diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-08-25 10:52:14 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-08-25 10:52:14 +0200 |
| commit | f47e0c5d47962f472f814174d46258baeaafdf52 (patch) | |
| tree | d4e278c0e9f0764ec0bc908ccf3e8a089a78c81e | |
| parent | f23e2c2cdc8d2665d76a335f58a640763c9a425e (diff) | |
| download | merchant-f47e0c5d47962f472f814174d46258baeaafdf52.tar.gz merchant-f47e0c5d47962f472f814174d46258baeaafdf52.tar.bz2 merchant-f47e0c5d47962f472f814174d46258baeaafdf52.zip | |
fix use-after-free (#6493)
| -rw-r--r-- | src/backend/taler-merchant-httpd_get-orders-ID.c | 33 |
1 files changed, 14 insertions, 19 deletions
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index 8833329a..43e37d3f 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -787,40 +787,35 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, /* Convert order_id to h_contract_terms */ TMH_db->preflight (TMH_db->cls); + if (NULL == god->contract_terms) { uint64_t order_serial; - if (NULL != god->contract_terms) - { - json_decref (god->contract_terms); - god->contract_terms = NULL; - } qs = TMH_db->lookup_contract_terms (TMH_db->cls, hc->instance->settings.id, order_id, &god->contract_terms, &order_serial); - } - if (0 > qs) - { - /* single, read-only SQL statements should never cause - serialization problems */ - GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); - /* Always report on hard error as well to enable diagnostics */ - GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR, - "database error looking up contract"); + if (0 > qs) + { + /* single, read-only SQL statements should never cause + serialization problems */ + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); + /* Always report on hard error as well to enable diagnostics */ + GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR, + "database error looking up contract"); + } } /* Check client provided the right hash code of the contract terms */ - if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) + if (NULL != god->contract_terms) { struct GNUNET_HashCode h; contract_available = true; - if (GNUNET_OK != TALER_JSON_contract_hash (god->contract_terms, &h)) |