From f471cfcec5aaa7283ce0d6f61b2a321d101efff0 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 24 May 2016 20:32:05 +0200 Subject: add a few more DB constraints --- src/exchangedb/plugin_exchangedb_postgres.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index 694ab01dc..8465e4de0 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -288,7 +288,7 @@ postgres_create_tables (void *cls) for a very long time (either by refunding the owner or by greedily grabbing the money, depending on the Exchange's terms of service) */ SQLEXEC ("CREATE TABLE IF NOT EXISTS reserves" - "(reserve_pub BYTEA PRIMARY KEY" + "(reserve_pub BYTEA PRIMARY KEY CHECK(LENGTH(reserve_pub)=32)" ",current_balance_val INT8 NOT NULL" ",current_balance_frac INT4 NOT NULL" ",current_balance_curr VARCHAR("TALER_CURRENCY_LEN_STR") NOT NULL" @@ -343,7 +343,7 @@ postgres_create_tables (void *cls) /* Table with coins that have been (partially) spent, used to track coin information only once. */ SQLEXEC("CREATE TABLE IF NOT EXISTS known_coins " - "(coin_pub BYTEA NOT NULL PRIMARY KEY" + "(coin_pub BYTEA NOT NULL PRIMARY KEY CHECK (LENGTH(coin_pub)=32)" ",denom_pub BYTEA NOT NULL REFERENCES denominations (pub)" ",denom_sig BYTEA NOT NULL" ")"); @@ -405,7 +405,7 @@ postgres_create_tables (void *cls) SQLEXEC("CREATE TABLE IF NOT EXISTS refresh_commit_link " "(session_hash BYTEA NOT NULL REFERENCES refresh_sessions (session_hash)" ",transfer_pub BYTEA NOT NULL CHECK(LENGTH(transfer_pub)=32)" - ",link_secret_enc BYTEA NOT NULL" + ",link_secret_enc BYTEA NOT NULL CHECK(LENGTH(link_secret_enc)=64)" ",cnc_index INT2 NOT NULL" ")"); /* Table with the commitments for the new coins that are to be created @@ -413,17 +413,12 @@ postgres_create_tables (void *cls) index and the index of the new coin, and the envelope of the new coin to be signed, as well as the encrypted information about the private key and the blinding factor for the coin (for verification - in case this cnc_index is chosen to be revealed) - - NOTE: We might want to simplify this and not have the - newcoin_index and instead store all coin_evs and - link_vector_encs, one after the other, in two big BYTEAs. - (#3815) */ + in case this cnc_index is chosen to be revealed) */ SQLEXEC("CREATE TABLE IF NOT EXISTS refresh_commit_coin " "(session_hash BYTEA NOT NULL REFERENCES refresh_sessions (session_hash) " ",cnc_index INT2 NOT NULL" ",newcoin_index INT2 NOT NULL" - ",link_vector_enc BYTEA NOT NULL" + ",link_vector_enc BYTEA NOT NULL CHECK(LENGTH(link_vector_enc)=64)" ",coin_ev BYTEA NOT NULL" ")"); /* Table with the signatures over coins generated during a refresh @@ -3078,7 +3073,7 @@ postgres_insert_refresh_commit_coins (void *cls, GNUNET_PQ_query_param_uint16 (&coin_off), GNUNET_PQ_query_param_auto_from_type (&commit_coins[i].refresh_link), GNUNET_PQ_query_param_fixed_size (commit_coins[i].coin_ev, - commit_coins[i].coin_ev_size), + commit_coins[i].coin_ev_size), GNUNET_PQ_query_param_end }; result = GNUNET_PQ_exec_prepared (session->conn, -- cgit v1.2.3 From 079ef7cb6f911d97a796acf621d2f1212dc9c282 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 24 May 2016 20:37:23 +0200 Subject: fixing #4520: be more aggressive at asserting when API is violated --- src/exchange-lib/exchange_api_deposit.c | 51 ++++++++++----------------------- src/exchange-lib/exchange_api_refresh.c | 28 +++++++----------- src/exchange-lib/exchange_api_refund.c | 8 ++---- 3 files changed, 27 insertions(+), 60 deletions(-) (limited to 'src') diff --git a/src/exchange-lib/exchange_api_deposit.c b/src/exchange-lib/exchange_api_deposit.c index 6ddfe6f65..f8c8367ea 100644 --- a/src/exchange-lib/exchange_api_deposit.c +++ b/src/exchange-lib/exchange_api_deposit.c @@ -406,42 +406,21 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange, (void) GNUNET_TIME_round_abs (&wire_deadline); (void) GNUNET_TIME_round_abs (&refund_deadline); - if (refund_deadline.abs_value_us > wire_deadline.abs_value_us) - { - GNUNET_break (0); - return NULL; - } - if (GNUNET_YES != - MAH_handle_is_ready (exchange)) - { - GNUNET_break (0); - return NULL; - } + GNUNET_assert (refund_deadline.abs_value_us <= wire_deadline.abs_value_us); + GNUNET_assert (GNUNET_YES == + MAH_handle_is_ready (exchange)); /* initialize h_wire */ - if (GNUNET_OK != - TALER_JSON_hash (wire_details, - &h_wire)) - { - GNUNET_break (0); - return NULL; - } + GNUNET_assert (GNUNET_OK == + TALER_JSON_hash (wire_details, + &h_wire)); key_state = TALER_EXCHANGE_get_keys (exchange); dki = TALER_EXCHANGE_get_denomination_key (key_state, denom_pub); - if (NULL == dki) - { - TALER_LOG_WARNING ("Denomination key unknown to exchange\n"); - return NULL; - } - if (GNUNET_SYSERR == - TALER_amount_subtract (&amount_without_fee, - amount, - &dki->fee_deposit)) - { - GNUNET_break (0); - return NULL; - } - + GNUNET_assert (NULL != dki); + GNUNET_assert (GNUNET_SYSERR != + TALER_amount_subtract (&amount_without_fee, + amount, + &dki->fee_deposit)); if (GNUNET_OK != verify_signatures (dki, amount, @@ -523,10 +502,10 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange, strlen (dh->json_enc))); ctx = MAH_handle_to_context (exchange); dh->job = GNUNET_CURL_job_add (ctx, - eh, - GNUNET_YES, - &handle_deposit_finished, - dh); + eh, + GNUNET_YES, + &handle_deposit_finished, + dh); return dh; } diff --git a/src/exchange-lib/exchange_api_refresh.c b/src/exchange-lib/exchange_api_refresh.c index 5f519a684..7e207d795 100644 --- a/src/exchange-lib/exchange_api_refresh.c +++ b/src/exchange-lib/exchange_api_refresh.c @@ -1277,12 +1277,8 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange, unsigned int i; unsigned int j; - if (GNUNET_YES != - MAH_handle_is_ready (exchange)) - { - GNUNET_break (0); - return NULL; - } + GNUNET_assert (GNUNET_YES == + MAH_handle_is_ready (exchange)); md = deserialize_melt_data (refresh_data, refresh_data_length); if (NULL == md) @@ -1722,11 +1718,11 @@ handle_refresh_reveal_finished (void *cls, */ struct TALER_EXCHANGE_RefreshRevealHandle * TALER_EXCHANGE_refresh_reveal (struct TALER_EXCHANGE_Handle *exchange, - size_t refresh_data_length, - const char *refresh_data, - uint16_t noreveal_index, - TALER_EXCHANGE_RefreshRevealCallback reveal_cb, - void *reveal_cb_cls) + size_t refresh_data_length, + const char *refresh_data, + uint16_t noreveal_index, + TALER_EXCHANGE_RefreshRevealCallback reveal_cb, + void *reveal_cb_cls) { struct TALER_EXCHANGE_RefreshRevealHandle *rrh; json_t *transfer_privs; @@ -1735,13 +1731,9 @@ TALER_EXCHANGE_refresh_reveal (struct TALER_EXCHANGE_Handle *exchange, struct GNUNET_CURL_Context *ctx; struct MeltData *md; unsigned int j; - - if (GNUNET_YES != - MAH_handle_is_ready (exchange)) - { - GNUNET_break (0); - return NULL; - } + + GNUNET_assert (GNUNET_YES == + MAH_handle_is_ready (exchange)); md = deserialize_melt_data (refresh_data, refresh_data_length); if (NULL == md) diff --git a/src/exchange-lib/exchange_api_refund.c b/src/exchange-lib/exchange_api_refund.c index 3a840c7c4..d622ddc75 100644 --- a/src/exchange-lib/exchange_api_refund.c +++ b/src/exchange-lib/exchange_api_refund.c @@ -243,12 +243,8 @@ TALER_EXCHANGE_refund (struct TALER_EXCHANGE_Handle *exchange, json_t *refund_obj; CURL *eh; - if (GNUNET_YES != - MAH_handle_is_ready (exchange)) - { - GNUNET_break (0); - return NULL; - } + GNUNET_assert (GNUNET_YES == + MAH_handle_is_ready (exchange)); rr.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_REFUND); rr.purpose.size = htonl (sizeof (struct TALER_RefundRequestPS)); rr.h_contract = *h_contract; -- cgit v1.2.3