add descr struct verification

1 files changed, 78 insertions, 12 deletions

diff --git a/brandt.c b/brandt.c
index dda81ac..1af19b9 100644
--- a/brandt.c
+++ b/brandt.c
@@ -62,8 +62,8 @@ struct BRANDT_Auction *
 BRANDT_new (BRANDT_CbBroadcast          broadcast,
             BRANDT_CbResult             result,
             void                        *auction_closure,
-            void                        **auction_data,
-            size_t                      *auction_data_len,
+            void                        **auction_desc,
+            size_t                      *auction_desc_len,
             struct GNUNET_TIME_Absolute time_start,
             struct GNUNET_TIME_Relative time_round,
             void                        *description,
@@ -113,28 +113,94 @@ BRANDT_new (BRANDT_CbBroadcast          broadcast,
                                                   &start_auction,
                                                   ret);
 
-        *auction_data_len = sizeof (struct BRANDT_DescrP);
-        *auction_data = desc;
+        *auction_desc_len = sizeof (struct BRANDT_DescrP);
+        *auction_desc = desc;
         return ret;
 }
 
 
+int
+BRANDT_verify_desc (const void                  *auction_desc,
+                    size_t                      auction_desc_len,
+                    const void                  *description,
+                    uint32_t                    description_len,
+                    struct GNUNET_TIME_Absolute *time_start,
+                    struct GNUNET_TIME_Relative *time_round,
+                    uint16_t                    *num_prices,
+                    uint16_t                    *m,
+                    uint16_t                    *outcome_public)
+{
+        const struct BRANDT_DescrP *desc = auction_desc;
+        const uint32_t             zero = 0;
+        struct GNUNET_HashContext  *hc = GNUNET_CRYPTO_hash_context_start ();
+        struct GNUNET_HashCode     computed_hash;
+
+        if (sizeof (struct BRANDT_DescrP) != auction_desc_len)
+        {
+                weprintf ("auction desc struct size mismatch");
+                return -1;
+        }
+
+        GNUNET_CRYPTO_hash_context_read (hc,
+                                         &desc->time_start,
+                                         sizeof (*desc) - sizeof (desc->hash));
+        GNUNET_CRYPTO_hash_context_read (hc,
+                                         description,
+                                         description_len);
+        GNUNET_CRYPTO_hash_context_finish (hc, &computed_hash);
+        if (0 != memcmp (&desc->hash, &computed_hash, sizeof (computed_hash)))
+        {
+                weprintf ("auction description hash does not match");
+                return -1;
+        }
+
+        if (0 != memcmp (&desc->reserved1, &zero, sizeof (desc->reserved1)) ||
+            0 != memcmp (&desc->reserved2, &zero, sizeof (desc->reserved2)))
+        {
+                weprintf ("unknown auction description format");
+                return -1;
+        }
+
+        if (time_start)
+                *time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
+        if (time_round)
+                *time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
+        if (num_prices)
+                *num_prices = ntohs (desc->k);
+        if (m)
+                *m = ntohs (desc->m);
+        if (outcome_public)
+                *outcome_public = ntohs (desc->outcome_public);
+
+        return 0;
+}
+
+
 struct BRANDT_Auction *
 BRANDT_join (BRANDT_CbBroadcast broadcast,
              BRANDT_CbUnicast   unicast,
              BRANDT_CbResult    result,
              void               *auction_closure,
-             const void         *auction_data,
-             size_t             auction_data_len)
+             const void         *auction_desc,
+             size_t             auction_desc_len,
+             const void         *description,
+             uint32_t           description_len)
 {
         struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
-        struct BRANDT_DescrP  *desc = (struct BRANDT_DescrP *)auction_data;
 
-        ret->time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
-        ret->time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
-        ret->k = ntohs (desc->k);
-        ret->m = ntohs (desc->m);
-        ret->outcome_public = ntohs (desc->outcome_public);
+        if (0 != BRANDT_verify_desc (auction_desc,
+                                     auction_desc_len,
+                                     description,
+                                     description_len,
+                                     &ret->time_start,
+                                     &ret->time_round,
+                                     &ret->k,
+                                     &ret->m,
+                                     &ret->outcome_public))
+        {
+                weprintf ("failed to parse auction description blob");
+                return NULL;
+        }
         ret->cur_round = msg_join;
         ret->round_progress = gcry_mpi_new (256);