From e3dcc27b680f25a2041781bbedc0219e05608bad Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 4 Mar 2017 17:51:50 +0100
Subject: implementing/fixing #4933: check total_amount matches aggregated
 transactions

---
 src/exchange-lib/exchange_api_track_transfer.c | 39 ++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'src/exchange-lib')

diff --git a/src/exchange-lib/exchange_api_track_transfer.c b/src/exchange-lib/exchange_api_track_transfer.c
index dff39eb29..92e846ce3 100644
--- a/src/exchange-lib/exchange_api_track_transfer.c
+++ b/src/exchange-lib/exchange_api_track_transfer.c
@@ -87,6 +87,7 @@ check_track_transfer_response_ok (struct TALER_EXCHANGE_TrackTransferHandle *wdh
   struct GNUNET_HashCode h_wire;
   struct GNUNET_TIME_Absolute exec_time;
   struct TALER_Amount total_amount;
+  struct TALER_Amount total_expected;
   struct TALER_Amount wire_fee;
   struct TALER_MerchantPublicKeyP merchant_pub;
   unsigned int num_details;
@@ -112,6 +113,13 @@ check_track_transfer_response_ok (struct TALER_EXCHANGE_TrackTransferHandle *wdh
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
+  if (GNUNET_OK !=
+      TALER_amount_get_zero (total_amount.currency,
+                             &total_expected))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   num_details = json_array_size (details_j);
   {
     struct TALER_TrackTransferDetails details[num_details];
@@ -151,6 +159,20 @@ check_track_transfer_response_ok (struct TALER_EXCHANGE_TrackTransferHandle *wdh
                          &detail->coin_value);
       TALER_amount_hton (&dd.deposit_fee,
                          &detail->coin_fee);
+      if ( (GNUNET_OK !=
+            TALER_amount_add (&total_expected,
+                              &total_expected,
+                              &detail->coin_value)) ||
+           (GNUNET_OK !=
+            TALER_amount_subtract (&total_expected,
+                                   &total_expected,
+                                   &detail->coin_fee)) )
+      {
+        GNUNET_break_op (0);
+        GNUNET_CRYPTO_hash_context_abort (hash_context);
+        GNUNET_JSON_parse_free (spec);
+        return GNUNET_SYSERR;
+      }
       GNUNET_CRYPTO_hash_context_read (hash_context,
                                        &dd,
                                        sizeof (struct TALER_WireDepositDetailP));
@@ -182,6 +204,23 @@ check_track_transfer_response_ok (struct TALER_EXCHANGE_TrackTransferHandle *wdh
       GNUNET_JSON_parse_free (spec);
       return GNUNET_SYSERR;
     }
+    if (GNUNET_OK !=
+        TALER_amount_subtract (&total_expected,
+                               &total_expected,
+                               &wire_fee))
+    {
+      GNUNET_break_op (0);
+      GNUNET_JSON_parse_free (spec);
+      return GNUNET_SYSERR;
+    }
+    if (0 !=
+        TALER_amount_cmp (&total_expected,
+                          &total_amount))
+    {
+      GNUNET_break_op (0);
+      GNUNET_JSON_parse_free (spec);
+      return GNUNET_SYSERR;
+    }
     wdh->cb (wdh->cb_cls,
              MHD_HTTP_OK,
 	     TALER_EC_NONE,
-- 
cgit v1.2.3