summaryrefslogtreecommitdiff
path: root/src/exchange
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2022-05-18 18:05:32 +0200
committerChristian Grothoff <christian@grothoff.org>2022-05-18 18:05:32 +0200
commit344c53c51dac9d5bb09c261c36f3e4d58de1a321 (patch)
treebe65f9f78ca8d39add84a5fc31098e8f806c9555 /src/exchange
parent492d501570106cb2eefa684820d0c64966c153f9 (diff)
downloadexchange-344c53c51dac9d5bb09c261c36f3e4d58de1a321.tar.gz
exchange-344c53c51dac9d5bb09c261c36f3e4d58de1a321.tar.bz2
exchange-344c53c51dac9d5bb09c261c36f3e4d58de1a321.zip
enforce valid payto:// URI in exchange /wire response
Diffstat (limited to 'src/exchange')
-rw-r--r--src/exchange/taler-exchange-httpd_management_wire_enable.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/exchange/taler-exchange-httpd_management_wire_enable.c b/src/exchange/taler-exchange-httpd_management_wire_enable.c
index dfdebec4..25ee0eea 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_enable.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_enable.c
@@ -166,6 +166,23 @@ TEH_handler_management_post_wire (
return MHD_YES; /* failure */
}
TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
+ {
+ char *msg = TALER_payto_validate (awc.payto_uri);
+
+ if (NULL != msg)
+ {
+ MHD_RESULT ret;
+
+ GNUNET_break_op (0);
+ ret = TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PAYTO_URI_MALFORMED,
+ msg);
+ GNUNET_free (msg);
+ return ret;
+ }
+ }
if (GNUNET_OK !=
TALER_exchange_offline_wire_add_verify (awc.payto_uri,
awc.validity_start,