[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[merchant] branch master updated: fix #9458: broken bounds check
|
From: |
gnunet |
|
Subject: |
[merchant] branch master updated: fix #9458: broken bounds check |
|
Date: |
Tue, 14 Jan 2025 16:18:24 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 9c5b4f1d fix #9458: broken bounds check
9c5b4f1d is described below
commit 9c5b4f1da02db5ffdbdb7dbd1a0a337584d3209b
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Jan 14 16:18:19 2025 +0100
fix #9458: broken bounds check
---
src/backend/taler-merchant-httpd_post-orders-ID-pay.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index a5f2d6fd..71d5e1af 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -2622,6 +2622,20 @@ find_valid_input_tokens (
}
+/**
+ * Sign the tokens provided by the wallet for a particular @a key.
+ *
+ * @param[in,out] payment we are processing
+ * @param key token family data
+ * @param priv private key to use to sign with
+ * @param critical true if the token must exist, if false
+ * and the client did not provide an envelope, that's OK and
+ * we just also skimp on the signature
+ * @param index offset in the token envelope array (from other families)
+ * @param expected_num number of tokens of this type that we should create
+ * @return #GNUNET_NO on failure
+ * #GNUNET_OK on success
+ */
static enum GNUNET_GenericReturnValue
sign_token_envelopes (struct PayContext *pc,
struct TALER_MERCHANT_ContractTokenFamilyKey *key,
@@ -2638,7 +2652,8 @@ sign_token_envelopes (struct PayContext *pc,
const struct TokenEnvelope *env = &pc->token_envelopes[pos];
struct SignedOutputToken *output = &pc->output_tokens[pos];
- if (pos > pc->token_envelopes_cnt || pos > pc->output_tokens_len)
+ if ( (pos >= pc->token_envelopes_cnt) ||
+ (pos >= pc->output_tokens_len) )
{
GNUNET_assert (0); /* this should not happen */
return GNUNET_NO;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [merchant] branch master updated: fix #9458: broken bounds check,
gnunet <=