diff options
| -rw-r--r-- | src/backend/taler-merchant-httpd_private-get-orders.c | 43 | ||||
| -rw-r--r-- | src/lib/merchant_api_get_orders.c | 12 |
2 files changed, 39 insertions, 16 deletions
diff --git a/src/backend/taler-merchant-httpd_private-get-orders.c b/src/backend/taler-merchant-httpd_private-get-orders.c index 576b9ed8..673728d6 100644 --- a/src/backend/taler-merchant-httpd_private-get-orders.c +++ b/src/backend/taler-merchant-httpd_private-get-orders.c @@ -526,14 +526,14 @@ TMH_private_get_orders (const struct TMH_RequestHandler *rh, } else { - char dummy[2]; + char dummy; long long ll; if (1 != sscanf (delta_str, - "%lld%1s", + "%lld%c", &ll, - dummy)) + &dummy)) return TALER_MHD_reply_with_error (connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, @@ -542,12 +542,12 @@ TMH_private_get_orders (const struct TMH_RequestHandler *rh, } } { - const char *date_str; + const char *date_ms_str; - date_str = MHD_lookup_connection_value (connection, - MHD_GET_ARGUMENT_KIND, - "date"); - if (NULL == date_str) + date_ms_str = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "date_ms"); + if (NULL == date_ms_str) { if (of.delta > 0) of.date = GNUNET_TIME_UNIT_ZERO_ABS; @@ -556,13 +556,32 @@ TMH_private_get_orders (const struct TMH_RequestHandler *rh, } else { - if (GNUNET_OK != - GNUNET_STRINGS_fancy_time_to_absolute (date_str, - &of.date)) + char dummy; + unsigned long long ll; + + if (1 != + sscanf (date_ms_str, + "%llu%c", + &ll, + &dummy)) + { + GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "date"); + "date_ms"); + } + of.date.abs_value_us = ll * GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us; + if (of.date.abs_value_us / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us != + ll) + { + /* overflow during multiplication detected */ + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "date_ms"); + } } } { diff --git a/src/lib/merchant_api_get_orders.c b/src/lib/merchant_api_get_orders.c index c7b04ab2..e593b908 100644 --- a/src/lib/merchant_api_get_orders.c +++ b/src/lib/merchant_api_get_orders.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2018, 2020 Taler Systems SA + Copyright (C) 2014-2018, 2020, 2021 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software @@ -272,7 +272,7 @@ TALER_MERCHANT_orders_get2 ( /* build ogh->url with the various optional arguments */ { - const char *dstr; + char dstr[30]; bool have_date; bool have_srow; char cbuf[30]; @@ -291,7 +291,11 @@ TALER_MERCHANT_orders_get2 ( sizeof (cbuf), "%llu", (unsigned long long) start_row); - dstr = GNUNET_STRINGS_absolute_time_to_string (date); + GNUNET_snprintf (dstr, + sizeof (dstr), + "%llu", + date.abs_value_us + / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us); if (delta > 0) { have_date = (0 != date.abs_value_us); @@ -317,7 +321,7 @@ TALER_MERCHANT_orders_get2 ( (TALER_EXCHANGE_YNA_ALL != wired) ? TALER_yna_to_string (wired) : NULL, - "date", + "date_ms", (have_date) ? dstr : NULL, |