infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

don't try to verify messages if you can't decode base64

pull/1/head
ansuz 2017-03-16 17:01:53 +01:00
parent ecd3f68265
commit 7ab65367c5
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rpc.js
View File

@ -18,8 +18,12 @@ var isValidChannel = function (chan) {
var checkSignature = function (signedMsg, publicKey) {
if (!(signedMsg && publicKey)) { return null; }
var signedBuffer = Nacl.util.decodeBase64(signedMsg);
var pubBuffer = Nacl.util.decodeBase64(publicKey);
try {
var signedBuffer = Nacl.util.decodeBase64(signedMsg);
var pubBuffer = Nacl.util.decodeBase64(publicKey);
} catch (e) {
return null;
}
var opened = Nacl.sign.open(signedBuffer, pubBuffer);
@ -46,7 +50,7 @@ RPC.create = function (config, cb) {
var msg = checkSignature(signed, publicKey);
if (!msg) {
return void respond("INVALID_SIGNATURE");
return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
}
if (typeof(msg) !== 'object') {