[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-exchange] branch master updated (d550506 -> 332a372)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-exchange] branch master updated (d550506 -> 332a372) |
|
Date: |
Fri, 06 Oct 2017 22:02:22 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository exchange.
from d550506 BLOB is BYTEA in Postgres
new a7746c8 add assertion to be more defensive against buffer overflow
(cannot happen, but this better protects against future changes)
new a90936f reduce scope of local vars
new ad97b8d use proper type for do_shutdown() callback
new 9b585fd handle plugin load failure without crashing
new 98b7444 handle hypothetical failure of plugin not found
new 332a372 handle (most) TEH_KS_acquire errors
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/auditor/taler-wire-auditor.c | 4 +++-
src/exchange-lib/exchange_api_refresh_link.c | 1 +
src/exchange/taler-exchange-aggregator.c | 13 +++++++++++
src/exchange/taler-exchange-httpd_deposit.c | 19 ++++++++++++++--
src/exchange/taler-exchange-httpd_keystate.c | 17 +++++++++++++-
src/exchange/taler-exchange-httpd_keystate.h | 2 +-
src/exchange/taler-exchange-httpd_payback.c | 7 ++++++
src/exchange/taler-exchange-httpd_refresh_melt.c | 21 +++++++++++------
src/exchange/taler-exchange-httpd_refresh_reveal.c | 12 +++++++---
src/exchange/taler-exchange-httpd_refund.c | 16 ++++++++++---
.../taler-exchange-httpd_reserve_withdraw.c | 8 +++++++
src/exchange/test_taler_exchange_aggregator.c | 6 +++++
src/include/taler_error_codes.h | 9 ++++++--
src/pq/test_pq.c | 26 +++++++++++++---------
14 files changed, 131 insertions(+), 30 deletions(-)
diff --git a/src/auditor/taler-wire-auditor.c b/src/auditor/taler-wire-auditor.c
index c1323ea..7183c33 100644
--- a/src/auditor/taler-wire-auditor.c
+++ b/src/auditor/taler-wire-auditor.c
@@ -122,9 +122,11 @@ static size_t wire_off_size;
/**
* Task run on shutdown.
+ *
+ * @param cls NULL
*/
static void
-do_shutdown ()
+do_shutdown (void *cls)
{
if (NULL != hh)
{
diff --git a/src/exchange-lib/exchange_api_refresh_link.c
b/src/exchange-lib/exchange_api_refresh_link.c
index ca55668..5b7f686 100644
--- a/src/exchange-lib/exchange_api_refresh_link.c
+++ b/src/exchange-lib/exchange_api_refresh_link.c
@@ -282,6 +282,7 @@ parse_refresh_link_ok (struct
TALER_EXCHANGE_RefreshLinkHandle *rlh,
}
/* clean up */
+ GNUNET_assert (off_coin <= num_coins);
for (i=0;i<off_coin;i++)
{
if (NULL != sigs[i].rsa_signature)
diff --git a/src/exchange/taler-exchange-aggregator.c
b/src/exchange/taler-exchange-aggregator.c
index eb97edb..5e0c52c 100644
--- a/src/exchange/taler-exchange-aggregator.c
+++ b/src/exchange/taler-exchange-aggregator.c
@@ -1620,6 +1620,19 @@ wire_prepare_cb (void *cls,
"Starting wire transfer %llu\n",
(unsigned long long) rowid);
wpd->wp = find_plugin (wire_method);
+ if (NULL == wpd->wp)
+ {
+ /* Should really never happen here, as when we get
+ here the plugin should be in the cache. */
+ GNUNET_break (0);
+ db_plugin->rollback (db_plugin->cls,
+ wpd->session);
+ global_ret = GNUNET_SYSERR;
+ GNUNET_SCHEDULER_shutdown ();
+ GNUNET_free (wpd);
+ wpd = NULL;
+ return;
+ }
wpd->eh = wpd->wp->wire_plugin->execute_wire_transfer
(wpd->wp->wire_plugin->cls,
buf,
buf_size,
diff --git a/src/exchange/taler-exchange-httpd_deposit.c
b/src/exchange/taler-exchange-httpd_deposit.c
index 8d824b7..ea77216 100644
--- a/src/exchange/taler-exchange-httpd_deposit.c
+++ b/src/exchange/taler-exchange-httpd_deposit.c
@@ -104,7 +104,7 @@ struct DepositContext
* Value of the coin.
*/
struct TALER_Amount value;
-
+
};
@@ -133,7 +133,7 @@ deposit_transaction (void *cls,
struct TALER_EXCHANGEDB_TransactionList *tl;
struct TALER_Amount spent;
enum GNUNET_DB_QueryStatus qs;
-
+
qs = TEH_plugin->have_deposit (TEH_plugin->cls,
session,
deposit);
@@ -255,6 +255,13 @@ verify_and_execute_deposit (struct MHD_Connection
*connection,
/* check denomination */
mks = TEH_KS_acquire ();
+ if (NULL == mks)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ return TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ }
dki = TEH_KS_denomination_key_lookup (mks,
&deposit->coin.denom_pub,
TEH_KS_DKU_DEPOSIT);
@@ -450,6 +457,14 @@ TEH_DEPOSIT_handler_deposit (struct TEH_RequestHandler *rh,
/* check denomination exists and is valid */
key_state = TEH_KS_acquire ();
+ if (NULL == key_state)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ GNUNET_JSON_parse_free (spec);
+ return TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ }
dki = TEH_KS_denomination_key_lookup (key_state,
&deposit.coin.denom_pub,
TEH_KS_DKU_DEPOSIT);
diff --git a/src/exchange/taler-exchange-httpd_keystate.c
b/src/exchange/taler-exchange-httpd_keystate.c
index fc72a13..033995c 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -1571,7 +1571,7 @@ TEH_KS_release_ (const char *location,
* to #TEH_KS_release() must be made.
*
* @param location name of the function in which the lock is acquired
- * @return the key state
+ * @return the key state, NULL on error (usually pretty fatal)
*/
struct TEH_KS_StateHandle *
TEH_KS_acquire_ (const char *location)
@@ -1837,6 +1837,11 @@ read_again:
/**
* Sign the message in @a purpose with the exchange's signing key.
*
+ * FIXME:
+ * - Change API to return status code and do not assert on TEH_KS_acquire()
+ * failures, instead allow caller to handle it (i.e. by returning
+ * #TALER_EC_EXCHANGE_BAD_CONFIGURATION to application).
+ *
* @param purpose the message to sign
* @param[out] pub set to the current public signing key of the exchange
* @param[out] sig signature over purpose using current signing key
@@ -1850,6 +1855,9 @@ TEH_KS_sign (const struct
GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TEH_KS_StateHandle *key_state;
key_state = TEH_KS_acquire ();
+ GNUNET_assert (NULL != key_state); /* This *can* happen if the exchange's
keys are
+ not properly maintained, but in this
case we
+ simply have no good way forward. */
*pub = key_state->current_sign_key_issue.issue.signkey_pub;
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign
(&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
@@ -1930,6 +1938,13 @@ TEH_KS_handler_keys (struct TEH_RequestHandler *rh,
last_issue_date.abs_value_us = 0LLU;
}
key_state = TEH_KS_acquire ();
+ if (NULL == key_state)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ return TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ }
krd = bsearch (&last_issue_date,
key_state->krd_array,
key_state->krd_array_length,
diff --git a/src/exchange/taler-exchange-httpd_keystate.h
b/src/exchange/taler-exchange-httpd_keystate.h
index 2b7df63..b2fb6f6 100644
--- a/src/exchange/taler-exchange-httpd_keystate.h
+++ b/src/exchange/taler-exchange-httpd_keystate.h
@@ -42,7 +42,7 @@ struct TEH_KS_StateHandle;
* to #TEH_KS_release() must be made.
*
* @param location name of the function in which the lock is acquired
- * @return the key state
+ * @return the key state, NULL on error (usually pretty fatal)
*/
struct TEH_KS_StateHandle *
TEH_KS_acquire_ (const char *location);
diff --git a/src/exchange/taler-exchange-httpd_payback.c
b/src/exchange/taler-exchange-httpd_payback.c
index d8e1dd8..4e2e1e4 100644
--- a/src/exchange/taler-exchange-httpd_payback.c
+++ b/src/exchange/taler-exchange-httpd_payback.c
@@ -312,6 +312,13 @@ verify_and_execute_payback (struct MHD_Connection
*connection,
/* check denomination exists and is in payback mode */
key_state = TEH_KS_acquire ();
+ if (NULL == key_state)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ return TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ }
dki = TEH_KS_denomination_key_lookup (key_state,
&coin->denom_pub,
TEH_KS_DKU_PAYBACK);
diff --git a/src/exchange/taler-exchange-httpd_refresh_melt.c
b/src/exchange/taler-exchange-httpd_refresh_melt.c
index edcd849..c9914f2 100644
--- a/src/exchange/taler-exchange-httpd_refresh_melt.c
+++ b/src/exchange/taler-exchange-httpd_refresh_melt.c
@@ -163,7 +163,7 @@ struct RefreshMeltContext
/**
* Information about the denomination key of the coin being
* melted.
- */
+ */
struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki;
/**
@@ -184,7 +184,7 @@ struct RefreshMeltContext
/**
* Set to the session hash once the @e hash_context has finished.
- */
+ */
struct GNUNET_HashCode session_hash;
/**
@@ -220,7 +220,7 @@ struct RefreshMeltContext
* @param[out] mhd_ret status code to return to MHD on hard error
* @return transaction status code
*/
-static enum GNUNET_DB_QueryStatus
+static enum GNUNET_DB_QueryStatus
refresh_check_melt (struct MHD_Connection *connection,
struct TALER_EXCHANGEDB_Session *session,
struct RefreshMeltContext *rmc,
@@ -416,7 +416,7 @@ refresh_melt_prepare (struct MHD_Connection *connection,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"/refresh/melt request for session %s\n",
GNUNET_h2s (&rmc->session_hash));
-
+
GNUNET_assert (GNUNET_OK ==
TALER_amount_get_zero (TEH_exchange_currency_string,
&total_cost));
@@ -700,7 +700,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
buf_size);
GNUNET_free (buf);
}
-
+
/* decode JSON data on coin to melt and check that this is a
valid coin */
{
@@ -767,6 +767,13 @@ handle_refresh_melt_json (struct MHD_Connection
*connection,
rmc.hash_context = NULL;
rmc.key_state = TEH_KS_acquire ();
+ if (NULL == rmc.key_state)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ return TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ }
rmc.dki = TEH_KS_denomination_key_lookup (rmc.key_state,
&rmc.coin_melt_details.coin_info.denom_pub,
TEH_KS_DKU_DEPOSIT);
@@ -804,7 +811,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
TALER_EC_REFRESH_MELT_AMOUNT_INSUFFICIENT,
"melt amount smaller than
melting fee");
}
-
+
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_MELT,
&body.purpose,
@@ -818,7 +825,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
"confirm_sig");
}
}
-
+
/* prepare commit */
if (GNUNET_OK !=
refresh_melt_prepare (connection,
diff --git a/src/exchange/taler-exchange-httpd_refresh_reveal.c
b/src/exchange/taler-exchange-httpd_refresh_reveal.c
index cfb2b68..5d857fc 100644
--- a/src/exchange/taler-exchange-httpd_refresh_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refresh_reveal.c
@@ -531,7 +531,7 @@ refresh_reveal_transaction (void *cls,
for (unsigned int i=0;i<TALER_CNC_KAPPA;i++)
{
int res;
-
+
if (i == rc->refresh_session.noreveal_index)
{
off = 1;
@@ -542,7 +542,7 @@ refresh_reveal_transaction (void *cls,
rc->refresh_session.num_newcoins,
rc->commit_coins);
if (0 >= qs)
- {
+ {
cleanup_rc (rc);
GNUNET_CRYPTO_hash_context_abort (hash_context);
if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
@@ -596,7 +596,7 @@ refresh_reveal_transaction (void *cls,
cleanup_rc (rc);
return GNUNET_DB_STATUS_HARD_ERROR;
}
-
+
/* Client request OK, sign coins */
rc->ev_sigs = GNUNET_new_array (rc->refresh_session.num_newcoins,
struct TALER_DenominationSignature);
@@ -604,6 +604,12 @@ refresh_reveal_transaction (void *cls,
struct TEH_KS_StateHandle *key_state;
key_state = TEH_KS_acquire ();
+ if (NULL == key_state)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ cleanup_rc (rc);
+ return GNUNET_DB_STATUS_HARD_ERROR;
+ }
for (unsigned int j=0;j<rc->refresh_session.num_newcoins;j++)
{
qs = refresh_exchange_coin (connection,
diff --git a/src/exchange/taler-exchange-httpd_refund.c
b/src/exchange/taler-exchange-httpd_refund.c
index 9846c73..46c6dfd 100644
--- a/src/exchange/taler-exchange-httpd_refund.c
+++ b/src/exchange/taler-exchange-httpd_refund.c
@@ -241,7 +241,7 @@ refund_transaction (void *cls,
tl);
*mhd_ret = TEH_RESPONSE_reply_transaction_unknown (connection,
TALER_EC_REFUND_DEPOSIT_NOT_FOUND);
- return GNUNET_DB_STATUS_HARD_ERROR;
+ return GNUNET_DB_STATUS_HARD_ERROR;
}
/* handle if conflicting refund found */
if (GNUNET_SYSERR == refund_found)
@@ -250,7 +250,7 @@ refund_transaction (void *cls,
tl);
TEH_plugin->free_coin_transaction_list (TEH_plugin->cls,
tl);
- return GNUNET_DB_STATUS_HARD_ERROR;
+ return GNUNET_DB_STATUS_HARD_ERROR;
}
/* handle if identical refund found */
if (GNUNET_YES == refund_found)
@@ -297,7 +297,7 @@ refund_transaction (void *cls,
}
if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
return qs; /* go and retry */
-
+
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
{
/* money was already transferred to merchant, can no longer refund */
@@ -325,6 +325,16 @@ refund_transaction (void *cls,
// FIXME: do this outside of transaction function?
/* Check refund fee matches fee of denomination key! */
mks = TEH_KS_acquire ();
+ if (NULL == mks)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ TEH_plugin->free_coin_transaction_list (TEH_plugin->cls,
+ tl);
+ *mhd_ret = TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ return GNUNET_DB_STATUS_HARD_ERROR;
+ }
dki = TEH_KS_denomination_key_lookup (mks,
&dep->coin.denom_pub,
TEH_KS_DKU_DEPOSIT);
diff --git a/src/exchange/taler-exchange-httpd_reserve_withdraw.c
b/src/exchange/taler-exchange-httpd_reserve_withdraw.c
index c410cea..cc21972 100644
--- a/src/exchange/taler-exchange-httpd_reserve_withdraw.c
+++ b/src/exchange/taler-exchange-httpd_reserve_withdraw.c
@@ -432,6 +432,14 @@ TEH_RESERVE_handler_reserve_withdraw (struct
TEH_RequestHandler *rh,
if (GNUNET_OK != res)
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
wc.key_state = TEH_KS_acquire ();
+ if (NULL == wc.key_state)
+ {
+ TALER_LOG_ERROR ("Lacking keys to operate\n");
+ GNUNET_JSON_parse_free (spec);
+ return TEH_RESPONSE_reply_internal_error (connection,
+
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
+ "no keys");
+ }
wc.dki = TEH_KS_denomination_key_lookup (wc.key_state,
&wc.denomination_pub,
TEH_KS_DKU_WITHDRAW);
diff --git a/src/exchange/test_taler_exchange_aggregator.c
b/src/exchange/test_taler_exchange_aggregator.c
index 7f9ea41..0b56b48 100644
--- a/src/exchange/test_taler_exchange_aggregator.c
+++ b/src/exchange/test_taler_exchange_aggregator.c
@@ -1125,6 +1125,12 @@ run (void *cls)
struct TALER_DenominationPublicKey dpk;
plugin = TALER_EXCHANGEDB_plugin_load (cfg);
+ if (NULL == plugin)
+ {
+ GNUNET_break (0);
+ result = 77;
+ return;
+ }
if (GNUNET_OK !=
plugin->create_tables (plugin->cls))
{
diff --git a/src/include/taler_error_codes.h b/src/include/taler_error_codes.h
index 8574dd0..5a95635 100644
--- a/src/include/taler_error_codes.h
+++ b/src/include/taler_error_codes.h
@@ -53,6 +53,11 @@ enum TALER_ErrorCode
*/
TALER_EC_NOT_IMPLEMENTED = 3,
+ /**
+ * Exchange is badly configured and thus cannot operate.
+ */
+ TALER_EC_EXCHANGE_BAD_CONFIGURATION = 4,
+
/* ********** generic error codes ************* */
/**
@@ -906,7 +911,7 @@ enum TALER_ErrorCode
* MHD_HTTP_BAD_REQUEST.
*/
TALER_EC_KEYS_HAVE_NOT_NUMERIC = 1900,
-
+
/* *********** Merchant backend error codes ********* */
@@ -1264,7 +1269,7 @@ enum TALER_ErrorCode
/**
* The exchange charged a different wire fee than what it
* originally advertised, and it is higher. The response
- * is provied with an HTTP status of
+ * is provied with an HTTP status of
* MHD_HTTP_INTERNAL_SERVER_ERROR (FIXME: bad choice!).
*/
TALER_EC_TRACK_TRANSFER_JSON_BAD_WIRE_FEE = 2410,
diff --git a/src/pq/test_pq.c b/src/pq/test_pq.c
index 841c3e3..6f7de0d 100644
--- a/src/pq/test_pq.c
+++ b/src/pq/test_pq.c
@@ -111,15 +111,6 @@ run_queries (PGconn *conn)
TALER_PQ_query_param_json (json),
GNUNET_PQ_query_param_end
};
- struct GNUNET_PQ_QueryParam params_select[] = {
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec results_select[] = {
- TALER_PQ_result_spec_amount ("hamount", &hamount2),
- TALER_PQ_result_spec_amount_nbo ("namount", &namount2),
- TALER_PQ_result_spec_json ("json", &json2),
- GNUNET_PQ_result_spec_end
- };
result = GNUNET_PQ_exec_prepared (conn,
"test_insert",
@@ -132,8 +123,13 @@ run_queries (PGconn *conn)
PQclear (result);
return 1;
}
-
PQclear (result);
+ }
+ {
+ struct GNUNET_PQ_QueryParam params_select[] = {
+ GNUNET_PQ_query_param_end
+ };
+
result = GNUNET_PQ_exec_prepared (conn,
"test_select",
params_select);
@@ -144,6 +140,16 @@ run_queries (PGconn *conn)
PQclear (result);
return 1;
}
+ }
+
+ {
+ struct GNUNET_PQ_ResultSpec results_select[] = {
+ TALER_PQ_result_spec_amount ("hamount", &hamount2),
+ TALER_PQ_result_spec_amount_nbo ("namount", &namount2),
+ TALER_PQ_result_spec_json ("json", &json2),
+ GNUNET_PQ_result_spec_end
+ };
+
ret = GNUNET_PQ_extract_result (result,
results_select,
0);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [taler-exchange] branch master updated (d550506 -> 332a372),
gnunet <=
- [GNUnet-SVN] [taler-exchange] 04/06: handle plugin load failure without crashing, gnunet, 2017/10/06
- [GNUnet-SVN] [taler-exchange] 03/06: use proper type for do_shutdown() callback, gnunet, 2017/10/06
- [GNUnet-SVN] [taler-exchange] 02/06: reduce scope of local vars, gnunet, 2017/10/06
- [GNUnet-SVN] [taler-exchange] 06/06: handle (most) TEH_KS_acquire errors, gnunet, 2017/10/06
- [GNUnet-SVN] [taler-exchange] 01/06: add assertion to be more defensive against buffer overflow (cannot happen, but this better protects against future changes), gnunet, 2017/10/06
- [GNUnet-SVN] [taler-exchange] 05/06: handle hypothetical failure of plugin not found, gnunet, 2017/10/06