From 0149ec5921c88513ce0bbb53cf0d8f2fa52cce13 Mon Sep 17 00:00:00 2001
From: ThomasV <thomasv@gitorious>
Date: Wed, 7 May 2014 18:20:17 +0200
Subject: [PATCH] sanitize payment request code

---
 lib/paymentrequest.py | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py
index 5df5d6bfa..a9f076ca9 100644
--- a/lib/paymentrequest.py
+++ b/lib/paymentrequest.py
@@ -65,13 +65,21 @@ class PaymentRequest:
         u = urlparse.urlparse(self.url)
         self.domain = u.netloc
 
-        connection = httplib.HTTPConnection(u.netloc) if u.scheme == 'http' else httplib.HTTPSConnection(u.netloc)
-        connection.request("GET",u.geturl(), headers=REQUEST_HEADERS)
-        resp = connection.getresponse()
+        try:
+            connection = httplib.HTTPConnection(u.netloc) if u.scheme == 'http' else httplib.HTTPSConnection(u.netloc)
+            connection.request("GET",u.geturl(), headers=REQUEST_HEADERS)
+            resp = connection.getresponse()
+        except:
+            self.error = "cannot read url"
+            return
 
-        r = resp.read()
         paymntreq = paymentrequest_pb2.PaymentRequest()
-        paymntreq.ParseFromString(r)
+        try:
+            r = resp.read()
+            paymntreq.ParseFromString(r)
+        except:
+            self.error = "cannot parse payment request"
+            return
 
         sig = paymntreq.signature
         if not sig: