diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-05-18 18:05:32 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-05-18 18:05:32 +0200 |
commit | 344c53c51dac9d5bb09c261c36f3e4d58de1a321 (patch) | |
tree | be65f9f78ca8d39add84a5fc31098e8f806c9555 /src/exchange | |
parent | 492d501570106cb2eefa684820d0c64966c153f9 (diff) | |
download | exchange-344c53c51dac9d5bb09c261c36f3e4d58de1a321.tar.gz exchange-344c53c51dac9d5bb09c261c36f3e4d58de1a321.tar.bz2 exchange-344c53c51dac9d5bb09c261c36f3e4d58de1a321.zip |
enforce valid payto:// URI in exchange /wire response
Diffstat (limited to 'src/exchange')
-rw-r--r-- | src/exchange/taler-exchange-httpd_management_wire_enable.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/exchange/taler-exchange-httpd_management_wire_enable.c b/src/exchange/taler-exchange-httpd_management_wire_enable.c index dfdebec49..25ee0eeac 100644 --- a/src/exchange/taler-exchange-httpd_management_wire_enable.c +++ b/src/exchange/taler-exchange-httpd_management_wire_enable.c @@ -166,6 +166,23 @@ TEH_handler_management_post_wire ( return MHD_YES; /* failure */ } TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; + { + char *msg = TALER_payto_validate (awc.payto_uri); + + if (NULL != msg) + { + MHD_RESULT ret; + + GNUNET_break_op (0); + ret = TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PAYTO_URI_MALFORMED, + msg); + GNUNET_free (msg); + return ret; + } + } if (GNUNET_OK != TALER_exchange_offline_wire_add_verify (awc.payto_uri, awc.validity_start, |