From 69a07468de8555d5260afab4019e34f40e5ec6be Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 5 Jun 2019 23:38:28 +0200 Subject: working on fix for #5747 --- src/exchange/exchange.conf | 6 ++++++ src/exchange/taler-exchange-httpd.c | 26 +++++++++++++++++++++----- src/exchange/taler-exchange-httpd.h | 5 +++++ src/exchange/taler-exchange-httpd_keystate.c | 10 +++++++++- src/lib/exchange_api_handle.c | 22 +++++++++++----------- 5 files changed, 52 insertions(+), 17 deletions(-) diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index 87b6f18c3..7fe737b72 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -15,6 +15,12 @@ REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/ # This must be adjusted to your actually installation. # MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG +# How long do we allow /keys to be cached at most? The actual +# limit is the minimum of this value and the first expected +# significant change in /keys based on the expiration times. +# Used to artifically reduce caching (addresses #5747). +MAX_KEYS_CACHING = forever + # How to access our database DB = postgres diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index b24feef61..45e0c764b 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -97,6 +97,11 @@ char *TEH_revocation_directory; */ struct GNUNET_CONFIGURATION_Handle *cfg; +/** + * How long is caching /keys allowed at most? + */ +struct GNUNET_TIME_Relative max_keys_caching; + /** * Master public key (according to the * configuration in the exchange directory). @@ -370,8 +375,8 @@ handle_mhd_request (void *cls, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, { "/test/eddsa", MHD_HTTP_METHOD_POST, "application/json", - NULL, 0, - &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK }, + NULL, 0, + &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK }, { "/test/eddsa", NULL, "text/plain", "Only POST is allowed", 0, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, @@ -391,13 +396,12 @@ handle_mhd_request (void *cls, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, { "/test/transfer", MHD_HTTP_METHOD_POST, "application/json", - NULL, 0, - &TEH_TEST_handler_test_transfer, MHD_HTTP_OK }, + NULL, 0, + &TEH_TEST_handler_test_transfer, MHD_HTTP_OK }, { "/test/transfer", NULL, "text/plain", "Only POST is allowed", 0, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, #endif - { NULL, NULL, NULL, NULL, 0, 0 } }; static struct TEH_RequestHandler h404 = @@ -605,6 +609,18 @@ exchange_serve_process_config () { char *TEH_master_public_key_str; + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (cfg, + "exchange", + "MAX_KEYS_CACHING", + &max_keys_caching)) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "MAX_KEYS_CACHING", + "valid relative time expected"); + return GNUNET_SYSERR; + } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "exchange", diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index ef380e8c4..bf0653606 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -38,6 +38,11 @@ extern char *TEH_exchange_currency_string; */ extern int TEH_exchange_connection_close; +/** + * How long is caching /keys allowed at most? + */ +extern struct GNUNET_TIME_Relative max_keys_caching; + /** * The exchange's configuration. */ diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c index 8b56813e3..7d6bb08a3 100644 --- a/src/exchange/taler-exchange-httpd_keystate.c +++ b/src/exchange/taler-exchange-httpd_keystate.c @@ -1166,8 +1166,16 @@ setup_general_response_headers (const struct TEH_KS_StateHandle *key_state, dat)); if (0 != key_state->next_reload.abs_value_us) { - get_date_string (key_state->next_reload, + struct GNUNET_TIME_Absolute m; + + m = GNUNET_TIME_relative_to_absolute (max_keys_caching); + m = GNUNET_TIME_absolute_min (m, + key_state->next_reload); + get_date_string (m, dat); + // FIXME: setting 'm' to FOREVER here exposes + // a crash-bug in lib/ where we access /keys + // data after it was already free'd! GNUNET_break (MHD_YES == MHD_add_response_header (response, MHD_HTTP_HEADER_EXPIRES, diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index f792e89de..9f02d7039 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -1251,29 +1251,29 @@ keys_completed_cb (void *cls, /* Old auditors got just copied into new ones. */ if (GNUNET_OK != decode_keys_json (j, - GNUNET_YES, + GNUNET_YES, &kd, - &vc)) + &vc)) { TALER_LOG_ERROR ("Could not decode /keys response\n"); response_code = 0; for (unsigned int i=0;idenom_keys, - anew->num_denom_keys, - 0); - GNUNET_free (anew->auditor_url); + GNUNET_array_grow (anew->denom_keys, + anew->num_denom_keys, + 0); + GNUNET_free (anew->auditor_url); } GNUNET_free (kd.auditors); kd.auditors = NULL; kd.num_auditors = 0; for (unsigned int i=0;icert_cb (exchange->cert_cb_cls, &exchange->key_data, - vc); + vc); free_key_data (&kd_old); } -- cgit v1.2.3