summaryrefslogtreecommitdiff
path: root/src/exchange
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-01-06 15:52:12 +0100
committerChristian Grothoff <christian@grothoff.org>2021-01-06 15:52:12 +0100
commit73a9fe56eb2fd9c7126eeffa396998815112e2e5 (patch)
tree01adc81864e1e12e75ce2b8ff198865af32b8e19 /src/exchange
parent1f9121126395ac56bbccad4c1de60ca5c1c47983 (diff)
downloadexchange-73a9fe56eb2fd9c7126eeffa396998815112e2e5.tar.gz
exchange-73a9fe56eb2fd9c7126eeffa396998815112e2e5.tar.bz2
exchange-73a9fe56eb2fd9c7126eeffa396998815112e2e5.zip
add checks to ensure payto:// URI is well-formed to taler-exchange-offline, and taler-exchange-httpd where applicable (fixes #6675)
Diffstat (limited to 'src/exchange')
-rw-r--r--src/exchange/taler-exchange-httpd_management_wire.c17
-rw-r--r--src/exchange/taler-exchange-httpd_wire.c11
2 files changed, 28 insertions, 0 deletions
diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c
index 5454125f..83c3bbed 100644
--- a/src/exchange/taler-exchange-httpd_management_wire.c
+++ b/src/exchange/taler-exchange-httpd_management_wire.c
@@ -195,6 +195,23 @@ TEH_handler_management_denominations_wire (
TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DETAILS_SIGNATURE_INVALID,
NULL);
}
+ {
+ char *wire_method;
+
+ wire_method = TALER_payto_get_method (awc.payto_uri);
+ if (NULL == wire_method)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "payto:// URI `%s' is malformed\n",
+ awc.payto_uri);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "payto_uri");
+ }
+ GNUNET_free (wire_method);
+ }
qs = TEH_DB_run_transaction (connection,
"add wire",
diff --git a/src/exchange/taler-exchange-httpd_wire.c b/src/exchange/taler-exchange-httpd_wire.c
index 885d10d7..1942c7e4 100644
--- a/src/exchange/taler-exchange-httpd_wire.c
+++ b/src/exchange/taler-exchange-httpd_wire.c
@@ -232,6 +232,15 @@ build_wire_state (void)
"payto_uri"));
GNUNET_assert (NULL != payto_uri);
wire_method = TALER_payto_get_method (payto_uri);
+ if (NULL == wire_method)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "payto:// URI `%s' stored in our database is malformed\n",
+ payto_uri);
+ json_decref (wire_accounts_array);
+ json_decref (wire_fee_object);
+ return NULL;
+ }
if (NULL == json_object_get (wire_fee_object,
wire_method))
{
@@ -248,6 +257,7 @@ build_wire_state (void)
json_decref (a);
json_decref (wire_fee_object);
json_decref (wire_accounts_array);
+ GNUNET_free (wire_method);
return NULL;
}
if (0 == json_array_size (a))
@@ -257,6 +267,7 @@ build_wire_state (void)
wire_method);
json_decref (wire_accounts_array);
json_decref (wire_fee_object);
+ GNUNET_free (wire_method);
return NULL;
}
GNUNET_assert (0 ==