From 73a9fe56eb2fd9c7126eeffa396998815112e2e5 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 6 Jan 2021 15:52:12 +0100
Subject: add checks to ensure payto:// URI is well-formed to
 taler-exchange-offline, and taler-exchange-httpd where applicable (fixes
 #6675)

---
 src/exchange-tools/taler-exchange-offline.c | 30 +++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'src/exchange-tools')

diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
index b6960df48..33aa50f4f 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -1236,6 +1236,21 @@ upload_wire_add (const char *exchange_url,
     test_shutdown ();
     return;
   }
+  {
+    char *wire_method;
+
+    wire_method = TALER_payto_get_method (payto_uri);
+    if (NULL == wire_method)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto:// URI `%s' is malformed\n",
+                  payto_uri);
+      global_ret = 7;
+      test_shutdown ();
+      return;
+    }
+    GNUNET_free (wire_method);
+  }
   war = GNUNET_new (struct WireAddRequest);
   war->idx = idx;
   war->h =
@@ -2043,6 +2058,21 @@ do_add_wire (char *const *args)
   now = GNUNET_TIME_absolute_get ();
   (void) GNUNET_TIME_round_abs (&now);
 
+  {
+    char *wire_method;
+
+    wire_method = TALER_payto_get_method (args[0]);
+    if (NULL == wire_method)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto:// URI `%s' is malformed\n",
+                  args[0]);
+      global_ret = 7;
+      test_shutdown ();
+      return;
+    }
+    GNUNET_free (wire_method);
+  }
   TALER_exchange_offline_wire_add_sign (args[0],
                                         now,
                                         &master_priv,
-- 
cgit v1.2.3