View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009458Talermechant backendpublic2025-01-14 15:352025-01-14 16:18
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version1.0 
Summary0009458: sign_token_envelopes: off by one?
Description```
2566 const struct TokenEnvelope *env = &pc->token_envelopes[pos];
2567 struct SignedOutputToken *output = &pc->output_tokens[pos];
2568
2569 if (pos > pc->token_envelopes_cnt || pos > pc->output_tokens_len)
2570 {
2571 GNUNET_assert (0); /* this should not happen */
2572 return GNUNET_NO;
2573 }
```

Isn't pos already out of bounds if it is == the count?
If the count is 3 then the valid indices are 0, 1, 2 ...?
TagsNo tags attached.

Activities

Christian Grothoff

2025-01-14 16:18

manager   ~0023977

Fix committed to master branch.

Christian Grothoff

2025-01-14 16:18

manager   ~0023978

Indeed. Fixed in 34f8e020..9c5b4f1d

Related Changesets

merchant: master 9c5b4f1d

2025-01-14 17:18

Christian Grothoff


Details Diff		 fix 0009458: broken bounds check Affected Issues
0009458
mod - src/backend/taler-merchant-httpd_post-orders-ID-pay.c Diff File

Issue History

Date Modified Username Field Change
2025-01-14 15:35 fefe New Issue
2025-01-14 15:35 fefe Status new => assigned
2025-01-14 15:35 fefe Assigned To => Christian Grothoff
2025-01-14 16:18 Christian Grothoff Changeset attached => merchant master 9c5b4f1d
2025-01-14 16:18 Christian Grothoff Note Added: 0023977
2025-01-14 16:18 Christian Grothoff Status assigned => resolved
2025-01-14 16:18 Christian Grothoff Resolution open => fixed
2025-01-14 16:18 Christian Grothoff Fixed in Version => 1.0
2025-01-14 16:18 Christian Grothoff Note Added: 0023978