From 06f5621fbac43c59b15fa4ef9e0fe92b828cec5b Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 6 Oct 2017 21:04:39 +0200 Subject: better logging if IBAN validation fails, also avoid potentially unbounded stack allocation --- src/exchange-lib/exchange_api_reserve.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'src/exchange-lib') diff --git a/src/exchange-lib/exchange_api_reserve.c b/src/exchange-lib/exchange_api_reserve.c index 40c9d491d..6af500ee2 100644 --- a/src/exchange-lib/exchange_api_reserve.c +++ b/src/exchange-lib/exchange_api_reserve.c @@ -827,7 +827,20 @@ reserve_withdraw_payment_required (struct TALER_EXCHANGE_ReserveWithdrawHandle * total incoming and outgoing amounts */ len = json_array_size (history); { - struct TALER_EXCHANGE_ReserveHistory rhistory[len]; + struct TALER_EXCHANGE_ReserveHistory *rhistory; + + /* Use heap allocation as "len" may be very big and thus this may + not fit on the stack. Use "GNUNET_malloc_large" as a malicious + exchange may theoretically try to crash us by giving a history + that does not fit into our memory. */ + rhistory = GNUNET_malloc_large (sizeof (struct TALER_EXCHANGE_ReserveHistory) * len); + if (NULL == rhistory) + { + GNUNET_break (0); + free_rhistory (rhistory, + len); + return GNUNET_SYSERR; + } if (GNUNET_OK != parse_reserve_history (wsh->exchange, -- cgit v1.2.3