[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: fix escaping, fix memory leaks
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: fix escaping, fix memory leaks |
|
Date: |
Sun, 28 Jan 2024 23:07:18 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 914f6391 fix escaping, fix memory leaks
914f6391 is described below
commit 914f6391fe7b61d441a8dcf284844bfd46f9abee
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Jan 28 23:07:14 2024 +0100
fix escaping, fix memory leaks
---
.../taler-merchant-httpd_private-post-orders.c | 60 ++++++++++++----------
src/backend/taler-merchant-wirewatch.c | 1 +
src/backenddb/pg_insert_transfer.c | 4 +-
src/backenddb/pg_lookup_transfers.c | 16 +++---
src/backenddb/pg_update_wirewatch_progress.c | 4 +-
5 files changed, 45 insertions(+), 40 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c
b/src/backend/taler-merchant-httpd_private-post-orders.c
index 5986a521..52c146ef 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -265,7 +265,7 @@ struct OrderContext
/**
* Merchant base URL.
*/
- const char *merchant_base_url;
+ char *merchant_base_url;
/**
* Timestamp of the order.
@@ -636,6 +636,7 @@ clean_order (void *cls)
json_decref (oc->parse_request.order);
/* TODO: Check that all other fields are cleaned up! */
json_decref (oc->serialize_order.contract);
+ GNUNET_free (oc->parse_order.merchant_base_url);
GNUNET_free (oc);
}
@@ -1452,10 +1453,7 @@ parse_order (struct OrderContext *oc)
{
const struct TALER_MERCHANTDB_InstanceSettings *settings =
&oc->hc->instance->settings;
-
- oc->parse_order.refund_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
- oc->parse_order.wire_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
-
+ const char *merchant_base_url = NULL;
const json_t *jmerchant = NULL;
/* auto_refund only needs to be type-checked,
* mostly because in GNUnet relative times can't
@@ -1496,7 +1494,7 @@ parse_order (struct OrderContext *oc)
NULL),
GNUNET_JSON_spec_mark_optional (
TALER_JSON_spec_web_url ("merchant_base_url",
- &oc->parse_order.merchant_base_url),
+ &merchant_base_url),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_object_const ("merchant",
@@ -1542,6 +1540,8 @@ parse_order (struct OrderContext *oc)
};
enum GNUNET_GenericReturnValue ret;
+ oc->parse_order.refund_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
+ oc->parse_order.wire_deadline = GNUNET_TIME_UNIT_FOREVER_TS;
ret = TALER_MHD_parse_json_data (oc->connection,
oc->parse_request.order,
spec);
@@ -1770,7 +1770,23 @@ parse_order (struct OrderContext *oc)
return;
}
- if (NULL == oc->parse_order.merchant_base_url)
+ if (NULL != merchant_base_url)
+ {
+ if (('\0' == *merchant_base_url) ||
+ ('/' != merchant_base_url[strlen (merchant_base_url) - 1]))
+ {
+ GNUNET_break_op (0);
+ reply_with_error (
+ oc,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR,
+ "merchant_base_url is not valid");
+ return;
+ }
+ oc->parse_order.merchant_base_url
+ = GNUNET_strdup (merchant_base_url);
+ }
+ else
{
char *url;
@@ -1786,27 +1802,11 @@ parse_order (struct OrderContext *oc)
"order:merchant_base_url");
return;
}
- oc->parse_order.merchant_base_url = GNUNET_strdup (url);
- GNUNET_free (url);
- }
- else if (('\0' == *oc->parse_order.merchant_base_url) ||
- ('/' != oc->parse_order.merchant_base_url[
- strlen (oc->parse_order.merchant_base_url) - 1]))
- {
- GNUNET_break_op (0);
- reply_with_error (
- oc,
- MHD_HTTP_BAD_REQUEST,
- TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR,
- "merchant_base_url is not valid");
- return;
+ oc->parse_order.merchant_base_url = url;
}
- if (NULL == oc->parse_order.products)
- {
- oc->parse_order.products = json_array ();
- }
- else if (! TMH_products_array_valid (oc->parse_order.products))
+ if ( (NULL != oc->parse_order.products) &&
+ (! TMH_products_array_valid (oc->parse_order.products)) )
{
GNUNET_break_op (0);
reply_with_error (
@@ -1939,8 +1939,12 @@ merge_inventory (struct OrderContext *oc)
* parse_request.inventory_products => instructions to add products to
contract terms
* parse_order.products => contains products that are not from the
backend-managed inventory.
*/
- oc->merge_inventory.products
- = json_deep_copy (oc->parse_order.products);
+ if (NULL != oc->parse_order.products)
+ oc->merge_inventory.products
+ = json_deep_copy (oc->parse_order.products);
+ else
+ oc->merge_inventory.products
+ = json_array ();
/* Populate products from inventory product array and database */
{
GNUNET_assert (NULL != oc->merge_inventory.products);
diff --git a/src/backend/taler-merchant-wirewatch.c
b/src/backend/taler-merchant-wirewatch.c
index 2f6094e4..075bdfa4 100644
--- a/src/backend/taler-merchant-wirewatch.c
+++ b/src/backend/taler-merchant-wirewatch.c
@@ -381,6 +381,7 @@ credit_cb (
{
GNUNET_break (0);
GNUNET_SCHEDULER_shutdown ();
+ w->hh = NULL;
return GNUNET_SYSERR;
}
/* Success => reset back-off timer! */
diff --git a/src/backenddb/pg_insert_transfer.c
b/src/backenddb/pg_insert_transfer.c
index 6d07734b..45a4fa70 100644
--- a/src/backenddb/pg_insert_transfer.c
+++ b/src/backenddb/pg_insert_transfer.c
@@ -60,8 +60,8 @@ TMH_PG_insert_transfer (
"SELECT"
" $1, $2, $3, account_serial, $5"
" FROM merchant_accounts"
- " WHERE REGEXP_REPLACE(payto_uri,'\?.*','')"
- " =REGEXP_REPLACE($4,'\?.*','')"
+ " WHERE REGEXP_REPLACE(payto_uri,'\\?.*','')"
+ " =REGEXP_REPLACE($4,'\\?.*','')"
" AND merchant_serial="
" (SELECT merchant_serial"
" FROM merchant_instances"
diff --git a/src/backenddb/pg_lookup_transfers.c
b/src/backenddb/pg_lookup_transfers.c
index 2e2a55b3..782bb43f 100644
--- a/src/backenddb/pg_lookup_transfers.c
+++ b/src/backenddb/pg_lookup_transfers.c
@@ -194,8 +194,8 @@ TMH_PG_lookup_transfers (void *cls,
" WHERE execution_time < $2"
" AND execution_time >= $3"
" AND credit_serial > $4"
- " AND REGEXP_REPLACE(payto_uri,'\?.*','')"
- " =REGEXP_REPLACE($6,'\?.*','')"
+ " AND REGEXP_REPLACE(payto_uri,'\\?.*','')"
+ " =REGEXP_REPLACE($6,'\\?.*','')"
" AND merchant_serial ="
" (SELECT merchant_serial"
" FROM merchant_instances"
@@ -219,8 +219,8 @@ TMH_PG_lookup_transfers (void *cls,
" WHERE execution_time < $2"
" AND execution_time >= $3"
" AND credit_serial < $4"
- " AND REGEXP_REPLACE(payto_uri,'\?.*','')"
- " =REGEXP_REPLACE($6,'\?.*','')"
+ " AND REGEXP_REPLACE(payto_uri,'\\?.*','')"
+ " =REGEXP_REPLACE($6,'\\?.*','')"
" AND merchant_serial ="
" (SELECT merchant_serial"
" FROM merchant_instances"
@@ -333,8 +333,8 @@ TMH_PG_lookup_transfers (void *cls,
" JOIN merchant_accounts USING (account_serial)"
" LEFT JOIN merchant_transfer_signatures USING (credit_serial)"
" WHERE credit_serial > $2"
- " AND REGEXP_REPLACE(payto_uri,'\?.*','')"
- " =REGEXP_REPLACE($4,'\?.*','')"
+ " AND REGEXP_REPLACE(payto_uri,'\\?.*','')"
+ " =REGEXP_REPLACE($4,'\\?.*','')"
" AND merchant_serial ="
" (SELECT merchant_serial"
" FROM merchant_instances"
@@ -359,8 +359,8 @@ TMH_PG_lookup_transfers (void *cls,
" JOIN merchant_accounts USING (account_serial)"
" LEFT JOIN merchant_transfer_signatures USING (credit_serial)"
" WHERE credit_serial < $2"
- " AND REGEXP_REPLACE(payto_uri,'\?.*','')"
- " =REGEXP_REPLACE($4,'\?.*','')"
+ " AND REGEXP_REPLACE(payto_uri,'\\?.*','')"
+ " =REGEXP_REPLACE($4,'\\?.*','')"
" AND merchant_serial ="
" (SELECT merchant_serial"
" FROM merchant_instances"
diff --git a/src/backenddb/pg_update_wirewatch_progress.c
b/src/backenddb/pg_update_wirewatch_progress.c
index 457c7d9d..629439e3 100644
--- a/src/backenddb/pg_update_wirewatch_progress.c
+++ b/src/backenddb/pg_update_wirewatch_progress.c
@@ -45,8 +45,8 @@ TMH_PG_update_wirewatch_progress (
"update_wirewatch_progress",
"UPDATE merchant_accounts"
" SET last_bank_serial=$3"
- " WHERE REGEXP_REPLACE(payto_uri,'\?.*','')"
- " =REGEXP_REPLACE($2,'\?.*','')"
+ " WHERE REGEXP_REPLACE(payto_uri,'\\?.*','')"
+ " =REGEXP_REPLACE(CAST ($2 AS TEXT),'\\?.*','')"
" AND merchant_serial ="
" (SELECT merchant_serial"
" FROM merchant_instances"
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: fix escaping, fix memory leaks,
gnunet <=