summaryrefslogtreecommitdiff
path: root/src/lib/merchant_api_post_order_abort.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/merchant_api_post_order_abort.c')
-rw-r--r--src/lib/merchant_api_post_order_abort.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/merchant_api_post_order_abort.c b/src/lib/merchant_api_post_order_abort.c
index 82cca481..270ceb7e 100644
--- a/src/lib/merchant_api_post_order_abort.c
+++ b/src/lib/merchant_api_post_order_abort.c
@@ -39,6 +39,12 @@
/**
+ * Maximum number of refunds we return.
+ */
+#define MAX_REFUNDS 1024
+
+
+/**
* @brief An abort Handle
*/
struct TALER_MERCHANT_OrderAbortHandle
@@ -127,7 +133,14 @@ check_abort_refund (struct TALER_MERCHANT_OrderAbortHandle *oah,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
- num_refunds = json_array_size (refunds);
+ num_refunds = (unsigned int) json_array_size (refunds);
+ if ( (json_array_size (refunds) != (size_t) num_refunds) ||
+ (num_refunds > MAX_REFUNDS) )
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+
{
struct TALER_MERCHANT_AbortedCoin res[GNUNET_NZL (num_refunds)];
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 14:15:28 +0000