fix more size_t / unsigned int confusions in merchant backend

1 files changed, 19 insertions, 1 deletions

diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
index 6be11f16..7ca56319 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -43,6 +43,11 @@
 #define MAX_RETRIES 3
 
 /**
+ * Maximum number of inventory products per order.
+ */
+#define MAX_PRODUCTS 1024
+
+/**
  * What is the label under which we find/place the merchant's
  * jurisdiction in the locations list by default?
  */
@@ -2189,9 +2194,22 @@ parse_request (struct OrderContext *oc)
   /* parse the inventory_products (optionally given) */
   if (NULL != ip)
   {
+    unsigned int ipl = (unsigned int) json_array_size (ip);
+
+    if ( (json_array_size (ip) != (size_t) ipl) ||
+         (ipl > MAX_PRODUCTS) )
+    {
+      GNUNET_break (0);
+      GNUNET_JSON_parse_free (spec);
+      reply_with_error (oc,
+                        MHD_HTTP_INTERNAL_SERVER_ERROR,
+                        TALER_EC_GENERIC_ALLOCATION_FAILURE,
+                        "inventory products too long");
+      return;
+    }
     GNUNET_array_grow (oc->parse_request.inventory_products,
                        oc->parse_request.inventory_products_length,
-                       json_array_size (ip));
+                       (unsigned int) json_array_size (ip));
     for (unsigned int i = 0; i<oc->parse_request.inventory_products_length; i++)
     {
       struct InventoryProduct *ipr = &oc->parse_request.inventory_products[i];