diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-03-18 18:55:41 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-03-18 18:55:41 +0100 |
commit | 23bf1eee74bed73cf98264c247ab44df8dadfcd9 (patch) | |
tree | 3d7fcba4b6fb8a84b79585b4fa6ccdf0fff6ade4 /src/mint/taler-mint-httpd_parsing.c | |
parent | 08958c73e8ba6ad30e98a30968077cdf55bc86e8 (diff) |
fix #3716: make sure amount-API offers proper checks against overflow and other issues
Diffstat (limited to 'src/mint/taler-mint-httpd_parsing.c')
-rw-r--r-- | src/mint/taler-mint-httpd_parsing.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/mint/taler-mint-httpd_parsing.c b/src/mint/taler-mint-httpd_parsing.c index 6c5f72b32..b8bc043ec 100644 --- a/src/mint/taler-mint-httpd_parsing.c +++ b/src/mint/taler-mint-httpd_parsing.c @@ -878,8 +878,10 @@ TALER_MINT_parse_amount_json (struct MHD_Connection *connection, json_int_t value; json_int_t fraction; const char *currency; - struct TALER_Amount a; + memset (amount, + 0, + sizeof (struct TALER_Amount)); if (-1 == json_unpack (f, "{s:I, s:I, s:s}", "value", &value, @@ -897,7 +899,7 @@ TALER_MINT_parse_amount_json (struct MHD_Connection *connection, } if ( (value < 0) || (fraction < 0) || - (value > UINT32_MAX) || + (value > UINT64_MAX) || (fraction > UINT32_MAX) ) { LOG_WARNING ("Amount specified not in allowed range\n"); @@ -922,11 +924,11 @@ TALER_MINT_parse_amount_json (struct MHD_Connection *connection, return GNUNET_SYSERR; return GNUNET_NO; } - a.value = (uint32_t) value; - a.fraction = (uint32_t) fraction; + amount->value = (uint64_t) value; + amount->fraction = (uint32_t) fraction; GNUNET_assert (strlen (MINT_CURRENCY) < TALER_CURRENCY_LEN); - strcpy (a.currency, MINT_CURRENCY); - *amount = TALER_amount_normalize (a); + strcpy (amount->currency, MINT_CURRENCY); + TALER_amount_normalize (amount); return GNUNET_OK; } |