commit cdc8c5b57bb5992b7afe5c9f36e5e286a930dff8
parent 0a2b049864c8dae0c53c203d46fca89e0e66849d
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 29 Feb 2020 16:54:58 +0100
limit redirects
Diffstat:
14 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/lib/exchange_api_curl_defaults.c b/src/lib/exchange_api_curl_defaults.c
@@ -30,7 +30,7 @@
* @param url URL to query
*/
CURL *
-TEL_curl_easy_get (const char *url)
+TALER_EXCHANGE_curl_easy_get_ (const char *url)
{
CURL *eh;
@@ -43,6 +43,12 @@ TEL_curl_easy_get (const char *url)
curl_easy_setopt (eh,
CURLOPT_FOLLOWLOCATION,
1L));
+ /* limit MAXREDIRS to 5 as a simple security measure against
+ a potential infinite loop caused by a malicious target */
+ GNUNET_assert (CURLE_OK ==
+ curl_easy_setopt (eh,
+ CURLOPT_MAXREDIRS,
+ 5L));
GNUNET_assert (CURLE_OK ==
curl_easy_setopt (eh,
CURLOPT_TCP_FASTOPEN,
diff --git a/src/lib/exchange_api_curl_defaults.h b/src/lib/exchange_api_curl_defaults.h
@@ -36,6 +36,6 @@
* @param url URL to query
*/
CURL *
-TEL_curl_easy_get (const char *url);
+TALER_EXCHANGE_curl_easy_get_ (const char *url);
#endif /* _TALER_CURL_DEFAULTS_H */
diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c
@@ -626,7 +626,7 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange,
dh->dki.key.rsa_public_key = NULL; /* lifetime not warranted, so better
not copy the pointer */
- eh = TEL_curl_easy_get (dh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (dh->url);
if (GNUNET_OK !=
TALER_curl_easy_post (&dh->ctx,
eh,
diff --git a/src/lib/exchange_api_deposits_get.c b/src/lib/exchange_api_deposits_get.c
@@ -366,7 +366,7 @@ TALER_EXCHANGE_deposits_get (struct TALER_EXCHANGE_Handle *exchange,
dwh->depconf.h_contract_terms = *h_contract_terms;
dwh->depconf.coin_pub = *coin_pub;
- eh = TEL_curl_easy_get (dwh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (dwh->url);
ctx = TEAH_handle_to_context (exchange);
dwh->job = GNUNET_CURL_job_add (ctx,
eh,
diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c
@@ -1953,7 +1953,7 @@ request_keys (void *cls)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Requesting keys with URL `%s'.\n",
kr->url);
- eh = TEL_curl_easy_get (kr->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (kr->url);
GNUNET_assert (CURLE_OK ==
curl_easy_setopt (eh,
CURLOPT_VERBOSE,
diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c
@@ -455,7 +455,7 @@ TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange,
lh->coin_priv = *coin_priv;
lh->url = TEAH_path_to_url (exchange,
arg_str);
- eh = TEL_curl_easy_get (lh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (lh->url);
ctx = TEAH_handle_to_context (exchange);
lh->job = GNUNET_CURL_job_add (ctx,
eh,
diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c
@@ -456,7 +456,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
mh->md = md;
mh->url = TEAH_path_to_url (exchange,
arg_str);
- eh = TEL_curl_easy_get (mh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (mh->url);
if (GNUNET_OK !=
TALER_curl_easy_post (&mh->ctx,
eh,
diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c
@@ -389,7 +389,7 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange,
ph->url = TEAH_path_to_url (exchange,
arg_str);
ph->was_refreshed = was_refreshed;
- eh = TEL_curl_easy_get (ph->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (ph->url);
if (GNUNET_OK !=
TALER_curl_easy_post (&ph->ctx,
eh,
diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c
@@ -461,7 +461,7 @@ TALER_EXCHANGE_refreshes_reveal (struct TALER_EXCHANGE_Handle *exchange,
rrh->url = TEAH_path_to_url (rrh->exchange,
arg_str);
- eh = TEL_curl_easy_get (rrh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (rrh->url);
if (GNUNET_OK !=
TALER_curl_easy_post (&rrh->ctx,
eh,
diff --git a/src/lib/exchange_api_refund.c b/src/lib/exchange_api_refund.c
@@ -387,7 +387,7 @@ TALER_EXCHANGE_refund2 (struct TALER_EXCHANGE_Handle *exchange,
TALER_amount_hton (&rh->depconf.refund_fee,
refund_fee);
- eh = TEL_curl_easy_get (rh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (rh->url);
if (GNUNET_OK !=
TALER_curl_easy_post (&rh->ctx,
eh,
diff --git a/src/lib/exchange_api_reserves_get.c b/src/lib/exchange_api_reserves_get.c
@@ -274,7 +274,7 @@ TALER_EXCHANGE_reserves_get (struct TALER_EXCHANGE_Handle *exchange,
rgh->reserve_pub = *reserve_pub;
rgh->url = TEAH_path_to_url (exchange,
arg_str);
- eh = TEL_curl_easy_get (rgh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (rgh->url);
ctx = TEAH_handle_to_context (exchange);
rgh->job = GNUNET_CURL_job_add (ctx,
eh,
diff --git a/src/lib/exchange_api_transfers_get.c b/src/lib/exchange_api_transfers_get.c
@@ -366,7 +366,7 @@ TALER_EXCHANGE_transfers_get (struct TALER_EXCHANGE_Handle *exchange,
}
wdh->url = TEAH_path_to_url (wdh->exchange,
arg_str);
- eh = TEL_curl_easy_get (wdh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (wdh->url);
ctx = TEAH_handle_to_context (exchange);
wdh->job = GNUNET_CURL_job_add (ctx,
eh,
diff --git a/src/lib/exchange_api_wire.c b/src/lib/exchange_api_wire.c
@@ -407,7 +407,7 @@ TALER_EXCHANGE_wire (struct TALER_EXCHANGE_Handle *exchange,
wh->cb_cls = wire_cb_cls;
wh->url = TEAH_path_to_url (exchange, "/wire");
- eh = TEL_curl_easy_get (wh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (wh->url);
ctx = TEAH_handle_to_context (exchange);
wh->job = GNUNET_CURL_job_add (ctx,
eh,
diff --git a/src/lib/exchange_api_withdraw.c b/src/lib/exchange_api_withdraw.c
@@ -426,7 +426,7 @@ reserve_withdraw_internal (struct TALER_EXCHANGE_Handle *exchange,
wh->ps = *ps;
wh->url = TEAH_path_to_url (exchange,
arg_str);
- eh = TEL_curl_easy_get (wh->url);
+ eh = TALER_EXCHANGE_curl_easy_get_ (wh->url);
if (GNUNET_OK !=
TALER_curl_easy_post (&wh->ctx,
eh,
