aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2017-10-06 21:04:39 +0200
committerChristian Grothoff <christian@grothoff.org>2017-10-06 21:04:56 +0200
commit06f5621fbac43c59b15fa4ef9e0fe92b828cec5b (patch)
treebaed02234a701ca2beaed78ac6c0ff648ea6da39 /src
parentdbab0c658734c14436a89bd7fc76b295cbcf5448 (diff)
better logging if IBAN validation fails, also avoid potentially unbounded stack allocation
Diffstat (limited to 'src')
-rw-r--r--src/exchange-lib/exchange_api_reserve.c15
-rw-r--r--src/wire/plugin_wire_sepa.c8
2 files changed, 22 insertions, 1 deletions
diff --git a/src/exchange-lib/exchange_api_reserve.c b/src/exchange-lib/exchange_api_reserve.c
index 40c9d491d..6af500ee2 100644
--- a/src/exchange-lib/exchange_api_reserve.c
+++ b/src/exchange-lib/exchange_api_reserve.c
@@ -827,7 +827,20 @@ reserve_withdraw_payment_required (struct TALER_EXCHANGE_ReserveWithdrawHandle *
total incoming and outgoing amounts */
len = json_array_size (history);
{
- struct TALER_EXCHANGE_ReserveHistory rhistory[len];
+ struct TALER_EXCHANGE_ReserveHistory *rhistory;
+
+ /* Use heap allocation as "len" may be very big and thus this may
+ not fit on the stack. Use "GNUNET_malloc_large" as a malicious
+ exchange may theoretically try to crash us by giving a history
+ that does not fit into our memory. */
+ rhistory = GNUNET_malloc_large (sizeof (struct TALER_EXCHANGE_ReserveHistory) * len);
+ if (NULL == rhistory)
+ {
+ GNUNET_break (0);
+ free_rhistory (rhistory,
+ len);
+ return GNUNET_SYSERR;
+ }
if (GNUNET_OK !=
parse_reserve_history (wsh->exchange,
diff --git a/src/wire/plugin_wire_sepa.c b/src/wire/plugin_wire_sepa.c
index f0cef029f..5de3472b9 100644
--- a/src/wire/plugin_wire_sepa.c
+++ b/src/wire/plugin_wire_sepa.c
@@ -292,7 +292,10 @@ validate_iban (const char *iban)
len = strlen (iban);
if (len > 34)
+ {
+ GNUNET_break_op (0);
return GNUNET_NO;
+ }
strncpy (cc, iban, 2);
strncpy (ibancpy, iban + 4, len - 4);
strncpy (ibancpy + len - 4, iban, 4);
@@ -305,7 +308,10 @@ validate_iban (const char *iban)
sizeof (country_table) / sizeof (struct table_entry),
sizeof (struct table_entry),
&cmp_country_code))
+ {
+ GNUNET_break_op (0);
return GNUNET_NO;
+ }
nbuf = GNUNET_malloc ((len * 2) + 1);
for (i=0, j=0; i < len; i++)
{
@@ -338,6 +344,7 @@ validate_iban (const char *iban)
&nread)))
{
GNUNET_free (nbuf);
+ GNUNET_break_op (0);
return GNUNET_NO;
}
if (0 != remainder)
@@ -347,6 +354,7 @@ validate_iban (const char *iban)
GNUNET_free (nbuf);
if (1 == remainder)
return GNUNET_YES;
+ GNUNET_break_op (0); /* checksum wrong */
return GNUNET_NO;
}