From 344c53c51dac9d5bb09c261c36f3e4d58de1a321 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 18 May 2022 18:05:32 +0200
Subject: enforce valid payto:// URI in exchange /wire response

---
 src/lib/exchange_api_management_wire_enable.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/lib/exchange_api_management_wire_enable.c')

diff --git a/src/lib/exchange_api_management_wire_enable.c b/src/lib/exchange_api_management_wire_enable.c
index c4d5b13b4..6e3dbad19 100644
--- a/src/lib/exchange_api_management_wire_enable.c
+++ b/src/lib/exchange_api_management_wire_enable.c
@@ -138,6 +138,18 @@ TALER_EXCHANGE_management_enable_wire (
   CURL *eh;
   json_t *body;
 
+  {
+    char *msg = TALER_payto_validate (payto_uri);
+
+    if (NULL != msg)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "payto URI is malformed: %s\n",
+                  msg);
+      GNUNET_free (msg);
+      return NULL;
+    }
+  }
   wh = GNUNET_new (struct TALER_EXCHANGE_ManagementWireEnableHandle);
   wh->cb = cb;
   wh->cb_cls = cb_cls;
-- 
cgit v1.2.3