commit cc9b71bc7c73c541f7bc49a1a03cdaa491f4b1be
parent b6ebf6a88758b9f67f9e60607bef7f1b715aea7c
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 2 Jun 2026 17:23:18 +0200
fix use-after-free via start jump
Diffstat:
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/donau/donau-httpd_post-batch-issue-CHARITY_ID.c b/src/donau/donau-httpd_post-batch-issue-CHARITY_ID.c
@@ -406,8 +406,6 @@ start:
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"made blind signatures!\n");
- free_bkps (num_bkps,
- bkps);
/* save new receipts to date and save receipts Request (blinded signatures,
* charity id, amount, hash over bkps) to make it idempotent*/
@@ -423,6 +421,8 @@ start:
case GNUNET_DB_STATUS_HARD_ERROR:
case GNUNET_DB_STATUS_SOFT_ERROR:
GNUNET_break (0);
+ free_bkps (num_bkps,
+ bkps);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
@@ -435,6 +435,8 @@ start:
if (! smaller_than_max_per_year)
{
GNUNET_break_op (0);
+ free_bkps (num_bkps,
+ bkps);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_DONAU_EXCEEDING_DONATION_LIMIT,
@@ -451,6 +453,8 @@ start:
for (unsigned int i = 0; i<num_bkps; i++)
GNUNET_CRYPTO_blinded_sig_decref (du_sigs[i].blinded_sig);
}
+ free_bkps (num_bkps,
+ bkps);
return TALER_MHD_REPLY_JSON_PACK (
rc->connection,
MHD_HTTP_OK,
