diff options
| author | Christian Grothoff <grothoff@gnunet.org> | 2023-10-12 16:23:05 +0200 |
|---|---|---|
| committer | Christian Grothoff <grothoff@gnunet.org> | 2023-10-12 16:23:05 +0200 |
| commit | 82a04210fd23a7962566b47caccc8e717a380118 (patch) | |
| tree | cf513af8688f3aecba1ee8d9a65651621b0055b0 /src/util/amount.c | |
| parent | f6c99c78ff3b764f0eda7851ed9ca7f1f63fb5bc (diff) | |
| download | exchange-82a04210fd23a7962566b47caccc8e717a380118.tar.gz exchange-82a04210fd23a7962566b47caccc8e717a380118.tar.bz2 exchange-82a04210fd23a7962566b47caccc8e717a380118.zip | |
update private key files and harden checks for currency codes
Diffstat (limited to 'src/util/amount.c')
| -rw-r--r-- | src/util/amount.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/src/util/amount.c b/src/util/amount.c index 97a1cf46a..88f4b6aae 100644 --- a/src/util/amount.c +++ b/src/util/amount.c @@ -40,6 +40,31 @@ invalidate (struct TALER_Amount *a) enum GNUNET_GenericReturnValue +TALER_check_currency (const char *str) +{ + if (strlen (str) >= TALER_CURRENCY_LEN) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Currency code name `%s' is too long\n", + str); + return GNUNET_SYSERR; + } + /* validate str has only legal characters in it! */ + for (unsigned int i = 0; '\0' != str[i]; i++) + { + if ( ('A' > str[i]) || ('Z' < str[i]) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Currency code name `%s' contains illegal characters (only A-Z allowed)\n", + str); + return GNUNET_SYSERR; + } + } + return GNUNET_OK; +} + + +enum GNUNET_GenericReturnValue TALER_string_to_amount (const char *str, struct TALER_Amount *amount) { @@ -73,12 +98,14 @@ TALER_string_to_amount (const char *str, GNUNET_assert (TALER_CURRENCY_LEN > (colon - str)); for (unsigned int i = 0; i<colon - str; i++) - amount->currency[i] = toupper (str[i]); + amount->currency[i] = str[i]; /* 0-terminate *and* normalize buffer by setting everything to '\0' */ memset (&amount->currency [colon - str], 0, TALER_CURRENCY_LEN - (colon - str)); - + if (GNUNET_OK != + TALER_check_currency (amount->currency)) + return GNUNET_SYSERR; /* skip colon */ value = colon + 1; if ('\0' == value[0]) @@ -193,7 +220,7 @@ TALER_amount_hton (struct TALER_AmountNBO *res, res->value = GNUNET_htonll (d->value); res->fraction = htonl (d->fraction); for (unsigned int i = 0; i<TALER_CURRENCY_LEN; i++) - res->currency[i] = toupper (d->currency[i]); + res->currency[i] = d->currency[i]; } @@ -217,15 +244,15 @@ TALER_amount_set_zero (const char *cur, { size_t slen; - slen = strlen (cur); - if (slen >= TALER_CURRENCY_LEN) + if (GNUNET_OK != + TALER_check_currency (cur)) return GNUNET_SYSERR; + slen = strlen (cur); memset (amount, 0, sizeof (struct TALER_Amount)); for (unsigned int i = 0; i<slen; i++) - amount->currency[i] = toupper (cur[i]); - /* FIXME: check currency consists only of legal characters! */ + amount->currency[i] = cur[i]; return GNUNET_OK; } |