From 54e63f01df85ee0470493c6d0de29576ce3371c4 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 5 Jul 2020 21:54:11 +0200 Subject: fix #6408: make sure all timestamps are always rounded when they arrive over JSON, or 400 the requester; similarly don't tolerate anything else as client --- src/lib/exchange_api_common.c | 24 +++++++++++----------- src/lib/exchange_api_deposit.c | 4 ++-- src/lib/exchange_api_deposits_get.c | 4 ++-- src/lib/exchange_api_handle.c | 39 ++++++++++++++++++------------------ src/lib/exchange_api_transfers_get.c | 2 +- src/lib/exchange_api_wire.c | 8 ++++---- 6 files changed, 41 insertions(+), 40 deletions(-) (limited to 'src/lib') diff --git a/src/lib/exchange_api_common.c b/src/lib/exchange_api_common.c index e7e87487b..52c0e20ac 100644 --- a/src/lib/exchange_api_common.c +++ b/src/lib/exchange_api_common.c @@ -109,8 +109,8 @@ TALER_EXCHANGE_parse_reserve_history ( GNUNET_JSON_spec_varsize ("wire_reference", &wire_reference, &wire_reference_size), - GNUNET_JSON_spec_absolute_time ("timestamp", - ×tamp), + TALER_JSON_spec_absolute_time ("timestamp", + ×tamp), GNUNET_JSON_spec_string ("sender_account_url", &wire_url), GNUNET_JSON_spec_end () @@ -256,8 +256,8 @@ TALER_EXCHANGE_parse_reserve_history ( &rh->details.recoup_details.exchange_sig), GNUNET_JSON_spec_fixed_auto ("exchange_pub", &rh->details.recoup_details.exchange_pub), - GNUNET_JSON_spec_absolute_time_nbo ("timestamp", - &pc.timestamp), + TALER_JSON_spec_absolute_time_nbo ("timestamp", + &pc.timestamp), GNUNET_JSON_spec_end () }; @@ -328,8 +328,8 @@ TALER_EXCHANGE_parse_reserve_history ( &rh->details.close_details.exchange_pub), TALER_JSON_spec_amount_nbo ("closing_fee", &rcc.closing_fee), - GNUNET_JSON_spec_absolute_time_nbo ("timestamp", - &rcc.timestamp), + TALER_JSON_spec_absolute_time_nbo ("timestamp", + &rcc.timestamp), GNUNET_JSON_spec_end () }; @@ -523,10 +523,10 @@ TALER_EXCHANGE_verify_coin_history ( &dr.h_contract_terms), GNUNET_JSON_spec_fixed_auto ("h_wire", &dr.h_wire), - GNUNET_JSON_spec_absolute_time_nbo ("timestamp", - &dr.wallet_timestamp), - GNUNET_JSON_spec_absolute_time_nbo ("refund_deadline", - &dr.refund_deadline), + TALER_JSON_spec_absolute_time_nbo ("timestamp", + &dr.wallet_timestamp), + TALER_JSON_spec_absolute_time_nbo ("refund_deadline", + &dr.refund_deadline), TALER_JSON_spec_amount_nbo ("deposit_fee", &dr.deposit_fee), GNUNET_JSON_spec_fixed_auto ("merchant_pub", @@ -709,8 +709,8 @@ TALER_EXCHANGE_verify_coin_history ( &exchange_pub), GNUNET_JSON_spec_fixed_auto ("reserve_pub", &pc.reserve_pub), - GNUNET_JSON_spec_absolute_time_nbo ("timestamp", - &pc.timestamp), + TALER_JSON_spec_absolute_time_nbo ("timestamp", + &pc.timestamp), GNUNET_JSON_spec_end () }; diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c index 351fa7a10..bb56ce1c9 100644 --- a/src/lib/exchange_api_deposit.c +++ b/src/lib/exchange_api_deposit.c @@ -198,8 +198,8 @@ verify_deposit_signature_ok (struct TALER_EXCHANGE_DepositHandle *dh, struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("exchange_sig", exchange_sig), GNUNET_JSON_spec_fixed_auto ("exchange_pub", exchange_pub), - GNUNET_JSON_spec_absolute_time_nbo ("exchange_timestamp", - &dh->depconf.exchange_timestamp), + TALER_JSON_spec_absolute_time_nbo ("exchange_timestamp", + &dh->depconf.exchange_timestamp), GNUNET_JSON_spec_end () }; diff --git a/src/lib/exchange_api_deposits_get.c b/src/lib/exchange_api_deposits_get.c index 004a24d42..b070bb506 100644 --- a/src/lib/exchange_api_deposits_get.c +++ b/src/lib/exchange_api_deposits_get.c @@ -149,7 +149,7 @@ handle_deposit_wtid_finished (void *cls, struct TALER_EXCHANGE_DepositData dd; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("wtid", &dwh->depconf.wtid), - GNUNET_JSON_spec_absolute_time ("execution_time", &dd.execution_time), + TALER_JSON_spec_absolute_time ("execution_time", &dd.execution_time), TALER_JSON_spec_amount ("coin_contribution", &dd.coin_contribution), GNUNET_JSON_spec_fixed_auto ("exchange_sig", &dd.exchange_sig), GNUNET_JSON_spec_fixed_auto ("exchange_pub", &dd.exchange_pub), @@ -196,7 +196,7 @@ handle_deposit_wtid_finished (void *cls, /* Transaction known, but not executed yet */ struct GNUNET_TIME_Absolute execution_time; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_absolute_time ("execution_time", &execution_time), + TALER_JSON_spec_absolute_time ("execution_time", &execution_time), GNUNET_JSON_spec_end () }; diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index 283f77043..ab4af8ae8 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -374,12 +374,12 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key, &sign_key_issue_sig), GNUNET_JSON_spec_fixed_auto ("key", &sign_key->key), - GNUNET_JSON_spec_absolute_time ("stamp_start", - &sign_key->valid_from), - GNUNET_JSON_spec_absolute_time ("stamp_expire", - &sign_key->valid_until), - GNUNET_JSON_spec_absolute_time ("stamp_end", - &sign_key->valid_legal), + TALER_JSON_spec_absolute_time ("stamp_start", + &sign_key->valid_from), + TALER_JSON_spec_absolute_time ("stamp_expire", + &sign_key->valid_until), + TALER_JSON_spec_absolute_time ("stamp_end", + &sign_key->valid_legal), GNUNET_JSON_spec_end () }; @@ -441,14 +441,14 @@ parse_json_denomkey (struct TALER_EXCHANGE_DenomPublicKey *denom_key, struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("master_sig", &denom_key->master_sig), - GNUNET_JSON_spec_absolute_time ("stamp_expire_deposit", - &denom_key->expire_deposit), - GNUNET_JSON_spec_absolute_time ("stamp_expire_withdraw", - &denom_key->withdraw_valid_until), - GNUNET_JSON_spec_absolute_time ("stamp_start", - &denom_key->valid_from), - GNUNET_JSON_spec_absolute_time ("stamp_expire_legal", - &denom_key->expire_legal), + TALER_JSON_spec_absolute_time ("stamp_expire_deposit", + &denom_key->expire_deposit), + TALER_JSON_spec_absolute_time ("stamp_expire_withdraw", + &denom_key->withdraw_valid_until), + TALER_JSON_spec_absolute_time ("stamp_start", + &denom_key->valid_from), + TALER_JSON_spec_absolute_time ("stamp_expire_legal", + &denom_key->expire_legal), TALER_JSON_spec_amount ("value", &denom_key->value), TALER_JSON_spec_amount ("fee_withdraw", @@ -825,8 +825,8 @@ decode_keys_json (const json_t *resp_obj, check_sig is false! */ GNUNET_JSON_spec_fixed_auto ("master_public_key", &key_data->master_pub), - GNUNET_JSON_spec_absolute_time ("list_issue_date", - &key_data->list_issue_date), + TALER_JSON_spec_absolute_time ("list_issue_date", + &key_data->list_issue_date), GNUNET_JSON_spec_relative_time ("reserve_closing_delay", &key_data->reserve_closing_delay), GNUNET_JSON_spec_end () @@ -887,7 +887,8 @@ decode_keys_json (const json_t *resp_obj, GNUNET_JSON_parse (resp_obj, (check_sig) ? mspec : &mspec[2], NULL, NULL)); - + EXITIF (GNUNET_OK != + GNUNET_TIME_round_rel (&key_data->reserve_closing_delay)); /* parse the master public key and issue date of the response */ if (check_sig) hash_context = GNUNET_CRYPTO_hash_context_start (); @@ -1568,8 +1569,8 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, &keys), GNUNET_JSON_spec_string ("exchange_url", &url), - GNUNET_JSON_spec_absolute_time ("expire", - &expire), + TALER_JSON_spec_absolute_time ("expire", + &expire), GNUNET_JSON_spec_end () }; struct TALER_EXCHANGE_Keys key_data; diff --git a/src/lib/exchange_api_transfers_get.c b/src/lib/exchange_api_transfers_get.c index 6b5bba8e8..2de025d53 100644 --- a/src/lib/exchange_api_transfers_get.c +++ b/src/lib/exchange_api_transfers_get.c @@ -93,7 +93,7 @@ check_transfers_get_response_ok ( TALER_JSON_spec_amount ("wire_fee", &td.wire_fee), GNUNET_JSON_spec_fixed_auto ("merchant_pub", &merchant_pub), GNUNET_JSON_spec_fixed_auto ("h_wire", &td.h_wire), - GNUNET_JSON_spec_absolute_time ("execution_time", &td.execution_time), + TALER_JSON_spec_absolute_time ("execution_time", &td.execution_time), GNUNET_JSON_spec_json ("deposits", &details_j), GNUNET_JSON_spec_fixed_auto ("exchange_sig", &td.exchange_sig), GNUNET_JSON_spec_fixed_auto ("exchange_pub", &td.exchange_pub), diff --git a/src/lib/exchange_api_wire.c b/src/lib/exchange_api_wire.c index 2602038b7..3ce359998 100644 --- a/src/lib/exchange_api_wire.c +++ b/src/lib/exchange_api_wire.c @@ -148,10 +148,10 @@ parse_fees (json_t *fees) &wa->wire_fee), TALER_JSON_spec_amount ("closing_fee", &wa->closing_fee), - GNUNET_JSON_spec_absolute_time ("start_date", - &wa->start_date), - GNUNET_JSON_spec_absolute_time ("end_date", - &wa->end_date), + TALER_JSON_spec_absolute_time ("start_date", + &wa->start_date), + TALER_JSON_spec_absolute_time ("end_date", + &wa->end_date), GNUNET_JSON_spec_end () }; -- cgit v1.2.3