From ca5f0c4d6f2969bfbde9d8cb5fc7f90a95c3d712 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 5 Mar 2021 21:41:55 +0100 Subject: fix #6786: do not die on bogus URL --- src/lib/auditor_api_deposit_confirmation.c | 5 +++++ src/lib/auditor_api_exchanges.c | 6 +++++- src/lib/auditor_api_handle.c | 21 +++++++++++++++------ src/lib/exchange_api_deposit.c | 6 ++++++ src/lib/exchange_api_deposits_get.c | 5 +++++ src/lib/exchange_api_handle.c | 27 ++++++++++++++++++++------- src/lib/exchange_api_link.c | 5 +++++ src/lib/exchange_api_melt.c | 6 ++++++ src/lib/exchange_api_recoup.c | 6 ++++++ src/lib/exchange_api_refreshes_reveal.c | 7 ++++++- src/lib/exchange_api_refund.c | 6 ++++++ src/lib/exchange_api_reserves_get.c | 5 +++++ src/lib/exchange_api_transfers_get.c | 5 +++++ src/lib/exchange_api_wire.c | 5 +++++ src/lib/exchange_api_withdraw2.c | 6 ++++++ 15 files changed, 106 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/lib/auditor_api_deposit_confirmation.c b/src/lib/auditor_api_deposit_confirmation.c index b2126230a..eb84aeadc 100644 --- a/src/lib/auditor_api_deposit_confirmation.c +++ b/src/lib/auditor_api_deposit_confirmation.c @@ -360,6 +360,11 @@ TALER_AUDITOR_deposit_confirmation ( dh->cb_cls = cb_cls; dh->url = TALER_AUDITOR_path_to_url_ (auditor, "/deposit-confirmation"); + if (NULL == dh->url) + { + GNUNET_free (dh); + return NULL; + } eh = TALER_AUDITOR_curl_easy_get_ (dh->url); if ( (NULL == eh) || diff --git a/src/lib/auditor_api_exchanges.c b/src/lib/auditor_api_exchanges.c index ef7a3569e..0fe4ce287 100644 --- a/src/lib/auditor_api_exchanges.c +++ b/src/lib/auditor_api_exchanges.c @@ -221,7 +221,11 @@ TALER_AUDITOR_list_exchanges (struct TALER_AUDITOR_Handle *auditor, leh->cb = cb; leh->cb_cls = cb_cls; leh->url = TALER_AUDITOR_path_to_url_ (auditor, "/exchanges"); - + if (NULL == leh->url) + { + GNUNET_free (leh); + return NULL; + } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "URL for list-exchanges: `%s'\n", leh->url); diff --git a/src/lib/auditor_api_handle.c b/src/lib/auditor_api_handle.c index d3cecf75b..1d5522141 100644 --- a/src/lib/auditor_api_handle.c +++ b/src/lib/auditor_api_handle.c @@ -407,13 +407,10 @@ char * TALER_AUDITOR_path_to_url_ (struct TALER_AUDITOR_Handle *h, const char *path) { - char *ret; GNUNET_assert ('/' == path[0]); - ret = TALER_url_join (h->url, - path + 1, - NULL); - GNUNET_assert (NULL != ret); - return ret; + return TALER_url_join (h->url, + path + 1, + NULL); } @@ -481,6 +478,18 @@ request_version (void *cls) vr->auditor = auditor; vr->url = TALER_AUDITOR_path_to_url_ (auditor, "/version"); + if (NULL == vr->url) + { + struct TALER_AUDITOR_HttpResponse hr = { + .ec = TALER_EC_GENERIC_CONFIGURATION_INVALID + }; + + auditor->version_cb (auditor->version_cb_cls, + &hr, + NULL, + TALER_AUDITOR_VC_PROTOCOL_ERROR); + return; + } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Requesting auditor version with URL `%s'.\n", vr->url); diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c index a3fb8667a..e1b3e6cdd 100644 --- a/src/lib/exchange_api_deposit.c +++ b/src/lib/exchange_api_deposit.c @@ -741,6 +741,12 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange, dh->cb_cls = cb_cls; dh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == dh->url) + { + GNUNET_free (dh); + json_decref (deposit_obj); + return NULL; + } dh->depconf.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS)); dh->depconf.purpose.purpose = htonl ( diff --git a/src/lib/exchange_api_deposits_get.c b/src/lib/exchange_api_deposits_get.c index ab689b5cd..b4bcfbcd0 100644 --- a/src/lib/exchange_api_deposits_get.c +++ b/src/lib/exchange_api_deposits_get.c @@ -373,6 +373,11 @@ TALER_EXCHANGE_deposits_get ( dwh->cb_cls = cb_cls; dwh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == dwh->url) + { + GNUNET_free (dwh); + return NULL; + } dwh->depconf.purpose.size = htonl (sizeof (struct TALER_ConfirmWirePS)); dwh->depconf.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE); dwh->depconf.h_wire = *h_wire; diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index a9203dead..405b46419 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -1293,14 +1293,10 @@ char * TEAH_path_to_url (struct TALER_EXCHANGE_Handle *h, const char *path) { - char *ret; - GNUNET_assert ('/' == path[0]); - ret = TALER_url_join (h->url, - path + 1, - NULL); - GNUNET_assert (NULL != ret); - return ret; + return TALER_url_join (h->url, + path + 1, + NULL); } @@ -1904,6 +1900,21 @@ request_keys (void *cls) url[strlen (url) - 1] = '\0'; kr->url = TEAH_path_to_url (exchange, url); + if (NULL == kr->url) + { + struct TALER_EXCHANGE_HttpResponse hr = { + .ec = TALER_EC_GENERIC_CONFIGURATION_INVALID + }; + + GNUNET_free (kr); + exchange->keys_error_count++; + exchange->state = MHS_FAILED; + exchange->cert_cb (exchange->cert_cb_cls, + &hr, + NULL, + TALER_EXCHANGE_VC_PROTOCOL_ERROR); + return; + } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Requesting keys with URL `%s'.\n", @@ -1911,6 +1922,8 @@ request_keys (void *cls) eh = TALER_EXCHANGE_curl_easy_get_ (kr->url); if (NULL == eh) { + GNUNET_free (kr->url); + GNUNET_free (kr); exchange->retry_delay = EXCHANGE_LIB_BACKOFF (exchange->retry_delay); exchange->retry_task = GNUNET_SCHEDULER_add_delayed (exchange->retry_delay, &request_keys, diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index 5deecadaf..7f29b3b8c 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -468,6 +468,11 @@ TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange, lh->coin_priv = *coin_priv; lh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == lh->url) + { + GNUNET_free (lh); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (lh->url); if (NULL == eh) { diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c index d2aa6bdf1..c3e59905c 100644 --- a/src/lib/exchange_api_melt.c +++ b/src/lib/exchange_api_melt.c @@ -564,6 +564,12 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, mh->md = md; mh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == mh->url) + { + json_decref (melt_obj); + GNUNET_free (mh); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (mh->url); if ( (NULL == eh) || (GNUNET_OK != diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c index a14edceae..e4093a018 100644 --- a/src/lib/exchange_api_recoup.c +++ b/src/lib/exchange_api_recoup.c @@ -390,6 +390,12 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, ph->cb_cls = recoup_cb_cls; ph->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == ph->url) + { + json_decref (recoup_obj); + GNUNET_free (ph); + return NULL; + } ph->was_refreshed = was_refreshed; eh = TALER_EXCHANGE_curl_easy_get_ (ph->url); if ( (NULL == eh) || diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index e551b482e..d0ca605ac 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -466,7 +466,12 @@ TALER_EXCHANGE_refreshes_reveal ( rrh->md = md; rrh->url = TEAH_path_to_url (rrh->exchange, arg_str); - + if (NULL == rrh->url) + { + json_decref (reveal_obj); + GNUNET_free (rrh); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (rrh->url); if ( (NULL == eh) || (GNUNET_OK != diff --git a/src/lib/exchange_api_refund.c b/src/lib/exchange_api_refund.c index 3ccbd3ee0..f991c5f56 100644 --- a/src/lib/exchange_api_refund.c +++ b/src/lib/exchange_api_refund.c @@ -739,6 +739,12 @@ TALER_EXCHANGE_refund (struct TALER_EXCHANGE_Handle *exchange, rh->cb_cls = cb_cls; rh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == rh->url) + { + json_decref (refund_obj); + GNUNET_free (rh); + return NULL; + } rh->depconf.purpose.size = htonl (sizeof (struct TALER_RefundConfirmationPS)); rh->depconf.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND); rh->depconf.h_contract_terms = *h_contract_terms; diff --git a/src/lib/exchange_api_reserves_get.c b/src/lib/exchange_api_reserves_get.c index 9a84b7f37..8977495ec 100644 --- a/src/lib/exchange_api_reserves_get.c +++ b/src/lib/exchange_api_reserves_get.c @@ -290,6 +290,11 @@ TALER_EXCHANGE_reserves_get (struct TALER_EXCHANGE_Handle *exchange, rgh->reserve_pub = *reserve_pub; rgh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == rgh->url) + { + GNUNET_free (rgh); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (rgh->url); if (NULL == eh) { diff --git a/src/lib/exchange_api_transfers_get.c b/src/lib/exchange_api_transfers_get.c index d8ec29089..771a4c0eb 100644 --- a/src/lib/exchange_api_transfers_get.c +++ b/src/lib/exchange_api_transfers_get.c @@ -381,6 +381,11 @@ TALER_EXCHANGE_transfers_get ( } wdh->url = TEAH_path_to_url (wdh->exchange, arg_str); + if (NULL == wdh->url) + { + GNUNET_free (wdh); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (wdh->url); if (NULL == eh) { diff --git a/src/lib/exchange_api_wire.c b/src/lib/exchange_api_wire.c index eb0894c80..4586d2ea1 100644 --- a/src/lib/exchange_api_wire.c +++ b/src/lib/exchange_api_wire.c @@ -435,6 +435,11 @@ TALER_EXCHANGE_wire (struct TALER_EXCHANGE_Handle *exchange, wh->cb_cls = wire_cb_cls; wh->url = TEAH_path_to_url (exchange, "/wire"); + if (NULL == wh->url) + { + GNUNET_free (wh); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (wh->url); GNUNET_break (CURLE_OK == curl_easy_setopt (eh, diff --git a/src/lib/exchange_api_withdraw2.c b/src/lib/exchange_api_withdraw2.c index 30439a599..585cd9215 100644 --- a/src/lib/exchange_api_withdraw2.c +++ b/src/lib/exchange_api_withdraw2.c @@ -464,6 +464,12 @@ TALER_EXCHANGE_withdraw2 ( TALER_B2S (&wh->reserve_pub)); wh->url = TEAH_path_to_url (exchange, arg_str); + if (NULL == wh->url) + { + json_decref (withdraw_obj); + GNUNET_free (wh); + return NULL; + } { CURL *eh; struct GNUNET_CURL_Context *ctx; -- cgit v1.2.3