From dc26c14f4cf0beb83d8eef28baf84b56c8d3ef86 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 10 Mar 2024 12:37:12 +0100 Subject: do not permit empty currency string --- src/util/Makefile.am | 2 +- src/util/amount.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 0edae9506..2aea6b689 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -120,7 +120,7 @@ libtalerutil_la_LIBADD = \ -lm libtalerutil_la_LDFLAGS = \ - -version-info 3:0:2 \ + -version-info 3:1:2 \ -no-undefined diff --git a/src/util/amount.c b/src/util/amount.c index ee50a9bca..cce84d73a 100644 --- a/src/util/amount.c +++ b/src/util/amount.c @@ -87,6 +87,7 @@ TALER_string_to_amount (const char *str, /* parse currency */ colon = strchr (str, (int) ':'); if ( (NULL == colon) || + (colon == str) || ((colon - str) >= TALER_CURRENCY_LEN) ) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, -- cgit v1.2.3