1 files changed, 54 insertions, 35 deletions

diff --git a/src/lib/merchant_api_get_orders.c b/src/lib/merchant_api_get_orders.c
index af2b46d9..459409fd 100644
--- a/src/lib/merchant_api_get_orders.c
+++ b/src/lib/merchant_api_get_orders.c
@@ -30,6 +30,10 @@
 #include <taler/taler_json_lib.h>
 #include <taler/taler_signatures.h>
 
+/**
+ * Maximum number of orders we return.
+ */
+#define MAX_ORDERS 1024
 
 /**
  * Handle for a GET /orders operation.
@@ -77,45 +81,54 @@ parse_orders (const json_t *ia,
               struct TALER_MERCHANT_OrdersGetResponse *ogr,
               struct TALER_MERCHANT_OrdersGetHandle *ogh)
 {
-  unsigned int oes_len = json_array_size (ia);
-  struct TALER_MERCHANT_OrderEntry oes[GNUNET_NZL (oes_len)];
-  size_t index;
-  json_t *value;
+  unsigned int oes_len = (unsigned int) json_array_size (ia);
 
-  json_array_foreach (ia, index, value) {
-    struct TALER_MERCHANT_OrderEntry *ie = &oes[index];
-    struct GNUNET_JSON_Specification spec[] = {
-      GNUNET_JSON_spec_string ("order_id",
-                               &ie->order_id),
-      GNUNET_JSON_spec_timestamp ("timestamp",
-                                  &ie->timestamp),
-      GNUNET_JSON_spec_uint64 ("row_id",
-                               &ie->order_serial),
-      TALER_JSON_spec_amount_any ("amount",
-                                  &ie->amount),
-      GNUNET_JSON_spec_string ("summary",
-                               &ie->summary),
-      GNUNET_JSON_spec_bool ("refundable",
-                             &ie->refundable),
-      GNUNET_JSON_spec_bool ("paid",
-                             &ie->paid),
-      GNUNET_JSON_spec_end ()
-    };
+  if ( (json_array_size (ia) != (size_t)  oes_len) ||
+       (oes_len > MAX_ORDERS) )
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  {
+    struct TALER_MERCHANT_OrderEntry oes[GNUNET_NZL (oes_len)];
+    size_t index;
+    json_t *value;
 
-    if (GNUNET_OK !=
-        GNUNET_JSON_parse (value,
-                           spec,
-                           NULL, NULL))
-    {
-      GNUNET_break_op (0);
-      return GNUNET_SYSERR;
+    json_array_foreach (ia, index, value) {
+      struct TALER_MERCHANT_OrderEntry *ie = &oes[index];
+      struct GNUNET_JSON_Specification spec[] = {
+        GNUNET_JSON_spec_string ("order_id",
+                                 &ie->order_id),
+        GNUNET_JSON_spec_timestamp ("timestamp",
+                                    &ie->timestamp),
+        GNUNET_JSON_spec_uint64 ("row_id",
+                                 &ie->order_serial),
+        TALER_JSON_spec_amount_any ("amount",
+                                    &ie->amount),
+        GNUNET_JSON_spec_string ("summary",
+                                 &ie->summary),
+        GNUNET_JSON_spec_bool ("refundable",
+                               &ie->refundable),
+        GNUNET_JSON_spec_bool ("paid",
+                               &ie->paid),
+        GNUNET_JSON_spec_end ()
+      };
+
+      if (GNUNET_OK !=
+          GNUNET_JSON_parse (value,
+                             spec,
+                             NULL, NULL))
+      {
+        GNUNET_break_op (0);
+        return GNUNET_SYSERR;
+      }
     }
+    ogr->details.ok.orders_length = oes_len;
+    ogr->details.ok.orders = oes;
+    ogh->cb (ogh->cb_cls,
+             ogr);
+    ogh->cb = NULL; /* just to be sure */
   }
-  ogr->details.ok.orders_length = oes_len;
-  ogr->details.ok.orders = oes;
-  ogh->cb (ogh->cb_cls,
-           ogr);
-  ogh->cb = NULL;   /* just to be sure */
   return GNUNET_OK;
 }
 
@@ -275,6 +288,12 @@ TALER_MERCHANT_orders_get3 (
                      / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us;
 
   GNUNET_assert (NULL != backend_url);
+  if ( (delta > MAX_ORDERS) ||
+       (delta < -MAX_ORDERS) )
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
   if (0 == delta)
   {
     GNUNET_break (0);