Put bounds checking on redeemCounter

f2661507 · Jean-Paul Calderone · f0867b77 · f2661507
Unverified Commit f2661507 authored 4 years ago by Jean-Paul Calderone
--- a/src/PaymentServer/Redemption.hs
+++ b/src/PaymentServer/Redemption.hs
@@ -73,6 +73,8 @@ data Result
  = Unpaid -- ^ A voucher has not been paid for.
  | DoubleSpend -- ^ A voucher has already been redeemed.
  | OtherFailure Text -- ^ Some other unrecognized failure mode.
+  -- | Given counter was not in the expected range
+  | CounterOutOfBounds Integer Integer Integer
  | Succeeded PublicKey [Signature] Proof
  deriving (Show, Eq)
@@ -104,6 +106,13 @@ instance ToJSON Result where
    [ "success" .= False
    , "reason" .= ("double-spend" :: Text)
    ]
+  toJSON (CounterOutOfBounds min max received) = object
+    [ "success" .= False
+    , "reason" .= ("counter-out-of-bounds" :: Text)
+    , "min" .= min
+    , "max" .= max
+    , "received" .= received
+    ]
  toJSON (OtherFailure description) = object
    [ "success" .= False
    , "reason" .= description
@@ -131,6 +140,11 @@ instance FromJSON Result where
        then return DoubleSpend
        else return $ OtherFailure reason
+-- | Limit the value for the counter value supplied during a voucher
+-- redemption attempt.  A counter in the range [0..maxCounter) is allowed.
+maxCounter :: Integer
+maxCounter = 16
 type RedemptionAPI = ReqBody '[JSON] Redeem :> Post '[JSON] Result
 jsonErr400 reason = err400
@@ -145,21 +159,24 @@ redemptionServer = redeem
 -- voucher and return signatures.  Return a failure if this is not possible
 -- (eg because the voucher was already redeemed).
 redeem :: VoucherDatabase d => Issuer -> d -> Redeem -> Handler Result
-redeem issue database (Redeem voucher tokens) = do
+redeem issue database (Redeem voucher tokens counter) =
-  let fingerprint = fingerprintFromTokens tokens
+  if counter < 0 || counter >= maxCounter then
-  result <- liftIO $ PaymentServer.Persistence.redeemVoucher database voucher fingerprint
+    throwError $ jsonErr400 (CounterOutOfBounds 0 maxCounter counter)
-  case result of
+  else do
-    Left NotPaid -> do
+    let fingerprint = fingerprintFromTokens tokens
-      throwError $ jsonErr400 Unpaid
+    result <- liftIO $ PaymentServer.Persistence.redeemVoucher database voucher fingerprint
-    Left AlreadyRedeemed -> do
+    case result of
-      throwError $ jsonErr400 DoubleSpend
+      Left NotPaid -> do
-    Right () -> do
+        throwError $ jsonErr400 Unpaid
-      let result = issue tokens
+      Left AlreadyRedeemed -> do
-      case result of
+        throwError $ jsonErr400 DoubleSpend
-        Left reason -> do
+      Right () -> do
-          throwError $ jsonErr400 $ OtherFailure reason
+        let result = issue tokens
-        Right (ChallengeBypass key signatures proof) ->
+        case result of
-          return $ Succeeded key signatures proof
+          Left reason -> do
+            throwError $ jsonErr400 $ OtherFailure reason
+          Right (ChallengeBypass key signatures proof) ->
+            return $ Succeeded key signatures proof
 -- | Compute a cryptographic hash (fingerprint) of a list of tokens which can
 -- be used as an identifier for this exact sequence of tokens.