commit 383f3eb850a2b557c3ae69e791e08420817d78b8
parent 837b7f5f14ea0921e5563bae5b26e026963e6718
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 28 Sep 2015 22:56:20 +0200
properly check contract hash, instead of just computing it twice
Diffstat:
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/mint/taler-mint-httpd_deposit.c b/src/mint/taler-mint-httpd_deposit.c
@@ -136,6 +136,7 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
struct TALER_MINTDB_Deposit deposit;
struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
struct TMH_KS_StateHandle *ks;
+ struct GNUNET_HashCode my_h_wire;
struct TMH_PARSE_FieldSpecification spec[] = {
TMH_PARSE_member_denomination_public_key ("denom_pub", &deposit.coin.denom_pub),
TMH_PARSE_member_denomination_signature ("ub_sig", &deposit.coin.denom_sig),
@@ -169,13 +170,22 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
}
if (GNUNET_OK !=
TALER_hash_json (wire,
- &deposit.h_wire))
+ &my_h_wire))
{
TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
TMH_PARSE_release_data (spec);
return TMH_RESPONSE_reply_arg_invalid (connection,
"wire");
}
+ if (0 != memcmp (&deposit.h_wire,
+ &my_h_wire,
+ sizeof (struct GNUNET_HashCode)))
+ {
+ /* Client hashed contract differently than we did, reject */
+ TMH_PARSE_release_data (spec);
+ return TMH_RESPONSE_reply_arg_invalid (connection,
+ "H_wire");
+ }
ks = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (ks,
&deposit.coin.denom_pub,
