From 1e8d0eb4623bdc1ec2ee6d4edc406085d4c40a7a Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 20 Jul 2017 10:00:42 +0200 Subject: implement #5114 --- src/exchange/taler-exchange-httpd_deposit.c | 33 +++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'src/exchange/taler-exchange-httpd_deposit.c') diff --git a/src/exchange/taler-exchange-httpd_deposit.c b/src/exchange/taler-exchange-httpd_deposit.c index ccbd7754c..0234946d3 100644 --- a/src/exchange/taler-exchange-httpd_deposit.c +++ b/src/exchange/taler-exchange-httpd_deposit.c @@ -293,6 +293,30 @@ verify_and_execute_deposit (struct MHD_Connection *connection, } +/** + * Check that @a ts is reasonably close to our own RTC. + * + * @param ts timestamp to check + * @return #GNUNET_OK if @a ts is reasonable + */ +static int +check_timestamp_current (struct GNUNET_TIME_Absolute ts) +{ + struct GNUNET_TIME_Relative r; + struct GNUNET_TIME_Relative tolerance; + + /* Let's be VERY generous */ + tolerance = GNUNET_TIME_UNIT_MONTHS; + r = GNUNET_TIME_absolute_get_duration (ts); + if (r.rel_value_us > tolerance.rel_value_us) + return GNUNET_SYSERR; + r = GNUNET_TIME_absolute_get_remaining (ts); + if (r.rel_value_us > tolerance.rel_value_us) + return GNUNET_SYSERR; + return GNUNET_OK; +} + + /** * Handle a "/deposit" request. Parses the JSON, and, if successful, * passes the JSON data to #verify_and_execute_deposit() to further @@ -380,6 +404,15 @@ TEH_DEPOSIT_handler_deposit (struct TEH_RequestHandler *rh, GNUNET_free (emsg); return res; } + if (GNUNET_OK != + check_timestamp_current (deposit.timestamp)) + { + GNUNET_break_op (0); + GNUNET_JSON_parse_free (spec); + return TEH_RESPONSE_reply_arg_invalid (connection, + TALER_EC_DEPOSIT_INVALID_TIMESTAMP, + "timestamp"); + } if (GNUNET_OK != TALER_JSON_hash (wire, &my_h_wire)) -- cgit v1.2.3