[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: enforce valid payto:// URI in ex
From: |
gnunet |
Subject: |
[taler-exchange] branch master updated: enforce valid payto:// URI in exchange /wire response |
Date: |
Wed, 18 May 2022 18:05:35 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 344c53c5 enforce valid payto:// URI in exchange /wire response
344c53c5 is described below
commit 344c53c51dac9d5bb09c261c36f3e4d58de1a321
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed May 18 18:05:32 2022 +0200
enforce valid payto:// URI in exchange /wire response
---
contrib/gana | 2 +-
src/exchange-tools/taler-exchange-offline.c | 28 ++++++++++++++++++++++
.../taler-exchange-httpd_management_wire_enable.c | 17 +++++++++++++
src/lib/exchange_api_management_wire_enable.c | 12 ++++++++++
4 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/contrib/gana b/contrib/gana
index fa6373d8..99d8d9e0 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit fa6373d8e2432cd63da881e05f4100240e688cdf
+Subproject commit 99d8d9e0336bacebab5af4ae00c3f685ffd90f60
diff --git a/src/exchange-tools/taler-exchange-offline.c
b/src/exchange-tools/taler-exchange-offline.c
index 687ef568..8d8c4c62 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -1395,6 +1395,20 @@ upload_wire_add (const char *exchange_url,
}
GNUNET_free (wire_method);
}
+ {
+ char *msg = TALER_payto_validate (payto_uri);
+
+ if (NULL != msg)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "payto URI is malformed: %s\n",
+ msg);
+ GNUNET_free (msg);
+ test_shutdown ();
+ global_ret = EXIT_INVALIDARGUMENT;
+ return;
+ }
+ }
war = GNUNET_new (struct WireAddRequest);
war->idx = idx;
war->h =
@@ -2460,6 +2474,20 @@ do_add_wire (char *const *args)
if (GNUNET_OK !=
load_offline_key (GNUNET_NO))
return;
+ {
+ char *msg = TALER_payto_validate (args[0]);
+
+ if (NULL != msg)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "payto URI is malformed: %s\n",
+ msg);
+ GNUNET_free (msg);
+ test_shutdown ();
+ global_ret = EXIT_INVALIDARGUMENT;
+ return;
+ }
+ }
now = GNUNET_TIME_timestamp_get ();
{
char *wire_method;
diff --git a/src/exchange/taler-exchange-httpd_management_wire_enable.c
b/src/exchange/taler-exchange-httpd_management_wire_enable.c
index dfdebec4..25ee0eea 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_enable.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_enable.c
@@ -166,6 +166,23 @@ TEH_handler_management_post_wire (
return MHD_YES; /* failure */
}
TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
+ {
+ char *msg = TALER_payto_validate (awc.payto_uri);
+
+ if (NULL != msg)
+ {
+ MHD_RESULT ret;
+
+ GNUNET_break_op (0);
+ ret = TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PAYTO_URI_MALFORMED,
+ msg);
+ GNUNET_free (msg);
+ return ret;
+ }
+ }
if (GNUNET_OK !=
TALER_exchange_offline_wire_add_verify (awc.payto_uri,
awc.validity_start,
diff --git a/src/lib/exchange_api_management_wire_enable.c
b/src/lib/exchange_api_management_wire_enable.c
index c4d5b13b..6e3dbad1 100644
--- a/src/lib/exchange_api_management_wire_enable.c
+++ b/src/lib/exchange_api_management_wire_enable.c
@@ -138,6 +138,18 @@ TALER_EXCHANGE_management_enable_wire (
CURL *eh;
json_t *body;
+ {
+ char *msg = TALER_payto_validate (payto_uri);
+
+ if (NULL != msg)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "payto URI is malformed: %s\n",
+ msg);
+ GNUNET_free (msg);
+ return NULL;
+ }
+ }
wh = GNUNET_new (struct TALER_EXCHANGE_ManagementWireEnableHandle);
wh->cb = cb;
wh->cb_cls = cb_cls;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: enforce valid payto:// URI in exchange /wire response,
gnunet <=