commit c0aea528e2a7d470558792270564c0b0b80cfa95
parent 8a7f647601d12ddd33513dced5c19378ebc97e31
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Wed, 15 Jul 2026 23:59:49 +0200
avoid returning -1 as uint32_t
Diffstat:
2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/src/challengerdb/validate_solve_pin.c b/src/challengerdb/validate_solve_pin.c
@@ -28,16 +28,17 @@
enum GNUNET_DB_QueryStatus
CHALLENGERDB_validate_solve_pin (struct CHALLENGERDB_PostgresContext *ctx,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint32_t new_pin,
- bool *solved,
- bool *exhausted,
- bool *no_challenge,
- char **state,
- uint32_t *addr_left,
- uint32_t *auth_attempts_left,
- uint32_t *pin_transmissions_left,
- char **client_redirect_uri)
+ const struct CHALLENGER_ValidationNonceP *nonce
+ ,
+ uint32_t new_pin,
+ bool *solved,
+ bool *exhausted,
+ bool *no_challenge,
+ char **state,
+ uint32_t *addr_left,
+ uint32_t *auth_attempts_left,
+ uint32_t *pin_transmissions_left,
+ char **client_redirect_uri)
{
struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (nonce),
@@ -95,5 +96,11 @@ CHALLENGERDB_validate_solve_pin (struct CHALLENGERDB_PostgresContext *ctx,
return qs;
if (not_found)
return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
+ /* On the solved path the stored procedure returns the -1 sentinel (kept in
+ the DB to mark the challenge as solved), which the uint32 result spec reads
+ as 4294967295. That value is not meaningful to the caller (which only
+ reads it when !solved); normalize it to 0 to avoid leaking the sentinel. */
+ if (*solved)
+ *auth_attempts_left = 0;
return qs;
}
diff --git a/src/include/challenger-database/validate_solve_pin.h b/src/include/challenger-database/validate_solve_pin.h
@@ -38,7 +38,10 @@
* @param[out] no_challenge set to true if we never even issued a challenge
* @param[out] state set to client's OAuth2 state if available
* @param[out] addr_left set to number of address changes remaining
- * @param[out] auth_attempts_left set to number of authentication attempts remaining
+ * @param[out] auth_attempts_left set to number of authentication attempts
+ * remaining; only meaningful when @a solved is false (on the solved
+ * path the stored procedure uses a -1 sentinel, which is normalized
+ * to 0 here)
* @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
* @param[out] client_redirect_uri set to OAuth2 client redirect URI
* @return transaction status: