exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit d86a6615cc60ba9e9d1a70146d761160564f404a
parent 332a37292c1db7261ebc6bb6fbb9ceacd7cc3220
Author: Christian Grothoff <christian@grothoff.org>
Date:   Fri,  6 Oct 2017 22:04:51 +0200

really carefully check strtoll() return value before casting to uint64_t

Diffstat:

Msrc/auditor/taler-auditor.c | 1+


Msrc/exchange-tools/taler-exchange-keyup.c | 12++++++++----


2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/auditor/taler-auditor.c b/src/auditor/taler-auditor.c
@@ -1941,6 +1941,7 @@ wire_transfer_information_cb (void *cls,
     return;
   }
 
+  GNUNET_assert (NULL != dki); /* mostly to help static analysis */
   /* Check transaction history to see if it supports aggregate
      valuation */
   check_transaction_history (coin_pub,
diff --git a/src/exchange-tools/taler-exchange-keyup.c b/src/exchange-tools/taler-exchange-keyup.c
@@ -363,18 +363,22 @@ get_anchor_iter (void *cls,
   struct GNUNET_TIME_Absolute stamp;
   const char *base;
   char *end = NULL;
+  long long int bval;
 
   base = GNUNET_STRINGS_get_short_name (filename);
-  stamp.abs_value_us = strtoll (base,
-                                &end,
-                                10);
-  if ((NULL == end) || (0 != *end))
+  bval = strtoll (base,
+                  &end,
+                  10);
+  if ( (NULL == end) ||
+       (0 != *end) ||
+       (0 > bval) )
   {
     fprintf(stderr,
             "Ignoring unexpected file `%s'.\n",
             filename);
     return GNUNET_OK;
   }
+  stamp.abs_value_us = (uint64_t) bval;
   *anchor = GNUNET_TIME_absolute_max (stamp,
                                       *anchor);
   return GNUNET_OK;