From 344c53c51dac9d5bb09c261c36f3e4d58de1a321 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 18 May 2022 18:05:32 +0200
Subject: enforce valid payto:// URI in exchange /wire response

---
 .../taler-exchange-httpd_management_wire_enable.c       | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/exchange')

diff --git a/src/exchange/taler-exchange-httpd_management_wire_enable.c b/src/exchange/taler-exchange-httpd_management_wire_enable.c
index dfdebec49..25ee0eeac 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_enable.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_enable.c
@@ -166,6 +166,23 @@ TEH_handler_management_post_wire (
       return MHD_YES; /* failure */
   }
   TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
+  {
+    char *msg = TALER_payto_validate (awc.payto_uri);
+
+    if (NULL != msg)
+    {
+      MHD_RESULT ret;
+
+      GNUNET_break_op (0);
+      ret = TALER_MHD_reply_with_error (
+        connection,
+        MHD_HTTP_BAD_REQUEST,
+        TALER_EC_GENERIC_PAYTO_URI_MALFORMED,
+        msg);
+      GNUNET_free (msg);
+      return ret;
+    }
+  }
   if (GNUNET_OK !=
       TALER_exchange_offline_wire_add_verify (awc.payto_uri,
                                               awc.validity_start,
-- 
cgit v1.2.3