1 files changed, 44 insertions, 31 deletions
diff --git a/src/lib/merchant_api_get_accounts.c b/src/lib/merchant_api_get_accounts.c
index 95238827..c08cd92d 100644
--- a/src/lib/merchant_api_get_accounts.c
+++ b/src/lib/merchant_api_get_accounts.c
@@ -30,6 +30,10 @@
 #include <taler/taler_json_lib.h>
 #include <taler/taler_signatures.h>
 
+/**
+ * Maximum number of accounts permitted.
+ */
+#define MAX_ACCOUNTS 1024
 
 /**
  * Handle for a GET /accounts operation.
@@ -77,35 +81,44 @@ parse_accounts (const json_t *ia,
                 struct TALER_MERCHANT_AccountsGetResponse *tgr,
                 struct TALER_MERCHANT_AccountsGetHandle *tgh)
 {
-  unsigned int tmpl_len = json_array_size (ia);
-  struct TALER_MERCHANT_AccountEntry tmpl[GNUNET_NZL (tmpl_len)];
-  size_t index;
-  json_t *value;
-
-  json_array_foreach (ia, index, value) {
-    struct TALER_MERCHANT_AccountEntry *ie = &tmpl[index];
-    struct GNUNET_JSON_Specification spec[] = {
-      TALER_JSON_spec_payto_uri ("payto_uri",
-                                 &ie->payto_uri),
-      GNUNET_JSON_spec_fixed_auto ("h_wire",
-                                   &ie->h_wire),
-      GNUNET_JSON_spec_end ()
-    };
-
-    if (GNUNET_OK !=
-        GNUNET_JSON_parse (value,
-                           spec,
-                           NULL, NULL))
-    {
-      GNUNET_break_op (0);
-      return GNUNET_SYSERR;
+  unsigned int tmpl_len = (unsigned int) json_array_size (ia);
+
+  if ( (json_array_size (ia) != (size_t)  tmpl_len) ||
+       (tmpl_len > MAX_ACCOUNTS) )
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  {
+    struct TALER_MERCHANT_AccountEntry tmpl[GNUNET_NZL (tmpl_len)];
+    size_t index;
+    json_t *value;
+
+    json_array_foreach (ia, index, value) {
+      struct TALER_MERCHANT_AccountEntry *ie = &tmpl[index];
+      struct GNUNET_JSON_Specification spec[] = {
+        TALER_JSON_spec_payto_uri ("payto_uri",
+                                   &ie->payto_uri),
+        GNUNET_JSON_spec_fixed_auto ("h_wire",
+                                     &ie->h_wire),
+        GNUNET_JSON_spec_end ()
+      };
+
+      if (GNUNET_OK !=
+          GNUNET_JSON_parse (value,
+                             spec,
+                             NULL, NULL))
+      {
+        GNUNET_break_op (0);
+        return GNUNET_SYSERR;
+      }
     }
+    tgr->details.ok.accounts_length = tmpl_len;
+    tgr->details.ok.accounts = tmpl;
+    tgh->cb (tgh->cb_cls,
+             tgr);
+    tgh->cb = NULL; /* just to be sure */
   }
-  tgr->details.ok.accounts_length = tmpl_len;
-  tgr->details.ok.accounts = tmpl;
-  tgh->cb (tgh->cb_cls,
-           tgr);
-  tgh->cb = NULL; /* just to be sure */
   return GNUNET_OK;
 }
 
@@ -120,8 +133,8 @@ parse_accounts (const json_t *ia,
  */
 static void
 handle_get_accounts_finished (void *cls,
-                               long response_code,
-                               const void *response)
+                              long response_code,
+                              const void *response)
 {
   struct TALER_MERCHANT_AccountsGetHandle *tgh = cls;
   const json_t *json = response;
@@ -156,8 +169,8 @@ handle_get_accounts_finished (void *cls,
       }
       if (GNUNET_OK ==
           parse_accounts (accounts,
-                           &tgr,
-                           tgh))
+                          &tgr,
+                          tgh))
       {
         TALER_MERCHANT_accounts_get_cancel (tgh);
         return;