[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: fix #8209
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: fix #8209 |
|
Date: |
Wed, 24 Jan 2024 18:59:45 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new ee77c6ff fix #8209
ee77c6ff is described below
commit ee77c6ff211e961fdedb7a6a44ee0fd0a9a5a042
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed Jan 24 18:59:42 2024 +0100
fix #8209
---
configure.ac | 26 +++++++++++
.../taler-merchant-httpd_post-orders-ID-pay.c | 9 ++--
.../taler-merchant-httpd_private-post-orders.c | 53 ++++++++++++++++------
3 files changed, 70 insertions(+), 18 deletions(-)
diff --git a/configure.ac b/configure.ac
index af7dc820..0a8b2a58 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,8 +61,34 @@ AS_IF([test "x$doc_only" != xyes],[
# Checks for programs.
AC_PROG_CC
+
+
CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+ AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[AS_IF([test x$enableval = xyes],[
+ CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
-fstack-protector-all"
+ CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+ CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+ LDFLAGS="$LDFLAGS -pie"])])
+
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+ AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+ [AS_IF([test x$enableval = xyes],[LDFLAGS="$LDFLAGS -z relro -z now"])])
+
+
+AC_ARG_ENABLE(sanitizer,
+ AS_HELP_STRING(--enable-sanitizer, enable Address Sanitizer and Undefined
Behavior Sanitizer),
+[AS_IF([test x$enableval = xyes],[
+ LDFLAGS="$CFLAGS -fsanitize=address,undefined -fno-omit-frame-pointer"
+ ])])
+
# Checks for header files.
AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h])
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index 4ba5411e..53b5b22d 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- (C) 2014-2023 Taler Systems SA
+ (C) 2014-2024 Taler Systems SA
TALER is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
@@ -652,7 +652,7 @@ resume_pay_with_response (struct PayContext *pc,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Resuming /pay handling. HTTP status for our reply is %u.\n",
response_code);
-#if PARTIAL_FIX_8209
+#if 1
for (unsigned int i = 0; i<pc->num_exchanges; i++)
{
struct ExchangeGroup *eg = pc->egs[i];
@@ -1372,7 +1372,6 @@ process_pay_with_keys (
return;
}
-
/* Now that we have the details about the denomination, we can verify age
* restriction requirements, if applicable. Note that denominations with an
* age_mask equal to zero always pass the age verification. */
@@ -1478,6 +1477,7 @@ AGE_FAIL:
.refund_deadline = pc->refund_deadline
};
enum TALER_ErrorCode ec;
+ unsigned int off = 0;
for (unsigned int i = 0; i<pc->coins_cnt; i++)
{
@@ -1488,7 +1488,8 @@ AGE_FAIL:
if (0 != strcmp (dc->exchange_url,
eg->exchange_url))
continue;
- cdds[i] = dc->cdd;
+ GNUNET_assert (off < group_size);
+ cdds[off++] = dc->cdd;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Initiating batch deposit with %u coins\n",
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c
b/src/backend/taler-merchant-httpd_private-post-orders.c
index 74ba7fb7..5986a521 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -602,6 +602,31 @@ clean_order (void *cls)
json_decref (oc->set_exchanges.exchanges);
oc->set_exchanges.exchanges = NULL;
}
+ if (NULL != oc->parse_order.merchant)
+ {
+ json_decref (oc->parse_order.merchant);
+ oc->parse_order.merchant = NULL;
+ }
+ if (NULL != oc->parse_order.fulfillment_message_i18n)
+ {
+ json_decref (oc->parse_order.fulfillment_message_i18n);
+ oc->parse_order.fulfillment_message_i18n = NULL;
+ }
+ if (NULL != oc->parse_order.summary_i18n)
+ {
+ json_decref (oc->parse_order.summary_i18n);
+ oc->parse_order.summary_i18n = NULL;
+ }
+ if (NULL != oc->parse_order.delivery_location)
+ {
+ json_decref (oc->parse_order.delivery_location);
+ oc->parse_order.delivery_location = NULL;
+ }
+ if (NULL != oc->merge_inventory.products)
+ {
+ json_decref (oc->merge_inventory.products);
+ oc->merge_inventory.products = NULL;
+ }
GNUNET_array_grow (oc->parse_request.inventory_products,
oc->parse_request.inventory_products_length,
0);
@@ -1113,8 +1138,8 @@ get_acceptable (void *cls,
TMH_EXCHANGES_get_master_pub (exchange)));
GNUNET_assert (NULL != j_exchange);
GNUNET_assert (0 ==
- json_array_append (oc->set_exchanges.exchanges,
- j_exchange));
+ json_array_append_new (oc->set_exchanges.exchanges,
+ j_exchange));
}
@@ -1239,8 +1264,8 @@ serialize_order (struct OrderContext *oc)
GNUNET_JSON_pack_string ("summary",
oc->parse_order.summary),
GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_steal ("summary_i18n",
- oc->parse_order.summary_i18n)),
+ GNUNET_JSON_pack_object_incref ("summary_i18n",
+ oc->parse_order.summary_i18n)),
GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_string ("public_reorder_url",
oc->parse_order.public_reorder_url)),
@@ -1248,13 +1273,13 @@ serialize_order (struct OrderContext *oc)
GNUNET_JSON_pack_string ("fulfillment_message",
oc->parse_order.fulfillment_message)),
GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_steal ("fulfillment_message_i18n",
-
oc->parse_order.fulfillment_message_i18n)),
+ GNUNET_JSON_pack_object_incref ("fulfillment_message_i18n",
+
oc->parse_order.fulfillment_message_i18n)),
GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_string ("fulfillment_url",
oc->parse_order.fulfillment_url)),
- GNUNET_JSON_pack_array_steal ("products",
- oc->merge_inventory.products),
+ GNUNET_JSON_pack_array_incref ("products",
+ oc->merge_inventory.products),
GNUNET_JSON_pack_data_auto ("h_wire",
&oc->add_payment_details.wm->h_wire),
GNUNET_JSON_pack_string ("wire_method",
@@ -1271,16 +1296,16 @@ serialize_order (struct OrderContext *oc)
GNUNET_JSON_pack_timestamp ("delivery_date",
oc->parse_order.delivery_date)),
GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_steal ("delivery_location",
- oc->parse_order.delivery_location)),
+ GNUNET_JSON_pack_object_incref ("delivery_location",
+ oc->parse_order.delivery_location)),
GNUNET_JSON_pack_string ("merchant_base_url",
oc->parse_order.merchant_base_url),
- GNUNET_JSON_pack_object_steal ("merchant",
- oc->parse_order.merchant),
+ GNUNET_JSON_pack_object_incref ("merchant",
+ oc->parse_order.merchant),
GNUNET_JSON_pack_data_auto ("merchant_pub",
&oc->hc->instance->merchant_pub),
- GNUNET_JSON_pack_array_steal ("exchanges",
- oc->set_exchanges.exchanges),
+ GNUNET_JSON_pack_array_incref ("exchanges",
+ oc->set_exchanges.exchanges),
TALER_JSON_pack_amount ("max_fee",
&oc->set_max_fee.max_fee),
TALER_JSON_pack_amount ("amount",
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: fix #8209,
gnunet <=