diff options
author | Christian Grothoff <christian@grothoff.org> | 2024-03-22 14:38:37 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2024-03-22 14:38:37 +0100 |
commit | 3c1e6918f038404d226fe133e7b0895a72c592ac (patch) | |
tree | f04a412747cc00db63031380600e067dae2925d2 /src/lib/merchant_api_wallet_post_order_refund.c | |
parent | d9e3d0cdfe83368000068959fc32befbd5be0c46 (diff) | |
download | merchant-3c1e6918f038404d226fe133e7b0895a72c592ac.tar.gz merchant-3c1e6918f038404d226fe133e7b0895a72c592ac.tar.bz2 merchant-3c1e6918f038404d226fe133e7b0895a72c592ac.zip |
fix more json_XXX_size unsigned int issues
Diffstat (limited to 'src/lib/merchant_api_wallet_post_order_refund.c')
-rw-r--r-- | src/lib/merchant_api_wallet_post_order_refund.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/lib/merchant_api_wallet_post_order_refund.c b/src/lib/merchant_api_wallet_post_order_refund.c index 405231ef..e72982f3 100644 --- a/src/lib/merchant_api_wallet_post_order_refund.c +++ b/src/lib/merchant_api_wallet_post_order_refund.c @@ -32,6 +32,10 @@ #include <taler/taler_signatures.h> #include <taler/taler_curl_lib.h> +/** + * Maximum number of refunds we return. + */ +#define MAX_REFUNDS 1024 /** * Handle for a (public) POST /orders/ID/refund operation. @@ -123,6 +127,14 @@ handle_refund_finished (void *cls, break; } refund_len = json_array_size (refunds); + if ( (json_array_size (refunds) != (size_t) refund_len) || + (refund_len > MAX_REFUNDS) ) + { + GNUNET_break (0); + wrr.hr.ec = TALER_EC_GENERIC_ALLOCATION_FAILURE; + wrr.hr.http_status = 0; + break; + } { struct TALER_MERCHANT_RefundDetail rds[GNUNET_NZL (refund_len)]; |