diff options
| author | Christian Grothoff <christian@grothoff.org> | 2024-02-21 20:53:22 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2024-02-21 20:53:22 +0100 |
| commit | f27484a6c21a9e02278cf8560aae56b51c0da668 (patch) | |
| tree | 53461e50c702fa5ec95f88b936c6836cb9fc39dc /src/util/payto.c | |
| parent | 81351ae6329c15d9e375ec6aa1eb469a15f0a3ea (diff) | |
| download | exchange-f27484a6c21a9e02278cf8560aae56b51c0da668.tar.gz exchange-f27484a6c21a9e02278cf8560aae56b51c0da668.tar.bz2 exchange-f27484a6c21a9e02278cf8560aae56b51c0da668.zip | |
fix #8465
Diffstat (limited to 'src/util/payto.c')
| -rw-r--r-- | src/util/payto.c | 80 |
1 files changed, 79 insertions, 1 deletions
diff --git a/src/util/payto.c b/src/util/payto.c index 21889377b..4670e35f0 100644 --- a/src/util/payto.c +++ b/src/util/payto.c @@ -155,7 +155,6 @@ validate_payto_iban (const char *account_url) IBAN_PREFIX, strlen (IBAN_PREFIX))) return NULL; /* not an IBAN */ - iban = strrchr (account_url, '/') + 1; #undef IBAN_PREFIX q = strchr (iban, @@ -189,6 +188,83 @@ validate_payto_iban (const char *account_url) } +/** + * Validate payto://x-taler-bank/ account URL (only account information, + * wire subject and amount are ignored). + * + * @param account_url payto URL to parse + * @return NULL on success, otherwise an error message + * to be freed by the caller + */ +static char * +validate_payto_xtalerbank (const char *account_url) +{ + const char *user; + const char *host; + bool dot_ok; + +#define XTALERBANK_PREFIX "payto://x-taler-bank/" + if (0 != strncasecmp (account_url, + XTALERBANK_PREFIX, + strlen (XTALERBANK_PREFIX))) + return NULL; /* not an IBAN */ + host = &account_url[strlen (XTALERBANK_PREFIX)]; +#undef XTALERBANK_PREFIX + user = strchr (host, '/'); + if (NULL == user) + { + return GNUNET_strdup ("account name missing"); + } + if (user == host) + { + return GNUNET_strdup ("domain name missing"); + } + if ('-' == host[0]) + return GNUNET_strdup ("invalid character '-' at start of domain name"); + if (NULL != strchr (user + 1, '/')) + return GNUNET_strdup ("invalid character '/' after account name"); + dot_ok = false; + while (host != user) + { + char c = host[0]; + + if ('.' == c) + { + if (! dot_ok) + return GNUNET_strdup ("invalid domain name (misplaced '.')"); + dot_ok = false; + } + else + { + if (! ( ('-' == c) || + ( ('0' <= c) && ('9' >= c) ) || + ( ('a' <= c) && ('z' >= c) ) || + ( ('A' <= c) && ('Z' >= c) ) ) ) + { + char *err; + + GNUNET_asprintf (&err, + "invalid character '%c' in domain name", + c); + return err; + } + dot_ok = true; + } + host++; + } + { + char *target; + + target = payto_get_key (account_url, + "receiver-name="); + if (NULL == target) + return GNUNET_strdup ("'receiver-name' parameter missing"); + GNUNET_free (target); + } + return NULL; +} + + char * TALER_payto_validate (const char *payto_uri) { @@ -229,6 +305,8 @@ TALER_payto_validate (const char *payto_uri) if (NULL != (ret = validate_payto_iban (payto_uri))) return ret; /* got a definitive answer */ + if (NULL != (ret = validate_payto_xtalerbank (payto_uri))) + return ret; /* got a definitive answer */ /* Insert other bank account validation methods here later! */ |