commit f47e0c5d47962f472f814174d46258baeaafdf52
parent f23e2c2cdc8d2665d76a335f58a640763c9a425e
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 25 Aug 2020 10:52:14 +0200
fix use-after-free (#6493)
Diffstat:
1 file changed, 14 insertions(+), 19 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -787,40 +787,35 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
/* Convert order_id to h_contract_terms */
TMH_db->preflight (TMH_db->cls);
+ if (NULL == god->contract_terms)
{
uint64_t order_serial;
- if (NULL != god->contract_terms)
- {
- json_decref (god->contract_terms);
- god->contract_terms = NULL;
- }
qs = TMH_db->lookup_contract_terms (TMH_db->cls,
hc->instance->settings.id,
order_id,
&god->contract_terms,
&order_serial);
- }
- if (0 > qs)
- {
- /* single, read-only SQL statements should never cause
- serialization problems */
- GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs);
- /* Always report on hard error as well to enable diagnostics */
- GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_INTERNAL_SERVER_ERROR,
- TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR,
- "database error looking up contract");
+ if (0 > qs)
+ {
+ /* single, read-only SQL statements should never cause
+ serialization problems */
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs);
+ /* Always report on hard error as well to enable diagnostics */
+ GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR,
+ "database error looking up contract");
+ }
}
/* Check client provided the right hash code of the contract terms */
- if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
+ if (NULL != god->contract_terms)
{
struct GNUNET_HashCode h;
contract_available = true;
-
if (GNUNET_OK !=
TALER_JSON_contract_hash (god->contract_terms,
&h))
