summaryrefslogtreecommitdiff
path: root/src/mint
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-09-28 22:56:20 +0200
committerChristian Grothoff <christian@grothoff.org>2015-09-28 22:56:20 +0200
commit383f3eb850a2b557c3ae69e791e08420817d78b8 (patch)
tree1b9fc639391f12de5e6eeca30bb6fce427625809 /src/mint
parent837b7f5f14ea0921e5563bae5b26e026963e6718 (diff)
downloadexchange-383f3eb850a2b557c3ae69e791e08420817d78b8.tar.gz
exchange-383f3eb850a2b557c3ae69e791e08420817d78b8.tar.bz2
exchange-383f3eb850a2b557c3ae69e791e08420817d78b8.zip
properly check contract hash, instead of just computing it twice
Diffstat (limited to 'src/mint')
-rw-r--r--src/mint/taler-mint-httpd_deposit.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/mint/taler-mint-httpd_deposit.c b/src/mint/taler-mint-httpd_deposit.c
index 39696f475..f62e9ed3c 100644
--- a/src/mint/taler-mint-httpd_deposit.c
+++ b/src/mint/taler-mint-httpd_deposit.c
@@ -136,6 +136,7 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
struct TALER_MINTDB_Deposit deposit;
struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
struct TMH_KS_StateHandle *ks;
+ struct GNUNET_HashCode my_h_wire;
struct TMH_PARSE_FieldSpecification spec[] = {
TMH_PARSE_member_denomination_public_key ("denom_pub", &deposit.coin.denom_pub),
TMH_PARSE_member_denomination_signature ("ub_sig", &deposit.coin.denom_sig),
@@ -169,13 +170,22 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
}
if (GNUNET_OK !=
TALER_hash_json (wire,
- &deposit.h_wire))
+ &my_h_wire))
{
TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
TMH_PARSE_release_data (spec);
return TMH_RESPONSE_reply_arg_invalid (connection,
"wire");
}
+ if (0 != memcmp (&deposit.h_wire,
+ &my_h_wire,
+ sizeof (struct GNUNET_HashCode)))
+ {
+ /* Client hashed contract differently than we did, reject */
+ TMH_PARSE_release_data (spec);
+ return TMH_RESPONSE_reply_arg_invalid (connection,
+ "H_wire");
+ }
ks = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (ks,
&deposit.coin.denom_pub,