From ad35f7c98dc737d5017d80e34fecb6ad3c5d27ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=A6=8C=EA=A6=AB=EA=A6=B6=EA=A6=8F=EA=A7=80=EA=A6=A6?=
 =?UTF-8?q?=EA=A6=BF=EA=A6=A7=EA=A6=AE=EA=A6=91=EA=A6=A9=EA=A6=AD=EA=A7=80?=
 <erik@darapsa.co.id>
Date: Wed, 14 Sep 2022 20:36:29 +0800
Subject: Fix the shop & hmac params existence checks

First the param needs to be checked, and only assign the value if the
param exists. This should prevent a crash if anyone sends a GET request
without any of those parameters.
---
 shopify.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/shopify.c b/shopify.c
index 6fb4037..085921e 100644
--- a/shopify.c
+++ b/shopify.c
@@ -114,14 +114,17 @@ bool shopify_valid(struct MHD_Connection *conn, const char *url,
 	if (!nparams)
 		return false;
 	qsort(*params, nparams, sizeof(struct shopify_param), paramcmp);
+	char *shop = NULL;
 	struct shopify_param *param = bsearch(&(struct shopify_param)
 			{ "shop" }, *params, nparams,
 			sizeof(struct shopify_param), paramcmp);
-	char *shop = param->val;
+	if (param)
+		shop = param->val;
 	if (!shop || !regex_match(shop)) {
 		clear(*params);
 		return false;
 	}
+	param = NULL;
 	char *query = NULL;
 	for (int i = 0; i < nparams; i++) {
 		const char *key = (*params)[i].key;
@@ -136,9 +139,11 @@ bool shopify_valid(struct MHD_Connection *conn, const char *url,
 					last ? "" : "&");
 		}
 	}
+	char *hmac = NULL;
 	param = bsearch(&(struct shopify_param){ "hmac" }, *params, nparams,
 				sizeof(struct shopify_param), paramcmp);
-	char *hmac = param->val;
+	if (param)
+		hmac = param->val;
 	if (!hmac || !crypt_maccmp(secret_key, query, hmac)) {
 		clear(*params);
 		free(query);
-- 
cgit v1.2.3