mhd_ret = reply_refresh_reveal_missmatch (connection, |
426 | &rc_expected); | 410 | &rc_expected); |
427 | free_refresh_melt (&refresh_melt); | ||
428 | return GNUNET_DB_STATUS_HARD_ERROR; | 411 | return GNUNET_DB_STATUS_HARD_ERROR; |
429 | } | 412 | } |
430 | } /* end of checking "rc_expected" */ | 413 | } /* end of checking "rc_expected" */ |
@@ -457,7 +440,6 @@ refresh_reveal_transaction (void *cls, | |||
457 | *mhd_ret = TEH_RESPONSE_reply_internal_error (connection, | 440 | *mhd_ret = TEH_RESPONSE_reply_internal_error (connection, |
458 | TALER_EC_REFRESH_REVEAL_COST_CALCULATION_OVERFLOW, | 441 | TALER_EC_REFRESH_REVEAL_COST_CALCULATION_OVERFLOW, |
459 | "failed to add up refresh costs"); | 442 | "failed to add up refresh costs"); |
460 | free_refresh_melt (&refresh_melt); | ||
461 | return GNUNET_DB_STATUS_HARD_ERROR; | 443 | return GNUNET_DB_STATUS_HARD_ERROR; |
462 | } | 444 | } |
463 | } | 445 | } |
@@ -468,11 +450,9 @@ refresh_reveal_transaction (void *cls, | |||
468 | *mhd_ret = TEH_RESPONSE_reply_external_error (connection, | 450 | *mhd_ret = TEH_RESPONSE_reply_external_error (connection, |
469 | TALER_EC_REFRESH_REVEAL_AMOUNT_INSUFFICIENT, | 451 | TALER_EC_REFRESH_REVEAL_AMOUNT_INSUFFICIENT, |
470 | "melted coin value is insufficient to cover cost of operation"); | 452 | "melted coin value is insufficient to cover cost of operation"); |
471 | free_refresh_melt (&refresh_melt); | ||
472 | return GNUNET_DB_STATUS_HARD_ERROR; | 453 | return GNUNET_DB_STATUS_HARD_ERROR; |
473 | } | 454 | } |
474 | } | 455 | } |
475 | free_refresh_melt (&refresh_melt); | ||
476 | return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; | 456 | return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; |
477 | } | 457 | } |
478 | 458 | ||
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index acd6e9278..17894281b 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c | |||
@@ -887,7 +887,6 @@ postgres_prepare (PGconn *db_conn) | |||
887 | " kc.denom_pub_hash" | 887 | " kc.denom_pub_hash" |
888 | ",denom.fee_refresh_val" | 888 | ",denom.fee_refresh_val" |
889 | ",denom.fee_refresh_frac" | 889 | ",denom.fee_refresh_frac" |
890 | ",kc.denom_sig" | ||
891 | ",old_coin_pub" | 890 | ",old_coin_pub" |
892 | ",old_coin_sig" | 891 | ",old_coin_sig" |
893 | ",amount_with_fee_val" | 892 | ",amount_with_fee_val" |
@@ -3729,7 +3728,9 @@ postgres_select_refunds_by_coin (void *cls, | |||
3729 | * @param cls the `struct PostgresClosure` with the plugin-specific state | 3728 | * @param cls the `struct PostgresClosure` with the plugin-specific state |
3730 | * @param session database handle to use, NULL if not run in any transaction | 3729 | * @param session database handle to use, NULL if not run in any transaction |
3731 | * @param rc commitment hash to use to locate the operation | 3730 | * @param rc commitment hash to use to locate the operation |
3732 | * @param[out] refresh_melt where to store the result | 3731 | * @param[out] refresh_melt where to store the result; note that |
3732 | * refresh_melt->session.coin.denom_sig will be set to NULL | ||
3733 | * and is not fetched by this routine (as it is not needed by the client) | ||
3733 | * @return transaction status | 3734 | * @return transaction status |
3734 | */ | 3735 | */ |
3735 | static enum GNUNET_DB_QueryStatus | 3736 | static enum GNUNET_DB_QueryStatus |
@@ -3749,9 +3750,6 @@ postgres_get_melt (void *cls, | |||
3749 | denom_pub_hash), | 3750 | denom_pub_hash), |
3750 | TALER_PQ_RESULT_SPEC_AMOUNT ("fee_refresh", | 3751 | TALER_PQ_RESULT_SPEC_AMOUNT ("fee_refresh", |
3751 | &refresh_melt->melt_fee), | 3752 | &refresh_melt->melt_fee), |
3752 | GNUNET_PQ_result_spec_rsa_signature ("denom_sig", | ||
3753 | &refresh_melt->session.coin.denom_sig. | ||
3754 | rsa_signature), | ||
3755 | GNUNET_PQ_result_spec_uint32 ("noreveal_index", | 3753 | GNUNET_PQ_result_spec_uint32 ("noreveal_index", |
3756 | &refresh_melt->session.noreveal_index), | 3754 | &refresh_melt->session.noreveal_index), |
3757 | GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub", | 3755 | GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub", |
@@ -3764,6 +3762,7 @@ postgres_get_melt (void *cls, | |||
3764 | }; | 3762 | }; |
3765 | enum GNUNET_DB_QueryStatus qs; | 3763 | enum GNUNET_DB_QueryStatus qs; |
3766 | 3764 | ||
3765 | refresh_melt->session.coin.denom_sig.rsa_signature = NULL; | ||
3767 | if (NULL == session) | 3766 | if (NULL == session) |
3768 | session = postgres_get_session (pg); | 3767 | session = postgres_get_session (pg); |
3769 | qs = GNUNET_PQ_eval_prepared_singleton_select (session->conn, | 3768 | qs = GNUNET_PQ_eval_prepared_singleton_select (session->conn, |
diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index 7033f728e..6c48f3a19 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c | |||
@@ -562,19 +562,14 @@ test_melting (struct TALER_EXCHANGEDB_Session *session) | |||
562 | GNUNET_memcmp (&refresh_session.rc, &ret_refresh_session.session.rc)); | 562 | GNUNET_memcmp (&refresh_session.rc, &ret_refresh_session.session.rc)); |
563 | FAILIF (0 != GNUNET_memcmp (&refresh_session.coin_sig, | 563 | FAILIF (0 != GNUNET_memcmp (&refresh_session.coin_sig, |
564 | &ret_refresh_session.session.coin_sig)); | 564 | &ret_refresh_session.session.coin_sig)); |
565 | FAILIF (0 != | 565 | FAILIF (NULL != |
566 | GNUNET_CRYPTO_rsa_signature_cmp ( | 566 | ret_refresh_session.session.coin.denom_sig.rsa_signature); |
567 | refresh_session.coin.denom_sig.rsa_signature, | ||
568 | ret_refresh_session.session.coin. | ||
569 | denom_sig.rsa_signature)); | ||
570 | FAILIF (0 != memcmp (&refresh_session.coin.coin_pub, | 567 | FAILIF (0 != memcmp (&refresh_session.coin.coin_pub, |
571 | &ret_refresh_session.session.coin.coin_pub, | 568 | &ret_refresh_session.session.coin.coin_pub, |
572 | sizeof (refresh_session.coin.coin_pub))); | 569 | sizeof (refresh_session.coin.coin_pub))); |
573 | FAILIF (0 != | 570 | FAILIF (0 != |
574 | GNUNET_memcmp (&refresh_session.coin.denom_pub_hash, | 571 | GNUNET_memcmp (&refresh_session.coin.denom_pub_hash, |
575 | &ret_refresh_session.session.coin.denom_pub_hash)); | 572 | &ret_refresh_session.session.coin.denom_pub_hash)); |
576 | GNUNET_CRYPTO_rsa_signature_free ( | ||
577 | ret_refresh_session.session.coin.denom_sig.rsa_signature); | ||
578 | 573 | ||
579 | /* test 'select_refreshs_above_serial_id' */ | 574 | /* test 'select_refreshs_above_serial_id' */ |
580 | auditor_row_cnt = 0; | 575 | auditor_row_cnt = 0; |
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 11404959d..90643d62e 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h | |||
@@ -1827,7 +1827,9 @@ struct TALER_EXCHANGEDB_Plugin | |||
1827 | * @param cls the @e cls of this struct with the plugin-specific state | 1827 | * @param cls the @e cls of this struct with the plugin-specific state |
1828 | * @param session database handle to use | 1828 | * @param session database handle to use |
1829 | * @param rc commitment to use for the lookup | 1829 | * @param rc commitment to use for the lookup |
1830 | * @param[out] refresh_melt where to store the result | 1830 | * @param[out] refresh_melt where to store the result; note that |
1831 | * refresh_melt->session.coin.denom_sig will be set to NULL | ||
1832 | * and is not fetched by this routine (as it is not needed by the client) | ||
1831 | * @return transaction status | 1833 | * @return transaction status |
1832 | */ | 1834 | */ |
1833 | enum GNUNET_DB_QueryStatus | 1835 | enum GNUNET_DB_QueryStatus |
diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index 80a07318b..8e523e3b4 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c | |||
@@ -1024,7 +1024,12 @@ decode_keys_json (const json_t *resp_obj, | |||
1024 | } | 1024 | } |
1025 | } | 1025 | } |
1026 | if (GNUNET_YES == found) | 1026 | if (GNUNET_YES == found) |
1027 | { | ||
1028 | GNUNET_array_grow (ai.denom_keys, | ||
1029 | ai.num_denom_keys, | ||
1030 | 0); | ||
1027 | continue; /* we are done */ | 1031 | continue; /* we are done */ |
1032 | } | ||
1028 | if (key_data->auditors_size == key_data->num_auditors) | 1033 | if (key_data->auditors_size == key_data->num_auditors) |
1029 | GNUNET_array_grow (key_data->auditors, | 1034 | GNUNET_array_grow (key_data->auditors, |
1030 | key_data->auditors_size, | 1035 | key_data->auditors_size, |
@@ -1564,11 +1569,15 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, | |||
1564 | return; | 1569 | return; |
1565 | } | 1570 | } |
1566 | if (0 != version) | 1571 | if (0 != version) |
1572 | { | ||
1573 | GNUNET_JSON_parse_free (spec); | ||
1567 | return; /* unsupported version */ | 1574 | return; /* unsupported version */ |
1575 | } | ||
1568 | if (0 != strcmp (url, | 1576 | if (0 != strcmp (url, |
1569 | exchange->url)) | 1577 | exchange->url)) |
1570 | { | 1578 | { |
1571 | GNUNET_break (0); | 1579 | GNUNET_break (0); |
1580 | GNUNET_JSON_parse_free (spec); | ||
1572 | return; | 1581 | return; |
1573 | } | 1582 | } |
1574 | memset (&key_data, | 1583 | memset (&key_data, |
@@ -1581,6 +1590,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, | |||
1581 | &vc)) | 1590 | &vc)) |
1582 | { | 1591 | { |
1583 | GNUNET_break (0); | 1592 | GNUNET_break (0); |
1593 | GNUNET_JSON_parse_free (spec); | ||
1584 | return; | 1594 | return; |
1585 | } | 1595 | } |
1586 | /* decode successful, initialize with the result */ | 1596 | /* decode successful, initialize with the result */ |
@@ -1594,6 +1604,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, | |||
1594 | exchange->cert_cb (exchange->cert_cb_cls, | 1604 | exchange->cert_cb (exchange->cert_cb_cls, |
1595 | &exchange->key_data, | 1605 | &exchange->key_data, |
1596 | vc); | 1606 | vc); |
1607 | GNUNET_JSON_parse_free (spec); | ||
1597 | } | 1608 | } |
1598 | 1609 | ||
1599 | 1610 | ||