web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

don't try to verify messages if you can't decode base64

Browse Source
This commit is contained in:
ansuz 2017-03-16 17:01:53 +01:00
parent ecd3f68265
commit 7ab65367c5
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rpc.js
View File

@ -18,8 +18,12 @@ var isValidChannel = function (chan) {
var checkSignature = function (signedMsg, publicKey) { var checkSignature = function (signedMsg, publicKey) {
if (!(signedMsg && publicKey)) { return null; } if (!(signedMsg && publicKey)) { return null; }
var signedBuffer = Nacl.util.decodeBase64(signedMsg); try {
var pubBuffer = Nacl.util.decodeBase64(publicKey); var signedBuffer = Nacl.util.decodeBase64(signedMsg);
var pubBuffer = Nacl.util.decodeBase64(publicKey);
} catch (e) {
return null;
}
var opened = Nacl.sign.open(signedBuffer, pubBuffer); var opened = Nacl.sign.open(signedBuffer, pubBuffer);
@ -46,7 +50,7 @@ RPC.create = function (config, cb) {
var msg = checkSignature(signed, publicKey); var msg = checkSignature(signed, publicKey);
if (!msg) { if (!msg) {
return void respond("INVALID_SIGNATURE"); return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
} }
if (typeof(msg) !== 'object') { if (typeof(msg) !== 'object') {