exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit 344c53c51dac9d5bb09c261c36f3e4d58de1a321
parent 492d501570106cb2eefa684820d0c64966c153f9
Author: Christian Grothoff <christian@grothoff.org>
Date:   Wed, 18 May 2022 18:05:32 +0200

enforce valid payto:// URI in exchange /wire response

Diffstat:

Msrc/exchange-tools/taler-exchange-offline.c | 28++++++++++++++++++++++++++++


Msrc/exchange/taler-exchange-httpd_management_wire_enable.c | 17+++++++++++++++++


Msrc/lib/exchange_api_management_wire_enable.c | 12++++++++++++


3 files changed, 57 insertions(+), 0 deletions(-)

diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
@@ -1395,6 +1395,20 @@ upload_wire_add (const char *exchange_url,
     }
     GNUNET_free (wire_method);
   }
+  {
+    char *msg = TALER_payto_validate (payto_uri);
+
+    if (NULL != msg)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto URI is malformed: %s\n",
+                  msg);
+      GNUNET_free (msg);
+      test_shutdown ();
+      global_ret = EXIT_INVALIDARGUMENT;
+      return;
+    }
+  }
   war = GNUNET_new (struct WireAddRequest);
   war->idx = idx;
   war->h =
@@ -2460,6 +2474,20 @@ do_add_wire (char *const *args)
   if (GNUNET_OK !=
       load_offline_key (GNUNET_NO))
     return;
+  {
+    char *msg = TALER_payto_validate (args[0]);
+
+    if (NULL != msg)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto URI is malformed: %s\n",
+                  msg);
+      GNUNET_free (msg);
+      test_shutdown ();
+      global_ret = EXIT_INVALIDARGUMENT;
+      return;
+    }
+  }
   now = GNUNET_TIME_timestamp_get ();
   {
     char *wire_method;
diff --git a/src/exchange/taler-exchange-httpd_management_wire_enable.c b/src/exchange/taler-exchange-httpd_management_wire_enable.c
@@ -166,6 +166,23 @@ TEH_handler_management_post_wire (
       return MHD_YES; /* failure */
   }
   TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
+  {
+    char *msg = TALER_payto_validate (awc.payto_uri);
+
+    if (NULL != msg)
+    {
+      MHD_RESULT ret;
+
+      GNUNET_break_op (0);
+      ret = TALER_MHD_reply_with_error (
+        connection,
+        MHD_HTTP_BAD_REQUEST,
+        TALER_EC_GENERIC_PAYTO_URI_MALFORMED,
+        msg);
+      GNUNET_free (msg);
+      return ret;
+    }
+  }
   if (GNUNET_OK !=
       TALER_exchange_offline_wire_add_verify (awc.payto_uri,
                                               awc.validity_start,
diff --git a/src/lib/exchange_api_management_wire_enable.c b/src/lib/exchange_api_management_wire_enable.c
@@ -138,6 +138,18 @@ TALER_EXCHANGE_management_enable_wire (
   CURL *eh;
   json_t *body;
 
+  {
+    char *msg = TALER_payto_validate (payto_uri);
+
+    if (NULL != msg)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto URI is malformed: %s\n",
+                  msg);
+      GNUNET_free (msg);
+      return NULL;
+    }
+  }
   wh = GNUNET_new (struct TALER_EXCHANGE_ManagementWireEnableHandle);
   wh->cb = cb;
   wh->cb_cls = cb_cls;