commit 4f2901f6af8a765aec80ca0df88cb13f43c59413
parent e5b33c533d92fe36f799e07d09f9651850ed497b
Author: Florian Dold <florian.dold@gmail.com>
Date: Thu, 18 Jan 2018 01:25:09 +0100
fix use after free
Diffstat:
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_refund.c b/src/backend/taler-merchant-httpd_refund.c
@@ -271,10 +271,6 @@ MH_handler_refund_increase (struct TMH_RequestHandler *rh,
strlen (order_id),
&confirmation.h_order_id);
- json_decref (contract_terms);
- json_decref (root);
- GNUNET_JSON_parse_free (spec);
-
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_sign (&mi->privkey.eddsa_priv,
&confirmation.purpose,
@@ -282,6 +278,9 @@ MH_handler_refund_increase (struct TMH_RequestHandler *rh,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to sign successful refund confirmation\n");
+ json_decref (contract_terms);
+ json_decref (root);
+ GNUNET_JSON_parse_free (spec);
return TMH_RESPONSE_reply_internal_error (connection,
TALER_EC_NONE, /* FIXME! */
"Refund done, but failed to sign confirmation");
@@ -316,6 +315,9 @@ MH_handler_refund_increase (struct TMH_RequestHandler *rh,
refund_redirect_url);
GNUNET_free (refund_pickup_url);
GNUNET_free (refund_redirect_url);
+ json_decref (contract_terms);
+ json_decref (root);
+ GNUNET_JSON_parse_free (spec);
return ret;
}
}
