From 1b2c763f0bb078abbc36b74dad24ad94df0681af Mon Sep 17 00:00:00 2001
From: EntireTwix <willkatz.dev@gmail.com>
Date: Mon, 21 Nov 2022 22:20:59 -0800
Subject: [PATCH] requests that accept 2^32 reject arguments larger than 2^32

---
 src/bank_api.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/bank_api.cpp b/src/bank_api.cpp
index 036fd9c..0ba8783 100644
--- a/src/bank_api.cpp
+++ b/src/bank_api.cpp
@@ -52,7 +52,7 @@ void api::SendFunds(req_args)
     {
         std::string_view name;
         uint64_t amount; // as simdjson lacks .get(uint32_t support)
-        if (doc["name"].get(name) || doc["amount"].get(amount))
+        if (doc["name"].get(name) || doc["amount"].get(amount) || (amount > std::numeric_limits<uint32_t>::max()))
         {
             res = BankResponse{k400BadRequest, "\"Missing/Invalid JSON arg(s)\""};
         }
@@ -135,7 +135,7 @@ void api::SetBal(req_args)
     {        
         std::string_view name;
         uint64_t amount;
-        if (doc["name"].get(name) || doc["amount"].get(amount))
+        if (doc["name"].get(name) || doc["amount"].get(amount) || (amount > std::numeric_limits<uint32_t>::max()))
         {
             res = BankResponse{k400BadRequest, "\"Missing/Invalid JSON arg(s)\""};
         }
@@ -231,7 +231,7 @@ void api::PruneUsers(req_args)
 #if MAX_LOG_SIZE > 0
         int64_t time;
         uint64_t amount;
-        if (doc["time"].get(time) || doc["amount"].get(amount))
+        if (doc["time"].get(time) || doc["amount"].get(amount) || (amount > std::numeric_limits<uint32_t>::max()))
         {
             res = BankResponse{k400BadRequest, "\"Missing/Invalid JSON arg(s)\""};
         }
@@ -241,7 +241,7 @@ void api::PruneUsers(req_args)
         }
 #else
         uint64_t amount
-        if (doc["amount"].get(amount))
+        if (doc["amount"].get(amount) || (amount > std::numeric_limits<uint32_t>::max()))
         {
             res = BankResponse{k400BadRequest, "\"Missing/Invalid JSON arg(s)\""};
         }