aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-09-15 12:39:15 +0200
committerChristian Grothoff <christian@grothoff.org>2019-09-15 12:39:15 +0200
commitebd2e7d763689430d37386903ac190da4943ce2c (patch)
tree52e62b3005e39923590b300dfa04a37fb88354a0
parenta3d272eb9d1fdb130e98fc9d67198106a2aef53d (diff)
downloadexchange-ebd2e7d763689430d37386903ac190da4943ce2c.tar.gz
exchange-ebd2e7d763689430d37386903ac190da4943ce2c.zip
fix leaks and unnecessary fetch of RSA signature on refresh/reveal
-rw-r--r--src/exchange/taler-exchange-httpd_refresh_reveal.c20
-rw-r--r--src/exchangedb/plugin_exchangedb_postgres.c9
-rw-r--r--src/exchangedb/test_exchangedb.c9
-rw-r--r--src/include/taler_exchangedb_plugin.h4
-rw-r--r--src/lib/exchange_api_handle.c11
5 files changed, 20 insertions, 33 deletions
diff --git a/src/exchange/taler-exchange-httpd_refresh_reveal.c b/src/exchange/taler-exchange-httpd_refresh_reveal.c
index a84e5dea7..8746ba5d0 100644
--- a/src/exchange/taler-exchange-httpd_refresh_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refresh_reveal.c
@@ -273,20 +273,6 @@ refresh_reveal_preflight (void *cls,
273 273
274 274
275/** 275/**
276 * Helper function for #refresh_reveal_transaction() to free internal
277 * state of @a refresh_melt (but not the pointer itself!).
278 *
279 * @param refresh_melt memory to clean up
280 */
281static void
282free_refresh_melt (struct TALER_EXCHANGEDB_RefreshMelt *refresh_melt)
283{
284 GNUNET_CRYPTO_rsa_signature_free (
285 refresh_melt->session.coin.denom_sig.rsa_signature);
286}
287
288
289/**
290 * Execute a "/refresh/reveal". The client is revealing to us the 276 * Execute a "/refresh/reveal". The client is revealing to us the
291 * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the 277 * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the
292 * revealed transfer keys would allow linkage to the blinded coins. 278 * revealed transfer keys would allow linkage to the blinded coins.
@@ -335,8 +321,6 @@ refresh_reveal_transaction (void *cls,
335 GNUNET_break (0); 321 GNUNET_break (0);
336 *mhd_ret = TEH_RESPONSE_reply_internal_db_error (connection, 322 *mhd_ret = TEH_RESPONSE_reply_internal_db_error (connection,
337 TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR); 323 TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR);
338 if (refresh_melt.session.noreveal_index >= TALER_CNC_KAPPA)
339 free_refresh_melt (&refresh_melt);
340 return GNUNET_DB_STATUS_HARD_ERROR; 324 return GNUNET_DB_STATUS_HARD_ERROR;
341 } 325 }
342 326
@@ -424,7 +408,6 @@ refresh_reveal_transaction (void *cls,
424 GNUNET_break_op (0); 408 GNUNET_break_op (0);
425 *mhd_ret = reply_refresh_reveal_missmatch (connection, 409 *mhd_ret = reply_refresh_reveal_missmatch (connection,
426 &rc_expected); 410 &rc_expected);
427 free_refresh_melt (&refresh_melt);
428 return GNUNET_DB_STATUS_HARD_ERROR; 411 return GNUNET_DB_STATUS_HARD_ERROR;
429 } 412 }
430 } /* end of checking "rc_expected" */ 413 } /* end of checking "rc_expected" */
@@ -457,7 +440,6 @@ refresh_reveal_transaction (void *cls,
457 *mhd_ret = TEH_RESPONSE_reply_internal_error (connection, 440 *mhd_ret = TEH_RESPONSE_reply_internal_error (connection,
458 TALER_EC_REFRESH_REVEAL_COST_CALCULATION_OVERFLOW, 441 TALER_EC_REFRESH_REVEAL_COST_CALCULATION_OVERFLOW,
459 "failed to add up refresh costs"); 442 "failed to add up refresh costs");
460 free_refresh_melt (&refresh_melt);
461 return GNUNET_DB_STATUS_HARD_ERROR; 443 return GNUNET_DB_STATUS_HARD_ERROR;
462 } 444 }
463 } 445 }
@@ -468,11 +450,9 @@ refresh_reveal_transaction (void *cls,
468 *mhd_ret = TEH_RESPONSE_reply_external_error (connection, 450 *mhd_ret = TEH_RESPONSE_reply_external_error (connection,
469 TALER_EC_REFRESH_REVEAL_AMOUNT_INSUFFICIENT, 451 TALER_EC_REFRESH_REVEAL_AMOUNT_INSUFFICIENT,
470 "melted coin value is insufficient to cover cost of operation"); 452 "melted coin value is insufficient to cover cost of operation");
471 free_refresh_melt (&refresh_melt);
472 return GNUNET_DB_STATUS_HARD_ERROR; 453 return GNUNET_DB_STATUS_HARD_ERROR;
473 } 454 }
474 } 455 }
475 free_refresh_melt (&refresh_melt);
476 return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; 456 return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
477} 457}
478 458
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c
index acd6e9278..17894281b 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -887,7 +887,6 @@ postgres_prepare (PGconn *db_conn)
887 " kc.denom_pub_hash" 887 " kc.denom_pub_hash"
888 ",denom.fee_refresh_val" 888 ",denom.fee_refresh_val"
889 ",denom.fee_refresh_frac" 889 ",denom.fee_refresh_frac"
890 ",kc.denom_sig"
891 ",old_coin_pub" 890 ",old_coin_pub"
892 ",old_coin_sig" 891 ",old_coin_sig"
893 ",amount_with_fee_val" 892 ",amount_with_fee_val"
@@ -3729,7 +3728,9 @@ postgres_select_refunds_by_coin (void *cls,
3729 * @param cls the `struct PostgresClosure` with the plugin-specific state 3728 * @param cls the `struct PostgresClosure` with the plugin-specific state
3730 * @param session database handle to use, NULL if not run in any transaction 3729 * @param session database handle to use, NULL if not run in any transaction
3731 * @param rc commitment hash to use to locate the operation 3730 * @param rc commitment hash to use to locate the operation
3732 * @param[out] refresh_melt where to store the result 3731 * @param[out] refresh_melt where to store the result; note that
3732 * refresh_melt->session.coin.denom_sig will be set to NULL
3733 * and is not fetched by this routine (as it is not needed by the client)
3733 * @return transaction status 3734 * @return transaction status
3734 */ 3735 */
3735static enum GNUNET_DB_QueryStatus 3736static enum GNUNET_DB_QueryStatus
@@ -3749,9 +3750,6 @@ postgres_get_melt (void *cls,
3749 denom_pub_hash), 3750 denom_pub_hash),
3750 TALER_PQ_RESULT_SPEC_AMOUNT ("fee_refresh", 3751 TALER_PQ_RESULT_SPEC_AMOUNT ("fee_refresh",
3751 &refresh_melt->melt_fee), 3752 &refresh_melt->melt_fee),
3752 GNUNET_PQ_result_spec_rsa_signature ("denom_sig",
3753 &refresh_melt->session.coin.denom_sig.
3754 rsa_signature),
3755 GNUNET_PQ_result_spec_uint32 ("noreveal_index", 3753 GNUNET_PQ_result_spec_uint32 ("noreveal_index",
3756 &refresh_melt->session.noreveal_index), 3754 &refresh_melt->session.noreveal_index),
3757 GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub", 3755 GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub",
@@ -3764,6 +3762,7 @@ postgres_get_melt (void *cls,
3764 }; 3762 };
3765 enum GNUNET_DB_QueryStatus qs; 3763 enum GNUNET_DB_QueryStatus qs;
3766 3764
3765 refresh_melt->session.coin.denom_sig.rsa_signature = NULL;
3767 if (NULL == session) 3766 if (NULL == session)
3768 session = postgres_get_session (pg); 3767 session = postgres_get_session (pg);
3769 qs = GNUNET_PQ_eval_prepared_singleton_select (session->conn, 3768 qs = GNUNET_PQ_eval_prepared_singleton_select (session->conn,
diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c
index 7033f728e..6c48f3a19 100644
--- a/src/exchangedb/test_exchangedb.c
+++ b/src/exchangedb/test_exchangedb.c
@@ -562,19 +562,14 @@ test_melting (struct TALER_EXCHANGEDB_Session *session)
562 GNUNET_memcmp (&refresh_session.rc, &ret_refresh_session.session.rc)); 562 GNUNET_memcmp (&refresh_session.rc, &ret_refresh_session.session.rc));
563 FAILIF (0 != GNUNET_memcmp (&refresh_session.coin_sig, 563 FAILIF (0 != GNUNET_memcmp (&refresh_session.coin_sig,
564 &ret_refresh_session.session.coin_sig)); 564 &ret_refresh_session.session.coin_sig));
565 FAILIF (0 != 565 FAILIF (NULL !=
566 GNUNET_CRYPTO_rsa_signature_cmp ( 566 ret_refresh_session.session.coin.denom_sig.rsa_signature);
567 refresh_session.coin.denom_sig.rsa_signature,
568 ret_refresh_session.session.coin.
569 denom_sig.rsa_signature));
570 FAILIF (0 != memcmp (&refresh_session.coin.coin_pub, 567 FAILIF (0 != memcmp (&refresh_session.coin.coin_pub,
571 &ret_refresh_session.session.coin.coin_pub, 568 &ret_refresh_session.session.coin.coin_pub,
572 sizeof (refresh_session.coin.coin_pub))); 569 sizeof (refresh_session.coin.coin_pub)));
573 FAILIF (0 != 570 FAILIF (0 !=
574 GNUNET_memcmp (&refresh_session.coin.denom_pub_hash, 571 GNUNET_memcmp (&refresh_session.coin.denom_pub_hash,
575 &ret_refresh_session.session.coin.denom_pub_hash)); 572 &ret_refresh_session.session.coin.denom_pub_hash));
576 GNUNET_CRYPTO_rsa_signature_free (
577 ret_refresh_session.session.coin.denom_sig.rsa_signature);
578 573
579 /* test 'select_refreshs_above_serial_id' */ 574 /* test 'select_refreshs_above_serial_id' */
580 auditor_row_cnt = 0; 575 auditor_row_cnt = 0;
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 11404959d..90643d62e 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -1827,7 +1827,9 @@ struct TALER_EXCHANGEDB_Plugin
1827 * @param cls the @e cls of this struct with the plugin-specific state 1827 * @param cls the @e cls of this struct with the plugin-specific state
1828 * @param session database handle to use 1828 * @param session database handle to use
1829 * @param rc commitment to use for the lookup 1829 * @param rc commitment to use for the lookup
1830 * @param[out] refresh_melt where to store the result 1830 * @param[out] refresh_melt where to store the result; note that
1831 * refresh_melt->session.coin.denom_sig will be set to NULL
1832 * and is not fetched by this routine (as it is not needed by the client)
1831 * @return transaction status 1833 * @return transaction status
1832 */ 1834 */
1833 enum GNUNET_DB_QueryStatus 1835 enum GNUNET_DB_QueryStatus
diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c
index 80a07318b..8e523e3b4 100644
--- a/src/lib/exchange_api_handle.c
+++ b/src/lib/exchange_api_handle.c
@@ -1024,7 +1024,12 @@ decode_keys_json (const json_t *resp_obj,
1024 } 1024 }
1025 } 1025 }
1026 if (GNUNET_YES == found) 1026 if (GNUNET_YES == found)
1027 {
1028 GNUNET_array_grow (ai.denom_keys,
1029 ai.num_denom_keys,
1030 0);
1027 continue; /* we are done */ 1031 continue; /* we are done */
1032 }
1028 if (key_data->auditors_size == key_data->num_auditors) 1033 if (key_data->auditors_size == key_data->num_auditors)
1029 GNUNET_array_grow (key_data->auditors, 1034 GNUNET_array_grow (key_data->auditors,
1030 key_data->auditors_size, 1035 key_data->auditors_size,
@@ -1564,11 +1569,15 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
1564 return; 1569 return;
1565 } 1570 }
1566 if (0 != version) 1571 if (0 != version)
1572 {
1573 GNUNET_JSON_parse_free (spec);
1567 return; /* unsupported version */ 1574 return; /* unsupported version */
1575 }
1568 if (0 != strcmp (url, 1576 if (0 != strcmp (url,
1569 exchange->url)) 1577 exchange->url))
1570 { 1578 {
1571 GNUNET_break (0); 1579 GNUNET_break (0);
1580 GNUNET_JSON_parse_free (spec);
1572 return; 1581 return;
1573 } 1582 }
1574 memset (&key_data, 1583 memset (&key_data,
@@ -1581,6 +1590,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
1581 &vc)) 1590 &vc))
1582 { 1591 {
1583 GNUNET_break (0); 1592 GNUNET_break (0);
1593 GNUNET_JSON_parse_free (spec);
1584 return; 1594 return;
1585 } 1595 }
1586 /* decode successful, initialize with the result */ 1596 /* decode successful, initialize with the result */
@@ -1594,6 +1604,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
1594 exchange->cert_cb (exchange->cert_cb_cls, 1604 exchange->cert_cb (exchange->cert_cb_cls,
1595 &exchange->key_data, 1605 &exchange->key_data,
1596 vc); 1606 vc);
1607 GNUNET_JSON_parse_free (spec);
1597} 1608}
1598 1609
1599 1610