View Issue Details

IDProjectCategoryView StatusLast Update
0008105Talerexchangepublic2024-03-07 20:47
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.9.4Fixed in Version0.9.4 
Summary0008105: parse_json_auditor: integer truncation
DescriptionThis is in exchange/src/lib/exchange_api_handle.c:

 547 unsigned int off;
 548 unsigned int pos;

These should be size_t.

 578 json_array_foreach (keys, off, key) {

This converts into a loop up to json_array_size, which returns size_t, so off should be size_t.
In each loop iteration we increment pos, so it should be size_t, too.
After the loop, we assign pos to num_denom_keys, so that should be size_t too:

 640 auditor->num_denom_keys = pos;

which means in the loop this needs to be a size_t as well:

 599 for (unsigned int j = 0; j<key_data->num_denom_keys; j++)
TagsNo tags attached.


child of 0008112 assignedfefe Merchant security review 


Christian Grothoff

2024-01-18 22:24

manager   ~0020908

Fixed in d7962e01..dbf84c51. Alas not by changing d7962e01..dbf84c51 but by checking that pos <= UINT_MAX before doing the assignment and failing if that check fails.

Issue History

Date Modified Username Field Change
2024-01-18 14:38 fefe New Issue
2024-01-18 14:38 fefe Status new => assigned
2024-01-18 14:38 fefe Assigned To => Christian Grothoff
2024-01-18 22:24 Christian Grothoff Note Added: 0020908
2024-01-18 22:24 Christian Grothoff Status assigned => resolved
2024-01-18 22:24 Christian Grothoff Resolution open => fixed
2024-01-18 22:24 Christian Grothoff Fixed in Version => 0.9.4
2024-01-18 22:24 Christian Grothoff Product Version => git (master)
2024-01-18 22:24 Christian Grothoff Target Version => 0.9.4
2024-01-18 23:31 Christian Grothoff Relationship added child of 0008112
2024-03-07 20:47 Christian Grothoff Status resolved => closed