From ebd2e7d763689430d37386903ac190da4943ce2c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 15 Sep 2019 12:39:15 +0200 Subject: fix leaks and unnecessary fetch of RSA signature on refresh/reveal --- src/exchange/taler-exchange-httpd_refresh_reveal.c | 20 -------------------- src/exchangedb/plugin_exchangedb_postgres.c | 9 ++++----- src/exchangedb/test_exchangedb.c | 9 ++------- src/include/taler_exchangedb_plugin.h | 4 +++- src/lib/exchange_api_handle.c | 11 +++++++++++ 5 files changed, 20 insertions(+), 33 deletions(-) diff --git a/src/exchange/taler-exchange-httpd_refresh_reveal.c b/src/exchange/taler-exchange-httpd_refresh_reveal.c index a84e5dea7..8746ba5d0 100644 --- a/src/exchange/taler-exchange-httpd_refresh_reveal.c +++ b/src/exchange/taler-exchange-httpd_refresh_reveal.c @@ -272,20 +272,6 @@ refresh_reveal_preflight (void *cls, } -/** - * Helper function for #refresh_reveal_transaction() to free internal - * state of @a refresh_melt (but not the pointer itself!). - * - * @param refresh_melt memory to clean up - */ -static void -free_refresh_melt (struct TALER_EXCHANGEDB_RefreshMelt *refresh_melt) -{ - GNUNET_CRYPTO_rsa_signature_free ( - refresh_melt->session.coin.denom_sig.rsa_signature); -} - - /** * Execute a "/refresh/reveal". The client is revealing to us the * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the @@ -335,8 +321,6 @@ refresh_reveal_transaction (void *cls, GNUNET_break (0); *mhd_ret = TEH_RESPONSE_reply_internal_db_error (connection, TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR); - if (refresh_melt.session.noreveal_index >= TALER_CNC_KAPPA) - free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } @@ -424,7 +408,6 @@ refresh_reveal_transaction (void *cls, GNUNET_break_op (0); *mhd_ret = reply_refresh_reveal_missmatch (connection, &rc_expected); - free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } } /* end of checking "rc_expected" */ @@ -457,7 +440,6 @@ refresh_reveal_transaction (void *cls, *mhd_ret = TEH_RESPONSE_reply_internal_error (connection, TALER_EC_REFRESH_REVEAL_COST_CALCULATION_OVERFLOW, "failed to add up refresh costs"); - free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } } @@ -468,11 +450,9 @@ refresh_reveal_transaction (void *cls, *mhd_ret = TEH_RESPONSE_reply_external_error (connection, TALER_EC_REFRESH_REVEAL_AMOUNT_INSUFFICIENT, "melted coin value is insufficient to cover cost of operation"); - free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_HARD_ERROR; } } - free_refresh_melt (&refresh_melt); return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; } diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index acd6e9278..17894281b 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -887,7 +887,6 @@ postgres_prepare (PGconn *db_conn) " kc.denom_pub_hash" ",denom.fee_refresh_val" ",denom.fee_refresh_frac" - ",kc.denom_sig" ",old_coin_pub" ",old_coin_sig" ",amount_with_fee_val" @@ -3729,7 +3728,9 @@ postgres_select_refunds_by_coin (void *cls, * @param cls the `struct PostgresClosure` with the plugin-specific state * @param session database handle to use, NULL if not run in any transaction * @param rc commitment hash to use to locate the operation - * @param[out] refresh_melt where to store the result + * @param[out] refresh_melt where to store the result; note that + * refresh_melt->session.coin.denom_sig will be set to NULL + * and is not fetched by this routine (as it is not needed by the client) * @return transaction status */ static enum GNUNET_DB_QueryStatus @@ -3749,9 +3750,6 @@ postgres_get_melt (void *cls, denom_pub_hash), TALER_PQ_RESULT_SPEC_AMOUNT ("fee_refresh", &refresh_melt->melt_fee), - GNUNET_PQ_result_spec_rsa_signature ("denom_sig", - &refresh_melt->session.coin.denom_sig. - rsa_signature), GNUNET_PQ_result_spec_uint32 ("noreveal_index", &refresh_melt->session.noreveal_index), GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub", @@ -3764,6 +3762,7 @@ postgres_get_melt (void *cls, }; enum GNUNET_DB_QueryStatus qs; + refresh_melt->session.coin.denom_sig.rsa_signature = NULL; if (NULL == session) session = postgres_get_session (pg); qs = GNUNET_PQ_eval_prepared_singleton_select (session->conn, diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index 7033f728e..6c48f3a19 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c @@ -562,19 +562,14 @@ test_melting (struct TALER_EXCHANGEDB_Session *session) GNUNET_memcmp (&refresh_session.rc, &ret_refresh_session.session.rc)); FAILIF (0 != GNUNET_memcmp (&refresh_session.coin_sig, &ret_refresh_session.session.coin_sig)); - FAILIF (0 != - GNUNET_CRYPTO_rsa_signature_cmp ( - refresh_session.coin.denom_sig.rsa_signature, - ret_refresh_session.session.coin. - denom_sig.rsa_signature)); + FAILIF (NULL != + ret_refresh_session.session.coin.denom_sig.rsa_signature); FAILIF (0 != memcmp (&refresh_session.coin.coin_pub, &ret_refresh_session.session.coin.coin_pub, sizeof (refresh_session.coin.coin_pub))); FAILIF (0 != GNUNET_memcmp (&refresh_session.coin.denom_pub_hash, &ret_refresh_session.session.coin.denom_pub_hash)); - GNUNET_CRYPTO_rsa_signature_free ( - ret_refresh_session.session.coin.denom_sig.rsa_signature); /* test 'select_refreshs_above_serial_id' */ auditor_row_cnt = 0; diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 11404959d..90643d62e 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -1827,7 +1827,9 @@ struct TALER_EXCHANGEDB_Plugin * @param cls the @e cls of this struct with the plugin-specific state * @param session database handle to use * @param rc commitment to use for the lookup - * @param[out] refresh_melt where to store the result + * @param[out] refresh_melt where to store the result; note that + * refresh_melt->session.coin.denom_sig will be set to NULL + * and is not fetched by this routine (as it is not needed by the client) * @return transaction status */ enum GNUNET_DB_QueryStatus diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index 80a07318b..8e523e3b4 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -1024,7 +1024,12 @@ decode_keys_json (const json_t *resp_obj, } } if (GNUNET_YES == found) + { + GNUNET_array_grow (ai.denom_keys, + ai.num_denom_keys, + 0); continue; /* we are done */ + } if (key_data->auditors_size == key_data->num_auditors) GNUNET_array_grow (key_data->auditors, key_data->auditors_size, @@ -1564,11 +1569,15 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, return; } if (0 != version) + { + GNUNET_JSON_parse_free (spec); return; /* unsupported version */ + } if (0 != strcmp (url, exchange->url)) { GNUNET_break (0); + GNUNET_JSON_parse_free (spec); return; } memset (&key_data, @@ -1581,6 +1590,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, &vc)) { GNUNET_break (0); + GNUNET_JSON_parse_free (spec); return; } /* decode successful, initialize with the result */ @@ -1594,6 +1604,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, exchange->cert_cb (exchange->cert_cb_cls, &exchange->key_data, vc); + GNUNET_JSON_parse_free (spec); } -- cgit v1.2.3