[GNUnet-SVN] [taler-merchant] branch master updated: fix use after free

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-merchant] branch master updated: fix use after free

From:	gnunet
Subject:	[GNUnet-SVN] [taler-merchant] branch master updated: fix use after free (copy strings properly)
Date:	Wed, 17 Jan 2018 03:37:27 +0100

This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository merchant.

The following commit(s) were added to refs/heads/master by this push:
     new a2a1f52  fix use after free (copy strings properly)
a2a1f52 is described below

commit a2a1f52beced12e6319546ff09b925c49c7d2561
Author: Florian Dold <address@hidden>
AuthorDate: Wed Jan 17 03:37:06 2018 +0100

    fix use after free (copy strings properly)
---
 src/backend/taler-merchant-httpd_pay.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_pay.c 
b/src/backend/taler-merchant-httpd_pay.c
index 6db69e7..539a194 100644
--- a/src/backend/taler-merchant-httpd_pay.c
+++ b/src/backend/taler-merchant-httpd_pay.c
@@ -354,12 +354,12 @@ struct PayContext
    * Optional session id given in @e root.
    * NULL if not given.
    */
-  const char *session_id;
+  char *session_id;
 
   /**
    * Transaction ID given in @e root.
    */
-  const char *order_id;
+  char *order_id;
 };
 
 
@@ -594,6 +594,8 @@ pay_context_cleanup (struct TM_HandlerContext *hc)
     json_decref (pc->contract_terms);
     pc->contract_terms = NULL;
   }
+  GNUNET_free_non_null (pc->order_id);
+  GNUNET_free_non_null (pc->session_id);
   GNUNET_CONTAINER_DLL_remove (pc_head,
                                pc_tail,
                                pc);
@@ -1306,9 +1308,12 @@ parse_pay (struct MHD_Connection *connection,
     return res;
   }
 
-  pc->session_id = json_string_value (json_object_get (root,
-                                                       "session_id"));
-  pc->order_id = order_id;
+  const char *session_id = json_string_value (json_object_get (root,
+                                                               "session_id"));
+  if (NULL != session_id) {
+    pc->session_id = GNUNET_strdup (session_id);
+  }
+  pc->order_id = GNUNET_strdup (order_id);
   GNUNET_assert (NULL == pc->contract_terms);
   qs = db->find_contract_terms (db->cls,
                                 &pc->contract_terms,

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [taler-merchant] branch master updated: fix use after free (copy strings properly), gnunet <=

Prev by Date: [GNUnet-SVN] [taler-landing] branch master updated (b521d27 -> 1bf7e17)
Next by Date: [GNUnet-SVN] [taler-wallet-webex] 01/02: rename data -> contract_terms
Previous by thread: [GNUnet-SVN] [taler-landing] branch master updated (b521d27 -> 1bf7e17)
Next by thread: [GNUnet-SVN] [taler-wallet-webex] branch master updated (09c7be80 -> c62ba498)
Index(es):
- Date
- Thread