diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-11-20 23:37:44 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-11-20 23:37:44 +0100 |
commit | 0f168f2beb607cbe681f1b37be5d92585fa7922b (patch) | |
tree | df350c1adadfc5035966f1d4234f5698571bba38 /src/backend/taler-merchant-httpd.c | |
parent | 861828957b4b2004656de7eda4bc4f313a218277 (diff) | |
download | merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.tar.gz merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.tar.bz2 merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.zip |
fix #7034: URL decode authorization header token
Diffstat (limited to 'src/backend/taler-merchant-httpd.c')
-rw-r--r-- | src/backend/taler-merchant-httpd.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index 73d3327f..727a982e 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -154,22 +154,28 @@ TMH_check_auth (const char *token, const struct GNUNET_HashCode *hash) { struct GNUNET_HashCode val; + char *dec; + size_t dec_len; if (GNUNET_is_zero (hash)) return GNUNET_OK; if (NULL == token) return GNUNET_SYSERR; + dec_len = GNUNET_STRINGS_urldecode (token, + strlen (token), + &dec); GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (&val, sizeof (val), salt, sizeof (*salt), - token, - strlen (token), + dec, + dec_len, "merchant-instance-auth", strlen ("merchant-instance-auth"), NULL, 0)); + GNUNET_free (dec); return (0 == GNUNET_memcmp (&val, hash)) ? GNUNET_OK |