diff options
author | Christian Grothoff <christian@grothoff.org> | 2024-01-28 23:07:14 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2024-01-28 23:07:14 +0100 |
commit | 914f6391fe7b61d441a8dcf284844bfd46f9abee (patch) | |
tree | 39414b637b63ad939b56b1fb7294d5ef6fa71cf1 /src/backend/taler-merchant-httpd_private-post-orders.c | |
parent | 9d57484444e28a6c89906bb55afbbdffeb23948a (diff) | |
download | merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.tar.gz merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.tar.bz2 merchant-914f6391fe7b61d441a8dcf284844bfd46f9abee.zip |
fix escaping, fix memory leaks
Diffstat (limited to 'src/backend/taler-merchant-httpd_private-post-orders.c')
-rw-r--r-- | src/backend/taler-merchant-httpd_private-post-orders.c | 60 |
1 files changed, 32 insertions, 28 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c index 5986a521..52c146ef 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders.c +++ b/src/backend/taler-merchant-httpd_private-post-orders.c @@ -265,7 +265,7 @@ struct OrderContext /** * Merchant base URL. */ - const char *merchant_base_url; + char *merchant_base_url; /** * Timestamp of the order. @@ -636,6 +636,7 @@ clean_order (void *cls) json_decref (oc->parse_request.order); /* TODO: Check that all other fields are cleaned up! */ json_decref (oc->serialize_order.contract); + GNUNET_free (oc->parse_order.merchant_base_url); GNUNET_free (oc); } @@ -1452,10 +1453,7 @@ parse_order (struct OrderContext *oc) { const struct TALER_MERCHANTDB_InstanceSettings *settings = &oc->hc->instance->settings; - - oc->parse_order.refund_deadline = GNUNET_TIME_UNIT_FOREVER_TS; - oc->parse_order.wire_deadline = GNUNET_TIME_UNIT_FOREVER_TS; - + const char *merchant_base_url = NULL; const json_t *jmerchant = NULL; /* auto_refund only needs to be type-checked, * mostly because in GNUnet relative times can't @@ -1496,7 +1494,7 @@ parse_order (struct OrderContext *oc) NULL), GNUNET_JSON_spec_mark_optional ( TALER_JSON_spec_web_url ("merchant_base_url", - &oc->parse_order.merchant_base_url), + &merchant_base_url), NULL), GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_object_const ("merchant", @@ -1542,6 +1540,8 @@ parse_order (struct OrderContext *oc) }; enum GNUNET_GenericReturnValue ret; + oc->parse_order.refund_deadline = GNUNET_TIME_UNIT_FOREVER_TS; + oc->parse_order.wire_deadline = GNUNET_TIME_UNIT_FOREVER_TS; ret = TALER_MHD_parse_json_data (oc->connection, oc->parse_request.order, spec); @@ -1770,7 +1770,23 @@ parse_order (struct OrderContext *oc) return; } - if (NULL == oc->parse_order.merchant_base_url) + if (NULL != merchant_base_url) + { + if (('\0' == *merchant_base_url) || + ('/' != merchant_base_url[strlen (merchant_base_url) - 1])) + { + GNUNET_break_op (0); + reply_with_error ( + oc, + MHD_HTTP_BAD_REQUEST, + TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR, + "merchant_base_url is not valid"); + return; + } + oc->parse_order.merchant_base_url + = GNUNET_strdup (merchant_base_url); + } + else { char *url; @@ -1786,27 +1802,11 @@ parse_order (struct OrderContext *oc) "order:merchant_base_url"); return; } - oc->parse_order.merchant_base_url = GNUNET_strdup (url); - GNUNET_free (url); - } - else if (('\0' == *oc->parse_order.merchant_base_url) || - ('/' != oc->parse_order.merchant_base_url[ - strlen (oc->parse_order.merchant_base_url) - 1])) - { - GNUNET_break_op (0); - reply_with_error ( - oc, - MHD_HTTP_BAD_REQUEST, - TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR, - "merchant_base_url is not valid"); - return; + oc->parse_order.merchant_base_url = url; } - if (NULL == oc->parse_order.products) - { - oc->parse_order.products = json_array (); - } - else if (! TMH_products_array_valid (oc->parse_order.products)) + if ( (NULL != oc->parse_order.products) && + (! TMH_products_array_valid (oc->parse_order.products)) ) { GNUNET_break_op (0); reply_with_error ( @@ -1939,8 +1939,12 @@ merge_inventory (struct OrderContext *oc) * parse_request.inventory_products => instructions to add products to contract terms * parse_order.products => contains products that are not from the backend-managed inventory. */ - oc->merge_inventory.products - = json_deep_copy (oc->parse_order.products); + if (NULL != oc->parse_order.products) + oc->merge_inventory.products + = json_deep_copy (oc->parse_order.products); + else + oc->merge_inventory.products + = json_array (); /* Populate products from inventory product array and database */ { GNUNET_assert (NULL != oc->merge_inventory.products); |