Fix the shop & hmac params existence checks

First the param needs to be checked, and only assign the value if the param exists. This should prevent a crash if anyone sends a GET request without any of those parameters.
author: ꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id> 2022-09-14 20:36:29 +0800
committer: ꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id> 2022-09-14 20:36:29 +0800
commit: ad35f7c98dc737d5017d80e34fecb6ad3c5d27ad (patch)
tree: a8fe2c02682b999bb374a1092b43be5289ee7e8d
parent: 200909484e3ccb263f18a166c2c6c1de113a6a3b (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/shopify.c b/shopify.c
index 6fb4037..085921e 100644
--- a/shopify.c
+++ b/shopify.c
@@ -114,14 +114,17 @@ bool shopify_valid(struct MHD_Connection *conn, const char *url,
 	if (!nparams)
 		return false;
 	qsort(*params, nparams, sizeof(struct shopify_param), paramcmp);
+	char *shop = NULL;
 	struct shopify_param *param = bsearch(&(struct shopify_param)
 			{ "shop" }, *params, nparams,
 			sizeof(struct shopify_param), paramcmp);
-	char *shop = param->val;
+	if (param)
+		shop = param->val;
 	if (!shop || !regex_match(shop)) {
 		clear(*params);
 		return false;
 	}
+	param = NULL;
 	char *query = NULL;
 	for (int i = 0; i < nparams; i++) {
 		const char *key = (*params)[i].key;
@@ -136,9 +139,11 @@ bool shopify_valid(struct MHD_Connection *conn, const char *url,
 					last ? "" : "&");
 		}
 	}
+	char *hmac = NULL;
 	param = bsearch(&(struct shopify_param){ "hmac" }, *params, nparams,
 				sizeof(struct shopify_param), paramcmp);
-	char *hmac = param->val;
+	if (param)
+		hmac = param->val;
 	if (!hmac || !crypt_maccmp(secret_key, query, hmac)) {
 		clear(*params);
 		free(query);
author	ꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id>	2022-09-14 20:36:29 +0800
committer	ꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id>	2022-09-14 20:36:29 +0800
commit	ad35f7c98dc737d5017d80e34fecb6ad3c5d27ad (patch)
tree	a8fe2c02682b999bb374a1092b43be5289ee7e8d
parent	200909484e3ccb263f18a166c2c6c1de113a6a3b (diff)