diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-02-14 23:02:25 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-02-14 23:02:25 +0100 |
commit | bd77bcb52dcad4b761f3db0acaa6b71b112a31c2 (patch) | |
tree | f519ebc30bf0917d9f2e91667a20beac71284586 /src/exchange/taler-exchange-httpd_withdraw.c | |
parent | f4f40a31efd3028dec36c0b84a49617926b5f9c3 (diff) | |
download | exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.tar.gz exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.tar.bz2 exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.zip |
-towards fixing the protocol
Diffstat (limited to 'src/exchange/taler-exchange-httpd_withdraw.c')
-rw-r--r-- | src/exchange/taler-exchange-httpd_withdraw.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index 7572f85d2..3799187c1 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -535,6 +535,10 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, /* Clean up and send back final response */ GNUNET_JSON_parse_free (spec); + // FIXME: in CS-case, we MUST re-transmit any _existing_ signature + // (if database had a record matching the nonce) + // instead of sending a 'fresh' one back (as c0/c1 may differ in + // a client attack! { MHD_RESULT ret; |