View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008054Talerauditorpublic2024-01-10 14:402024-03-07 20:47
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.9.4Fixed in Version0.9.4 
Summary0008054: handle_exchanges_finished: integer truncation
DescriptionThis is in exchange/src/lib/auditor_api_exchanges.c:

   79 static void
   80 handle_exchanges_finished (void *cls,
   81 long response_code,
   82 const void *djson)
   83 {
   84 const json_t *json = djson;
   85 const json_t *ja;
   86 unsigned int ja_len;

This should be size_t instead of unsigned int.

  111 ja_len = json_array_size (ja);
  112 if (ja_len > MAX_EXCHANGES)
  113 {
  114 GNUNET_break (0);
  115 ler.hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
  116 ler.hr.http_status = 0;
  117 break;
  118 }

json_array_size() returns size_t, so the assignment to ja_len here potentially truncates the value, leading to logic errors.
TagsNo tags attached.

Relationships

child of 0008112 assignedfefe Merchant security review 

Activities

Christian Grothoff

2024-01-10 14:43

manager   ~0020856

Nice one, but: this endpoint is actually being removed, as we're killing multi-tenant support in the exchange. So I'll fix it by killing the code ;-).

Christian Grothoff

2024-01-10 14:52

manager   ~0020857

Fixed in 68ced6e3..fcce372a

Issue History

Date Modified Username Field Change
2024-01-10 14:40 fefe New Issue
2024-01-10 14:40 fefe Status new => assigned
2024-01-10 14:40 fefe Assigned To => Christian Grothoff
2024-01-10 14:43 Christian Grothoff Note Added: 0020856
2024-01-10 14:52 Christian Grothoff Status assigned => resolved
2024-01-10 14:52 Christian Grothoff Resolution open => fixed
2024-01-10 14:52 Christian Grothoff Fixed in Version => 0.9.4
2024-01-10 14:52 Christian Grothoff Note Added: 0020857
2024-01-10 14:52 Christian Grothoff Product Version => git (master)
2024-01-10 14:52 Christian Grothoff Target Version => 0.9.4
2024-01-18 23:33 Christian Grothoff Relationship added child of 0008112
2024-03-07 20:47 Christian Grothoff Status resolved => closed