summaryrefslogtreecommitdiff
path: root/src/backend/taler-merchant-httpd.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-11-20 23:37:44 +0100
committerChristian Grothoff <christian@grothoff.org>2021-11-20 23:37:44 +0100
commit0f168f2beb607cbe681f1b37be5d92585fa7922b (patch)
treedf350c1adadfc5035966f1d4234f5698571bba38 /src/backend/taler-merchant-httpd.c
parent861828957b4b2004656de7eda4bc4f313a218277 (diff)
downloadmerchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.tar.gz
merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.tar.bz2
merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.zip
fix #7034: URL decode authorization header token
Diffstat (limited to 'src/backend/taler-merchant-httpd.c')
-rw-r--r--src/backend/taler-merchant-httpd.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 73d3327f..727a982e 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -154,22 +154,28 @@ TMH_check_auth (const char *token,
const struct GNUNET_HashCode *hash)
{
struct GNUNET_HashCode val;
+ char *dec;
+ size_t dec_len;
if (GNUNET_is_zero (hash))
return GNUNET_OK;
if (NULL == token)
return GNUNET_SYSERR;
+ dec_len = GNUNET_STRINGS_urldecode (token,
+ strlen (token),
+ &dec);
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (&val,
sizeof (val),
salt,
sizeof (*salt),
- token,
- strlen (token),
+ dec,
+ dec_len,
"merchant-instance-auth",
strlen ("merchant-instance-auth"),
NULL,
0));
+ GNUNET_free (dec);
return (0 == GNUNET_memcmp (&val,
hash))
? GNUNET_OK
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-04 19:26:58 +0000