From 8025a725eee08ddc404c1ffe6b9fbe6e61a4aa37 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 22 Mar 2024 14:46:14 +0100 Subject: fix more size_t / unsigned int confusions in merchant backend --- .../taler-merchant-httpd_private-post-orders.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'src/backend/taler-merchant-httpd_private-post-orders.c') diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c index 6be11f16..7ca56319 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders.c +++ b/src/backend/taler-merchant-httpd_private-post-orders.c @@ -42,6 +42,11 @@ */ #define MAX_RETRIES 3 +/** + * Maximum number of inventory products per order. + */ +#define MAX_PRODUCTS 1024 + /** * What is the label under which we find/place the merchant's * jurisdiction in the locations list by default? @@ -2189,9 +2194,22 @@ parse_request (struct OrderContext *oc) /* parse the inventory_products (optionally given) */ if (NULL != ip) { + unsigned int ipl = (unsigned int) json_array_size (ip); + + if ( (json_array_size (ip) != (size_t) ipl) || + (ipl > MAX_PRODUCTS) ) + { + GNUNET_break (0); + GNUNET_JSON_parse_free (spec); + reply_with_error (oc, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_ALLOCATION_FAILURE, + "inventory products too long"); + return; + } GNUNET_array_grow (oc->parse_request.inventory_products, oc->parse_request.inventory_products_length, - json_array_size (ip)); + (unsigned int) json_array_size (ip)); for (unsigned int i = 0; iparse_request.inventory_products_length; i++) { struct InventoryProduct *ipr = &oc->parse_request.inventory_products[i]; -- cgit v1.2.3