View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008107 | Taler | exchange | public | 2024-01-18 15:32 | 2024-03-07 20:47 |
| Reporter | fefe | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 0.9.4 | Fixed in Version | 0.9.4 | ||
| Summary | 0008107: TALER_EXCHANGE_Keys: integer truncation | ||||
| Description | This is in exchange/src/include/taler_exchange_service.h: 409 struct TALER_EXCHANGE_Keys 410 { 539 /** 540 * Length of @e accounts array. 541 */ 542 unsigned int accounts_len; 543 544 /** 545 * Length of @e fees array. 546 */ 547 unsigned int fees_len; 548 549 /** 550 * Length of the @e wallet_balance_limit_without_kyc 551 * array. 552 */ 553 unsigned int wblwk_length; array length for json objects is size_t, so these should be size_t as well. 555 /** 556 * Length of the @e global_fees array. 557 */ 558 unsigned int num_global_fees; 559 560 /** 561 * Length of the @e sign_keys array (number of valid entries). 562 */ 563 unsigned int num_sign_keys; 564 565 /** 566 * Length of the @e denom_keys array. 567 */ 568 unsigned int num_denom_keys; 570 /** 571 * Length of the @e auditors array. 572 */ 573 unsigned int num_auditors; 574 575 /** 576 * Actual length of the @e auditors array (size of allocation). 577 */ 578 unsigned int auditors_size; 579 580 /** 581 * Actual length of the @e denom_keys array (size of allocation). 582 */ 583 unsigned int denom_keys_size; | ||||
| Tags | No tags attached. | ||||
| related to | 0008108 | closed | Christian Grothoff | decode_keys_json: integer truncation |
| child of | 0008112 | assigned | fefe | Merchant security review |
|
|
9e709172..b52ec7df fixes the issue, but without changing the API as that has other implications (like breaking all existing code that relies on unsigned int, plus the change would not have addressed that GNUNET_array_grow() fundamentally *only* works for unsigned int and *not* for size_t). So instead, I added guards that fail if an array length exceeds UINT_MAX. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-01-18 15:32 | fefe | New Issue | |
| 2024-01-18 15:32 | fefe | Status | new => assigned |
| 2024-01-18 15:32 | fefe | Assigned To | => Christian Grothoff |
| 2024-01-18 22:47 | Christian Grothoff | Note Added: 0020914 | |
| 2024-01-18 22:47 | Christian Grothoff | Status | assigned => resolved |
| 2024-01-18 22:47 | Christian Grothoff | Resolution | open => fixed |
| 2024-01-18 22:47 | Christian Grothoff | Fixed in Version | => 0.9.4 |
| 2024-01-18 22:48 | Christian Grothoff | Product Version | => git (master) |
| 2024-01-18 22:48 | Christian Grothoff | Target Version | => 0.9.4 |
| 2024-01-18 22:49 | Christian Grothoff | Relationship added | related to 0008108 |
| 2024-01-18 23:30 | Christian Grothoff | Relationship added | child of 0008112 |
| 2024-03-07 20:47 | Christian Grothoff | Status | resolved => closed |
