better logging if IBAN validation fails, also avoid potentially unbounded stack allocation

1 files changed, 14 insertions, 1 deletions

diff --git a/src/exchange-lib/exchange_api_reserve.c b/src/exchange-lib/exchange_api_reserve.c
index 40c9d491d..6af500ee2 100644
--- a/src/exchange-lib/exchange_api_reserve.c
+++ b/src/exchange-lib/exchange_api_reserve.c
@@ -827,7 +827,20 @@ reserve_withdraw_payment_required (struct TALER_EXCHANGE_ReserveWithdrawHandle *
      total incoming and outgoing amounts */
   len = json_array_size (history);
   {
-    struct TALER_EXCHANGE_ReserveHistory rhistory[len];
+    struct TALER_EXCHANGE_ReserveHistory *rhistory;
+
+    /* Use heap allocation as "len" may be very big and thus this may
+       not fit on the stack. Use "GNUNET_malloc_large" as a malicious
+       exchange may theoretically try to crash us by giving a history
+       that does not fit into our memory. */
+    rhistory = GNUNET_malloc_large (sizeof (struct TALER_EXCHANGE_ReserveHistory) * len);
+    if (NULL == rhistory)
+    {
+      GNUNET_break (0);
+      free_rhistory (rhistory,
+                     len);
+      return GNUNET_SYSERR;
+    }
 
     if (GNUNET_OK !=
         parse_reserve_history (wsh->exchange,