commit 5b159a3c339c81667d815c22d5fdb3cdf5c64308
parent e19052d28d93055db39fb1c03f978bfd2f2875a5
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 26 Apr 2026 00:01:56 +0200
misc bugfixes, including a few rather bad ones (rare missing 0-termination, accidental nonce truncation)
Diffstat:
7 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/src/challenger/challenger-httpd_authorize.c b/src/challenger/challenger-httpd_authorize.c
@@ -175,7 +175,19 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
code_challenge = MHD_lookup_connection_value (hc->connection,
MHD_GET_ARGUMENT_KIND,
"code_challenge");
- /* If we have a code challenge, we default to PLAIN instead of EMPTY */
+ if ( (NULL == code_challenge) &&
+ (CHALLENGER_CM_PLAIN == code_challenge_method_enum) )
+ {
+ /* Client specified code challenge method but then did not give
+ the code_challenge. Reject bad request. */
+ GNUNET_break_op (0);
+ return reply_error (
+ hc,
+ "invalid-request",
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MISSING,
+ "code_challenge");
+ }
if ( (NULL != code_challenge) &&
(CHALLENGER_CM_EMPTY == code_challenge_method_enum) )
code_challenge_method_enum = CHALLENGER_CM_PLAIN;
diff --git a/src/challenger/challenger-httpd_challenge.c b/src/challenger/challenger-httpd_challenge.c
@@ -883,6 +883,9 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
struct MHD_Response *response;
enum MHD_Result ret;
+ // FIXME: this "redirect_url" is incomplete, we need to compute
+ // the full one with 'code' and possibly 'state' as is done
+ // in challenger-httpd_solve.c!
json_t *args = GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("type",
"completed"),
diff --git a/src/challenger/challenger-httpd_common.c b/src/challenger/challenger-httpd_common.c
@@ -100,7 +100,7 @@ CH_compute_code (const struct CHALLENGER_ValidationNonceP *nonce,
&h,
sizeof (h),
nonce,
- sizeof (nonce),
+ sizeof (*nonce),
client_secret,
strlen (client_secret),
GNUNET_CRYPTO_kdf_arg_string (astr),
diff --git a/src/challenger/challenger-httpd_config.c b/src/challenger/challenger-httpd_config.c
@@ -32,6 +32,7 @@
* 3: added support for RFC7636
* 4: added support to pre-initialize address during /setup.
* 5: added support for GET /authorize to have a link in challenge messages to the form
+ * 6: added ``address_type`` field in ``/config``
*/
@@ -58,7 +59,7 @@ CH_handler_config (struct CH_HandlerContext *hc,
GNUNET_JSON_pack_object_incref ("restrictions",
CH_restrictions),
GNUNET_JSON_pack_string ("version",
- "5:2:3"));
+ "6:0:4"));
}
return MHD_queue_response (hc->connection,
MHD_HTTP_OK,
diff --git a/src/challenger/challenger-httpd_setup.c b/src/challenger/challenger-httpd_setup.c
@@ -155,9 +155,9 @@ CH_handler_setup (struct CH_HandlerContext *hc,
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (hc->connection,
- MHD_HTTP_NOT_FOUND,
- TALER_EC_GENERIC_ENDPOINT_UNKNOWN,
- hc->path);
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "client_id");
}
}
client_secret = CH_get_client_secret (hc->connection);
@@ -165,7 +165,7 @@ CH_handler_setup (struct CH_HandlerContext *hc,
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (hc->connection,
- MHD_HTTP_NOT_FOUND,
+ MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MISSING,
MHD_HTTP_HEADER_AUTHORIZATION);
}
@@ -243,14 +243,14 @@ CH_handler_setup (struct CH_HandlerContext *hc,
GNUNET_break (0);
return TALER_MHD_reply_with_error (hc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
- TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
- NULL);
+ TALER_EC_GENERIC_DB_STORE_FAILED,
+ "setup_nonce");
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
GNUNET_break (0);
return TALER_MHD_reply_with_error (hc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
- NULL);
+ "no results from setup_nonce");
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
diff --git a/src/challenger/challenger-httpd_solve.c b/src/challenger/challenger-httpd_solve.c
@@ -223,8 +223,8 @@ CH_handler_solve (struct CH_HandlerContext *hc,
return reply_error (bc,
"invalid-request",
MHD_HTTP_BAD_REQUEST,
- TALER_EC_CHALLENGER_HELPER_EXEC_FAILED,
- hc->path);
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "nonce");
}
TALER_MHD_check_content_length (hc->connection,
1024);
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -195,6 +195,7 @@ post_iter (void *cls,
memcpy (&(*ptr)[slen],
data,
size);
+ (*ptr)[slen + size] = '\0';
return MHD_YES;
}
