2 files changed, 28 insertions, 0 deletions

diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c
index 5454125f..83c3bbed 100644
--- a/src/exchange/taler-exchange-httpd_management_wire.c
+++ b/src/exchange/taler-exchange-httpd_management_wire.c
@@ -195,6 +195,23 @@ TEH_handler_management_denominations_wire (
       TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DETAILS_SIGNATURE_INVALID,
       NULL);
   }
+  {
+    char *wire_method;
+
+    wire_method = TALER_payto_get_method (awc.payto_uri);
+    if (NULL == wire_method)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto:// URI `%s' is malformed\n",
+                  awc.payto_uri);
+      return TALER_MHD_reply_with_error (
+        connection,
+        MHD_HTTP_BAD_REQUEST,
+        TALER_EC_GENERIC_PARAMETER_MALFORMED,
+        "payto_uri");
+    }
+    GNUNET_free (wire_method);
+  }
 
   qs = TEH_DB_run_transaction (connection,
                                "add wire",
diff --git a/src/exchange/taler-exchange-httpd_wire.c b/src/exchange/taler-exchange-httpd_wire.c
index 885d10d7..1942c7e4 100644
--- a/src/exchange/taler-exchange-httpd_wire.c
+++ b/src/exchange/taler-exchange-httpd_wire.c
@@ -232,6 +232,15 @@ build_wire_state (void)
                                                                   "payto_uri"));
       GNUNET_assert (NULL != payto_uri);
       wire_method = TALER_payto_get_method (payto_uri);
+      if (NULL == wire_method)
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "payto:// URI `%s' stored in our database is malformed\n",
+                    payto_uri);
+        json_decref (wire_accounts_array);
+        json_decref (wire_fee_object);
+        return NULL;
+      }
       if (NULL == json_object_get (wire_fee_object,
                                    wire_method))
       {
@@ -248,6 +257,7 @@ build_wire_state (void)
           json_decref (a);
           json_decref (wire_fee_object);
           json_decref (wire_accounts_array);
+          GNUNET_free (wire_method);
           return NULL;
         }
         if (0 == json_array_size (a))
@@ -257,6 +267,7 @@ build_wire_state (void)
                       wire_method);
           json_decref (wire_accounts_array);
           json_decref (wire_fee_object);
+          GNUNET_free (wire_method);
           return NULL;
         }
         GNUNET_assert (0 ==