summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2024-03-22 14:46:14 +0100
committerChristian Grothoff <christian@grothoff.org>2024-03-22 14:46:14 +0100
commit8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37 (patch)
tree8d2d4c427e7ca76cd425a50457e5b6c60d240e0f
parent3c1e6918f038404d226fe133e7b0895a72c592ac (diff)
downloadmerchant-8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37.tar.gz
merchant-8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37.tar.bz2
merchant-8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37.zip
fix more size_t / unsigned int confusions in merchant backend
-rw-r--r--src/backend/taler-merchant-httpd_helper.c4
-rw-r--r--src/backend/taler-merchant-httpd_post-orders-ID-abort.c18
-rw-r--r--src/backend/taler-merchant-httpd_post-orders-ID-pay.c34
-rw-r--r--src/backend/taler-merchant-httpd_private-post-orders.c20
4 files changed, 46 insertions, 30 deletions
diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c
index f21b2e48..8fb5823e 100644
--- a/src/backend/taler-merchant-httpd_helper.c
+++ b/src/backend/taler-merchant-httpd_helper.c
@@ -97,7 +97,7 @@ TMH_cmp_wire_account (
bool
TMH_accounts_array_valid (const json_t *accounts)
{
- unsigned int len;
+ size_t len;
if (! json_is_array (accounts))
{
@@ -105,7 +105,7 @@ TMH_accounts_array_valid (const json_t *accounts)
return false;
}
len = json_array_size (accounts);
- for (unsigned int i = 0; i<len; i++)
+ for (size_t i = 0; i<len; i++)
{
json_t *payto_uri = json_array_get (accounts,
i);
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-abort.c b/src/backend/taler-merchant-httpd_post-orders-ID-abort.c
index e7baf540..50a793a3 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-abort.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-abort.c
@@ -186,7 +186,7 @@ struct AbortContext
/**
* Number of coins this abort is for. Length of the @e rd array.
*/
- unsigned int coins_cnt;
+ size_t coins_cnt;
/**
* How often have we retried the 'main' transaction?
@@ -198,7 +198,7 @@ struct AbortContext
* @e coins_cnt, decremented on each transaction that
* successfully finished.
*/
- unsigned int pending;
+ size_t pending;
/**
* Number of transactions still pending for the currently selected
@@ -206,7 +206,7 @@ struct AbortContext
* exchange, decremented on each transaction that successfully
* finished. Once it hits zero, we pick the next exchange.
*/
- unsigned int pending_at_ce;
+ size_t pending_at_ce;
/**
* HTTP status code to use for the reply, i.e 200 for "OK".
@@ -247,7 +247,7 @@ abort_refunds (struct AbortContext *ac)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Aborting pending /deposit operations\n");
- for (unsigned int i = 0; i<ac->coins_cnt; i++)
+ for (size_t i = 0; i<ac->coins_cnt; i++)
{
struct RefundDetails *rdi = &ac->rd[i];
@@ -356,7 +356,7 @@ generate_success_response (struct AbortContext *ac)
"could not create JSON array");
return;
}
- for (unsigned int i = 0; i<ac->coins_cnt; i++)
+ for (size_t i = 0; i<ac->coins_cnt; i++)
{
struct RefundDetails *rdi = &ac->rd[i];
json_t *detail;
@@ -424,7 +424,7 @@ abort_context_cleanup (void *cls)
ac->timeout_task = NULL;
}
abort_refunds (ac);
- for (unsigned int i = 0; i<ac->coins_cnt; i++)
+ for (size_t i = 0; i<ac->coins_cnt; i++)
{
struct RefundDetails *rdi = &ac->rd[i];
@@ -522,7 +522,7 @@ process_abort_with_exchange (void *cls,
/* Initiate refund operation for all coins of
the current exchange (!) */
GNUNET_assert (0 == ac->pending_at_ce);
- for (unsigned int i = 0; i<ac->coins_cnt; i++)
+ for (size_t i = 0; i<ac->coins_cnt; i++)
{
struct RefundDetails *rdi = &ac->rd[i];
@@ -579,7 +579,7 @@ begin_transaction (struct AbortContext *ac);
static void
find_next_exchange (struct AbortContext *ac)
{
- for (unsigned int i = 0; i<ac->coins_cnt; i++)
+ for (size_t i = 0; i<ac->coins_cnt; i++)
{
struct RefundDetails *rdi = &ac->rd[i];
@@ -635,7 +635,7 @@ refund_coins (void *cls,
(void) deposit_fee;
(void) refund_fee;
now = GNUNET_TIME_timestamp_get ();
- for (unsigned int i = 0; i<ac->coins_cnt; i++)
+ for (size_t i = 0; i<ac->coins_cnt; i++)
{
struct RefundDetails *rdi = &ac->rd[i];
enum GNUNET_DB_QueryStatus qs;
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index cbd4aa74..07a6233a 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -418,7 +418,7 @@ struct PayContext
* Number of coins this payment is made of. Length
* of the @e dc array.
*/
- unsigned int coins_cnt;
+ size_t coins_cnt;
/**
* Number of exchanges involved in the payment. Length
@@ -542,7 +542,6 @@ resume_pay_with_response (struct PayContext *pc,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Resuming /pay handling. HTTP status for our reply is %u.\n",
response_code);
-#if 1
for (unsigned int i = 0; i<pc->num_exchanges; i++)
{
struct ExchangeGroup *eg = pc->egs[i];
@@ -561,7 +560,6 @@ resume_pay_with_response (struct PayContext *pc,
}
}
GNUNET_assert (0 == pc->pending_at_eg);
-#endif
if (NULL != pc->timeout_task)
{
GNUNET_SCHEDULER_cancel (pc->timeout_task);
@@ -653,7 +651,7 @@ batch_deposit_transaction (const struct ExchangeGroup *eg,
GNUNET_assert (GNUNET_OK ==
TALER_amount_set_zero (pc->amount.currency,
&total_without_fees));
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
struct TALER_Amount amount_without_fees;
@@ -689,7 +687,7 @@ batch_deposit_transaction (const struct ExchangeGroup *eg,
if (qs <= 0)
return qs; /* Entire batch already known or failure, we're done */
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
@@ -796,7 +794,7 @@ handle_batch_deposit_ok (struct ExchangeGroup *eg,
}
/* Transaction is done, mark affected coins as complete as well. */
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
@@ -986,7 +984,7 @@ process_pay_with_keys (
/* Initiate /batch-deposit operation for all coins of
the current exchange (!) */
group_size = 0;
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
const struct TALER_EXCHANGE_DenomPublicKey *denom_details;
@@ -1144,9 +1142,9 @@ AGE_FAIL:
.refund_deadline = pc->refund_deadline
};
enum TALER_ErrorCode ec;
- unsigned int off = 0;
+ size_t off = 0;
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
@@ -1275,7 +1273,7 @@ phase_batch_deposits (struct PayContext *pc)
struct ExchangeGroup *eg = pc->egs[i];
bool have_coins = false;
- for (unsigned int j = 0; j<pc->coins_cnt; j++)
+ for (size_t j = 0; j<pc->coins_cnt; j++)
{
struct DepositConfirmation *dc = &pc->dc[j];
@@ -1437,7 +1435,7 @@ check_coin_paid (void *cls,
{
struct PayContext *pc = cls;
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
@@ -1511,7 +1509,7 @@ check_coin_refunded (void *cls,
an abort-pay refund (an unusual but possible case), we need
to make sure that existing refunds are accounted for. */
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
@@ -1597,7 +1595,7 @@ check_payment_sufficient (struct PayContext *pc)
GNUNET_assert (GNUNET_OK ==
TALER_amount_set_zero (pc->amount.currency,
&acc_amount));
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
@@ -1834,7 +1832,7 @@ phase_execute_pay_transaction (struct PayContext *pc)
GNUNET_break (GNUNET_OK ==
TALER_amount_set_zero (pc->amount.currency,
&pc->total_refunded));
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
pc->dc[i].found_in_db = false;
pc->pending = pc->coins_cnt;
@@ -2051,7 +2049,7 @@ deposit_paid_check (
{
struct PayContext *pc = cls;
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dci = &pc->dc[i];
@@ -2102,7 +2100,7 @@ phase_contract_paid (struct PayContext *pc)
"lookup_deposits_by_order"));
return;
}
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dci = &pc->dc[i];
@@ -2134,7 +2132,7 @@ phase_contract_paid (struct PayContext *pc)
pc->order_id);
refunds = json_array ();
GNUNET_assert (NULL != refunds);
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dci = &pc->dc[i];
struct TALER_MerchantSignatureP merchant_sig;
@@ -2328,7 +2326,7 @@ phase_check_contract (struct PayContext *pc)
return;
}
- for (unsigned int i = 0; i<pc->coins_cnt; i++)
+ for (size_t i = 0; i<pc->coins_cnt; i++)
{
struct DepositConfirmation *dc = &pc->dc[i];
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
index 6be11f16..7ca56319 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -43,6 +43,11 @@
#define MAX_RETRIES 3
/**
+ * Maximum number of inventory products per order.
+ */
+#define MAX_PRODUCTS 1024
+
+/**
* What is the label under which we find/place the merchant's
* jurisdiction in the locations list by default?
*/
@@ -2189,9 +2194,22 @@ parse_request (struct OrderContext *oc)
/* parse the inventory_products (optionally given) */
if (NULL != ip)
{
+ unsigned int ipl = (unsigned int) json_array_size (ip);
+
+ if ( (json_array_size (ip) != (size_t) ipl) ||
+ (ipl > MAX_PRODUCTS) )
+ {
+ GNUNET_break (0);
+ GNUNET_JSON_parse_free (spec);
+ reply_with_error (oc,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_ALLOCATION_FAILURE,
+ "inventory products too long");
+ return;
+ }
GNUNET_array_grow (oc->parse_request.inventory_products,
oc->parse_request.inventory_products_length,
- json_array_size (ip));
+ (unsigned int) json_array_size (ip));
for (unsigned int i = 0; i<oc->parse_request.inventory_products_length; i++)
{
struct InventoryProduct *ipr = &oc->parse_request.inventory_products[i];