diff options
author | Christian Grothoff <christian@grothoff.org> | 2024-03-22 14:46:14 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2024-03-22 14:46:14 +0100 |
commit | 8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37 (patch) | |
tree | 8d2d4c427e7ca76cd425a50457e5b6c60d240e0f | |
parent | 3c1e6918f038404d226fe133e7b0895a72c592ac (diff) | |
download | merchant-8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37.tar.gz merchant-8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37.tar.bz2 merchant-8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37.zip |
fix more size_t / unsigned int confusions in merchant backend
4 files changed, 46 insertions, 30 deletions
diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c index f21b2e48..8fb5823e 100644 --- a/src/backend/taler-merchant-httpd_helper.c +++ b/src/backend/taler-merchant-httpd_helper.c @@ -97,7 +97,7 @@ TMH_cmp_wire_account ( bool TMH_accounts_array_valid (const json_t *accounts) { - unsigned int len; + size_t len; if (! json_is_array (accounts)) { @@ -105,7 +105,7 @@ TMH_accounts_array_valid (const json_t *accounts) return false; } len = json_array_size (accounts); - for (unsigned int i = 0; i<len; i++) + for (size_t i = 0; i<len; i++) { json_t *payto_uri = json_array_get (accounts, i); diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-abort.c b/src/backend/taler-merchant-httpd_post-orders-ID-abort.c index e7baf540..50a793a3 100644 --- a/src/backend/taler-merchant-httpd_post-orders-ID-abort.c +++ b/src/backend/taler-merchant-httpd_post-orders-ID-abort.c @@ -186,7 +186,7 @@ struct AbortContext /** * Number of coins this abort is for. Length of the @e rd array. */ - unsigned int coins_cnt; + size_t coins_cnt; /** * How often have we retried the 'main' transaction? @@ -198,7 +198,7 @@ struct AbortContext * @e coins_cnt, decremented on each transaction that * successfully finished. */ - unsigned int pending; + size_t pending; /** * Number of transactions still pending for the currently selected @@ -206,7 +206,7 @@ struct AbortContext * exchange, decremented on each transaction that successfully * finished. Once it hits zero, we pick the next exchange. */ - unsigned int pending_at_ce; + size_t pending_at_ce; /** * HTTP status code to use for the reply, i.e 200 for "OK". @@ -247,7 +247,7 @@ abort_refunds (struct AbortContext *ac) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Aborting pending /deposit operations\n"); - for (unsigned int i = 0; i<ac->coins_cnt; i++) + for (size_t i = 0; i<ac->coins_cnt; i++) { struct RefundDetails *rdi = &ac->rd[i]; @@ -356,7 +356,7 @@ generate_success_response (struct AbortContext *ac) "could not create JSON array"); return; } - for (unsigned int i = 0; i<ac->coins_cnt; i++) + for (size_t i = 0; i<ac->coins_cnt; i++) { struct RefundDetails *rdi = &ac->rd[i]; json_t *detail; @@ -424,7 +424,7 @@ abort_context_cleanup (void *cls) ac->timeout_task = NULL; } abort_refunds (ac); - for (unsigned int i = 0; i<ac->coins_cnt; i++) + for (size_t i = 0; i<ac->coins_cnt; i++) { struct RefundDetails *rdi = &ac->rd[i]; @@ -522,7 +522,7 @@ process_abort_with_exchange (void *cls, /* Initiate refund operation for all coins of the current exchange (!) */ GNUNET_assert (0 == ac->pending_at_ce); - for (unsigned int i = 0; i<ac->coins_cnt; i++) + for (size_t i = 0; i<ac->coins_cnt; i++) { struct RefundDetails *rdi = &ac->rd[i]; @@ -579,7 +579,7 @@ begin_transaction (struct AbortContext *ac); static void find_next_exchange (struct AbortContext *ac) { - for (unsigned int i = 0; i<ac->coins_cnt; i++) + for (size_t i = 0; i<ac->coins_cnt; i++) { struct RefundDetails *rdi = &ac->rd[i]; @@ -635,7 +635,7 @@ refund_coins (void *cls, (void) deposit_fee; (void) refund_fee; now = GNUNET_TIME_timestamp_get (); - for (unsigned int i = 0; i<ac->coins_cnt; i++) + for (size_t i = 0; i<ac->coins_cnt; i++) { struct RefundDetails *rdi = &ac->rd[i]; enum GNUNET_DB_QueryStatus qs; diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c index cbd4aa74..07a6233a 100644 --- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c +++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c @@ -418,7 +418,7 @@ struct PayContext * Number of coins this payment is made of. Length * of the @e dc array. */ - unsigned int coins_cnt; + size_t coins_cnt; /** * Number of exchanges involved in the payment. Length @@ -542,7 +542,6 @@ resume_pay_with_response (struct PayContext *pc, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Resuming /pay handling. HTTP status for our reply is %u.\n", response_code); -#if 1 for (unsigned int i = 0; i<pc->num_exchanges; i++) { struct ExchangeGroup *eg = pc->egs[i]; @@ -561,7 +560,6 @@ resume_pay_with_response (struct PayContext *pc, } } GNUNET_assert (0 == pc->pending_at_eg); -#endif if (NULL != pc->timeout_task) { GNUNET_SCHEDULER_cancel (pc->timeout_task); @@ -653,7 +651,7 @@ batch_deposit_transaction (const struct ExchangeGroup *eg, GNUNET_assert (GNUNET_OK == TALER_amount_set_zero (pc->amount.currency, &total_without_fees)); - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; struct TALER_Amount amount_without_fees; @@ -689,7 +687,7 @@ batch_deposit_transaction (const struct ExchangeGroup *eg, if (qs <= 0) return qs; /* Entire batch already known or failure, we're done */ - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; @@ -796,7 +794,7 @@ handle_batch_deposit_ok (struct ExchangeGroup *eg, } /* Transaction is done, mark affected coins as complete as well. */ - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; @@ -986,7 +984,7 @@ process_pay_with_keys ( /* Initiate /batch-deposit operation for all coins of the current exchange (!) */ group_size = 0; - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; const struct TALER_EXCHANGE_DenomPublicKey *denom_details; @@ -1144,9 +1142,9 @@ AGE_FAIL: .refund_deadline = pc->refund_deadline }; enum TALER_ErrorCode ec; - unsigned int off = 0; + size_t off = 0; - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; @@ -1275,7 +1273,7 @@ phase_batch_deposits (struct PayContext *pc) struct ExchangeGroup *eg = pc->egs[i]; bool have_coins = false; - for (unsigned int j = 0; j<pc->coins_cnt; j++) + for (size_t j = 0; j<pc->coins_cnt; j++) { struct DepositConfirmation *dc = &pc->dc[j]; @@ -1437,7 +1435,7 @@ check_coin_paid (void *cls, { struct PayContext *pc = cls; - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; @@ -1511,7 +1509,7 @@ check_coin_refunded (void *cls, an abort-pay refund (an unusual but possible case), we need to make sure that existing refunds are accounted for. */ - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; @@ -1597,7 +1595,7 @@ check_payment_sufficient (struct PayContext *pc) GNUNET_assert (GNUNET_OK == TALER_amount_set_zero (pc->amount.currency, &acc_amount)); - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; @@ -1834,7 +1832,7 @@ phase_execute_pay_transaction (struct PayContext *pc) GNUNET_break (GNUNET_OK == TALER_amount_set_zero (pc->amount.currency, &pc->total_refunded)); - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) pc->dc[i].found_in_db = false; pc->pending = pc->coins_cnt; @@ -2051,7 +2049,7 @@ deposit_paid_check ( { struct PayContext *pc = cls; - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dci = &pc->dc[i]; @@ -2102,7 +2100,7 @@ phase_contract_paid (struct PayContext *pc) "lookup_deposits_by_order")); return; } - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dci = &pc->dc[i]; @@ -2134,7 +2132,7 @@ phase_contract_paid (struct PayContext *pc) pc->order_id); refunds = json_array (); GNUNET_assert (NULL != refunds); - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dci = &pc->dc[i]; struct TALER_MerchantSignatureP merchant_sig; @@ -2328,7 +2326,7 @@ phase_check_contract (struct PayContext *pc) return; } - for (unsigned int i = 0; i<pc->coins_cnt; i++) + for (size_t i = 0; i<pc->coins_cnt; i++) { struct DepositConfirmation *dc = &pc->dc[i]; diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c index 6be11f16..7ca56319 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders.c +++ b/src/backend/taler-merchant-httpd_private-post-orders.c @@ -43,6 +43,11 @@ #define MAX_RETRIES 3 /** + * Maximum number of inventory products per order. + */ +#define MAX_PRODUCTS 1024 + +/** * What is the label under which we find/place the merchant's * jurisdiction in the locations list by default? */ @@ -2189,9 +2194,22 @@ parse_request (struct OrderContext *oc) /* parse the inventory_products (optionally given) */ if (NULL != ip) { + unsigned int ipl = (unsigned int) json_array_size (ip); + + if ( (json_array_size (ip) != (size_t) ipl) || + (ipl > MAX_PRODUCTS) ) + { + GNUNET_break (0); + GNUNET_JSON_parse_free (spec); + reply_with_error (oc, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_ALLOCATION_FAILURE, + "inventory products too long"); + return; + } GNUNET_array_grow (oc->parse_request.inventory_products, oc->parse_request.inventory_products_length, - json_array_size (ip)); + (unsigned int) json_array_size (ip)); for (unsigned int i = 0; i<oc->parse_request.inventory_products_length; i++) { struct InventoryProduct *ipr = &oc->parse_request.inventory_products[i]; |