commit 9f4dbbb26583a066f16854638cceecaa4d29276c
parent 10c6a75d2352c6b506de4bf2c26cc36b006bbe2f
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 2 Nov 2023 20:16:00 +0100
handle scope being NULL
Diffstat:
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/challenger/challenger-httpd_common.c b/src/challenger/challenger-httpd_common.c
@@ -75,11 +75,13 @@ CH_compute_code (const struct CHALLENGER_ValidationNonceP *nonce,
client_secret,
strlen (client_secret),
client_scope,
- strlen (client_scope),
address,
strlen (address),
client_redirect_uri,
strlen (client_redirect_uri),
+ NULL != client_scope
+ ? strlen (client_scope)
+ : 0,
NULL,
0));
ns = GNUNET_STRINGS_data_to_string_alloc (nonce,
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -390,6 +390,21 @@ CH_handler_token (struct CH_HandlerContext *hc,
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
+ if (NULL == address)
+ {
+ GNUNET_break_op (0);
+ GNUNET_free (address);
+ GNUNET_free (client_scope);
+ GNUNET_free (client_secret);
+ GNUNET_free (client_redirect_uri);
+ GNUNET_free (client_state);
+ return TALER_MHD_reply_with_oauth_error (
+ hc->connection,
+ MHD_HTTP_CONFLICT,
+ "invalid_request",
+ TALER_EC_CHALLENGER_MISSING_ADDRESS,
+ "code");
+ }
code = CH_compute_code (&bc->nonce,
client_secret,
client_scope,
