commit 9c5b4f1da02db5ffdbdb7dbd1a0a337584d3209b
parent 34f8e020400a82b7fc594e5527fad4ce60335fae
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 14 Jan 2025 16:18:19 +0100
fix #9458: broken bounds check
Diffstat:
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -2622,6 +2622,20 @@ find_valid_input_tokens (
}
+/**
+ * Sign the tokens provided by the wallet for a particular @a key.
+ *
+ * @param[in,out] payment we are processing
+ * @param key token family data
+ * @param priv private key to use to sign with
+ * @param critical true if the token must exist, if false
+ * and the client did not provide an envelope, that's OK and
+ * we just also skimp on the signature
+ * @param index offset in the token envelope array (from other families)
+ * @param expected_num number of tokens of this type that we should create
+ * @return #GNUNET_NO on failure
+ * #GNUNET_OK on success
+ */
static enum GNUNET_GenericReturnValue
sign_token_envelopes (struct PayContext *pc,
struct TALER_MERCHANT_ContractTokenFamilyKey *key,
@@ -2638,7 +2652,8 @@ sign_token_envelopes (struct PayContext *pc,
const struct TokenEnvelope *env = &pc->token_envelopes[pos];
struct SignedOutputToken *output = &pc->output_tokens[pos];
- if (pos > pc->token_envelopes_cnt || pos > pc->output_tokens_len)
+ if ( (pos >= pc->token_envelopes_cnt) ||
+ (pos >= pc->output_tokens_len) )
{
GNUNET_assert (0); /* this should not happen */
return GNUNET_NO;
