diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-11-20 23:37:44 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-11-20 23:37:44 +0100 |
commit | 0f168f2beb607cbe681f1b37be5d92585fa7922b (patch) | |
tree | df350c1adadfc5035966f1d4234f5698571bba38 /src/lib/merchant_api_post_instance_auth.c | |
parent | 861828957b4b2004656de7eda4bc4f313a218277 (diff) | |
download | merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.tar.gz merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.tar.bz2 merchant-0f168f2beb607cbe681f1b37be5d92585fa7922b.zip |
fix #7034: URL decode authorization header token
Diffstat (limited to 'src/lib/merchant_api_post_instance_auth.c')
-rw-r--r-- | src/lib/merchant_api_post_instance_auth.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/lib/merchant_api_post_instance_auth.c b/src/lib/merchant_api_post_instance_auth.c index 382e9c42..e2936c5c 100644 --- a/src/lib/merchant_api_post_instance_auth.c +++ b/src/lib/merchant_api_post_instance_auth.c @@ -174,11 +174,28 @@ TALER_MERCHANT_instance_auth_post ( } else { + char *enc; + + if (0 != strncasecmp (RFC_8959_PREFIX, + auth_token, + strlen (RFC_8959_PREFIX))) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Authentication token must start with `%s'\n", + RFC_8959_PREFIX); + GNUNET_free (iaph->url); + GNUNET_free (iaph); + return NULL; + } + (void) GNUNET_STRINGS_urlencode (auth_token, + strlen (auth_token), + &enc); req_obj = GNUNET_JSON_PACK ( GNUNET_JSON_pack_string ("method", "token"), GNUNET_JSON_pack_string ("token", - auth_token)); + enc)); + GNUNET_free (enc); } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Requesting URL '%s'\n", |