exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit de5e00b086e857a14970d5077fdcf3d849e53194
parent 3106b76b402a52711996716058fc69142ca82518
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Sat, 23 Aug 2025 22:45:26 +0200

fix free() of uninitialized PTR in setup phase

Diffstat:

Msrc/kyclogic/kyclogic_api.c | 5+++++


Msrc/lib/exchange_api_reserves_history.c | 14++++++++------


Msrc/mhd/mhd_config.c | 5+++--


Msrc/mhd/mhd_spa.c | 2++


Msrc/testing/testing_api_cmd_get_active_legitimization_measures.c | 13++++++-------


5 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
@@ -4229,6 +4229,11 @@ TALER_KYCLOGIC_check_to_provider (const char *check_name)
                        "SKIP"))
     return NULL;
   kc = find_check (check_name);
+  if (NULL == kc)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
   switch (kc->type)
   {
   case TALER_KYCLOGIC_CT_FORM:
diff --git a/src/lib/exchange_api_reserves_history.c b/src/lib/exchange_api_reserves_history.c
@@ -340,12 +340,14 @@ parse_withdraw (struct TALER_EXCHANGE_ReserveHistoryEntry *rh,
         GNUNET_JSON_parse_free (withdraw_spec);
         return GNUNET_SYSERR;
       }
-      TALER_amount_add (&fee_acc,
-                        &fee_acc,
-                        &dki->fees.withdraw);
-      TALER_amount_add (&amount_acc,
-                        &amount_acc,
-                        &dki->value);
+      GNUNET_assert (0 <=
+                     TALER_amount_add (&fee_acc,
+                                       &fee_acc,
+                                       &dki->fees.withdraw));
+      GNUNET_assert (0 <=
+                     TALER_amount_add (&amount_acc,
+                                       &amount_acc,
+                                       &dki->value));
     }
 
     if ( (GNUNET_YES !=
diff --git a/src/mhd/mhd_config.c b/src/mhd/mhd_config.c
@@ -220,7 +220,6 @@ TALER_MHD_listen_bind (const struct GNUNET_CONFIGURATION_Handle *cfg,
     {
       int off = 3;
       unsigned int cnt;
-      char *fdns;
       char dummy;
 
       if (0 != strcmp (serve_type,
@@ -244,6 +243,8 @@ TALER_MHD_listen_bind (const struct GNUNET_CONFIGURATION_Handle *cfg,
       }
       else
       {
+        char *fdns;
+
         fdns = GNUNET_strdup (listen_fdn);
         for (const char *tok = strtok (fdns,
                                        ":");
@@ -279,8 +280,8 @@ TALER_MHD_listen_bind (const struct GNUNET_CONFIGURATION_Handle *cfg,
               fh);
           ret = GNUNET_OK;
         }
+        GNUNET_free (fdns);
       }
-      GNUNET_free (fdns);
     }
   }
 
diff --git a/src/mhd/mhd_spa.c b/src/mhd/mhd_spa.c
@@ -99,6 +99,8 @@ TALER_MHD_spa_handler (const struct TALER_MHD_Spa *spa,
                                        path);
   comp = TALER_MHD_can_compress (connection,
                                  TALER_MHD_CT_MAX - 1);
+  GNUNET_assert (comp < TALER_MHD_CT_MAX);
+  GNUNET_assert (comp >= 0);
   if (NULL != w->responses[comp])
     return MHD_queue_response (connection,
                                MHD_HTTP_OK,
diff --git a/src/testing/testing_api_cmd_get_active_legitimization_measures.c b/src/testing/testing_api_cmd_get_active_legitimization_measures.c
@@ -218,6 +218,12 @@ get_active_legitimization_measures_run (
     TALER_TESTING_interpreter_get_context (is),
     exchange_url,
     officer_priv);
+  if (NULL == ds->dh)
+  {
+    GNUNET_break (0);
+    TALER_TESTING_interpreter_fail (is);
+    return;
+  }
   GNUNET_assert (GNUNET_OK ==
                  TALER_EXCHANGE_aml_legitimizations_get_set_options (
                    ds->dh,
@@ -231,13 +237,6 @@ get_active_legitimization_measures_run (
       ds->dh,
       &get_active_legitimization_measures_cb,
       ds));
-
-  if (NULL == ds->dh)
-  {
-    GNUNET_break (0);
-    TALER_TESTING_interpreter_fail (is);
-    return;
-  }
 }