diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-10-06 21:04:39 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-10-06 21:04:56 +0200 |
commit | 06f5621fbac43c59b15fa4ef9e0fe92b828cec5b (patch) | |
tree | baed02234a701ca2beaed78ac6c0ff648ea6da39 /src/exchange-lib | |
parent | dbab0c658734c14436a89bd7fc76b295cbcf5448 (diff) | |
download | exchange-06f5621fbac43c59b15fa4ef9e0fe92b828cec5b.tar.xz |
better logging if IBAN validation fails, also avoid potentially unbounded stack allocation
Diffstat (limited to 'src/exchange-lib')
-rw-r--r-- | src/exchange-lib/exchange_api_reserve.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/exchange-lib/exchange_api_reserve.c b/src/exchange-lib/exchange_api_reserve.c index 40c9d491d..6af500ee2 100644 --- a/src/exchange-lib/exchange_api_reserve.c +++ b/src/exchange-lib/exchange_api_reserve.c @@ -827,7 +827,20 @@ reserve_withdraw_payment_required (struct TALER_EXCHANGE_ReserveWithdrawHandle * total incoming and outgoing amounts */ len = json_array_size (history); { - struct TALER_EXCHANGE_ReserveHistory rhistory[len]; + struct TALER_EXCHANGE_ReserveHistory *rhistory; + + /* Use heap allocation as "len" may be very big and thus this may + not fit on the stack. Use "GNUNET_malloc_large" as a malicious + exchange may theoretically try to crash us by giving a history + that does not fit into our memory. */ + rhistory = GNUNET_malloc_large (sizeof (struct TALER_EXCHANGE_ReserveHistory) * len); + if (NULL == rhistory) + { + GNUNET_break (0); + free_rhistory (rhistory, + len); + return GNUNET_SYSERR; + } if (GNUNET_OK != parse_reserve_history (wsh->exchange, |