fix escaping, fix memory leaks

author: Christian Grothoff <christian@grothoff.org> 2024-01-28 23:07:14 +0100
committer: Christian Grothoff <christian@grothoff.org> 2024-01-28 23:07:14 +0100
commit: 914f6391fe7b61d441a8dcf284844bfd46f9abee (patch)
tree: 39414b637b63ad939b56b1fb7294d5ef6fa71cf1 /src/backend/taler-merchant-httpd_private-post-orders.c
parent: 9d57484444e28a6c89906bb55afbbdffeb23948a (diff)
download: merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.tar.gz
merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.tar.bz2
merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.zip
1 files changed, 32 insertions, 28 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
index 5986a521..52c146ef 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -265,7 +265,7 @@ struct OrderContext
     /**
      * Merchant base URL.
      */
-    const char *merchant_base_url;
+    char *merchant_base_url;
 
     /**
      * Timestamp of the order.
@@ -636,6 +636,7 @@ clean_order (void *cls)
   json_decref (oc->parse_request.order);
   /* TODO: Check that all other fields are cleaned up! */
   json_decref (oc->serialize_order.contract);
+  GNUNET_free (oc->parse_order.merchant_base_url);
   GNUNET_free (oc);
 }
 
@@ -1452,10 +1453,7 @@ parse_order (struct OrderContext *oc)
 {
   const struct TALER_MERCHANTDB_InstanceSettings *settings =
     &oc->hc->instance->settings;
-
-  oc->parse_order.refund_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
-  oc->parse_order.wire_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
-
+  const char *merchant_base_url = NULL;
   const json_t *jmerchant = NULL;
   /* auto_refund only needs to be type-checked,
    * mostly because in GNUnet relative times can't
@@ -1496,7 +1494,7 @@ parse_order (struct OrderContext *oc)
       NULL),
     GNUNET_JSON_spec_mark_optional (
       TALER_JSON_spec_web_url ("merchant_base_url",
-                               &oc->parse_order.merchant_base_url),
+                               &merchant_base_url),
       NULL),
     GNUNET_JSON_spec_mark_optional (
       GNUNET_JSON_spec_object_const ("merchant",
@@ -1542,6 +1540,8 @@ parse_order (struct OrderContext *oc)
   };
   enum GNUNET_GenericReturnValue ret;
 
+  oc->parse_order.refund_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
+  oc->parse_order.wire_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
   ret = TALER_MHD_parse_json_data (oc->connection,
                                    oc->parse_request.order,
                                    spec);
@@ -1770,7 +1770,23 @@ parse_order (struct OrderContext *oc)
     return;
   }
 
-  if (NULL == oc->parse_order.merchant_base_url)
+  if (NULL != merchant_base_url)
+  {
+    if (('\0' == *merchant_base_url) ||
+        ('/' != merchant_base_url[strlen (merchant_base_url) - 1]))
+    {
+      GNUNET_break_op (0);
+      reply_with_error (
+        oc,
+        MHD_HTTP_BAD_REQUEST,
+        TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR,
+        "merchant_base_url is not valid");
+      return;
+    }
+    oc->parse_order.merchant_base_url
+      = GNUNET_strdup (merchant_base_url);
+  }
+  else
   {
     char *url;
 
@@ -1786,27 +1802,11 @@ parse_order (struct OrderContext *oc)
         "order:merchant_base_url");
       return;
     }
-    oc->parse_order.merchant_base_url = GNUNET_strdup (url);
-    GNUNET_free (url);
-  }
-  else if (('\0' == *oc->parse_order.merchant_base_url) ||
-           ('/' != oc->parse_order.merchant_base_url[
-              strlen (oc->parse_order.merchant_base_url) - 1]))
-  {
-    GNUNET_break_op (0);
-    reply_with_error (
-      oc,
-      MHD_HTTP_BAD_REQUEST,
-      TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR,
-      "merchant_base_url is not valid");
-    return;
+    oc->parse_order.merchant_base_url = url;
   }
 
-  if (NULL == oc->parse_order.products)
-  {
-    oc->parse_order.products = json_array ();
-  }
-  else if (! TMH_products_array_valid (oc->parse_order.products))
+  if ( (NULL != oc->parse_order.products) &&
+       (! TMH_products_array_valid (oc->parse_order.products)) )
   {
     GNUNET_break_op (0);
     reply_with_error (
@@ -1939,8 +1939,12 @@ merge_inventory (struct OrderContext *oc)
    * parse_request.inventory_products => instructions to add products to contract terms
    * parse_order.products => contains products that are not from the backend-managed inventory.
    */
-  oc->merge_inventory.products
-    = json_deep_copy (oc->parse_order.products);
+  if (NULL != oc->parse_order.products)
+    oc->merge_inventory.products
+      = json_deep_copy (oc->parse_order.products);
+  else
+    oc->merge_inventory.products
+      = json_array ();
   /* Populate products from inventory product array and database */
   {
     GNUNET_assert (NULL != oc->merge_inventory.products);
author	Christian Grothoff <christian@grothoff.org>	2024-01-28 23:07:14 +0100
committer	Christian Grothoff <christian@grothoff.org>	2024-01-28 23:07:14 +0100
commit	914f6391fe7b61d441a8dcf284844bfd46f9abee (patch)
tree	39414b637b63ad939b56b1fb7294d5ef6fa71cf1 /src/backend/taler-merchant-httpd_private-post-orders.c
parent	9d57484444e28a6c89906bb55afbbdffeb23948a (diff)
download	merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.tar.gz merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.tar.bz2 merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.zip