From 7ab65367c53cb5f1629bcb5936bf9c995f26eef8 Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 16 Mar 2017 17:01:53 +0100 Subject: [PATCH] don't try to verify messages if you can't decode base64 --- rpc.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/rpc.js b/rpc.js index 47c63d221..50713e1bd 100644 --- a/rpc.js +++ b/rpc.js @@ -18,8 +18,12 @@ var isValidChannel = function (chan) { var checkSignature = function (signedMsg, publicKey) { if (!(signedMsg && publicKey)) { return null; } - var signedBuffer = Nacl.util.decodeBase64(signedMsg); - var pubBuffer = Nacl.util.decodeBase64(publicKey); + try { + var signedBuffer = Nacl.util.decodeBase64(signedMsg); + var pubBuffer = Nacl.util.decodeBase64(publicKey); + } catch (e) { + return null; + } var opened = Nacl.sign.open(signedBuffer, pubBuffer); @@ -46,7 +50,7 @@ RPC.create = function (config, cb) { var msg = checkSignature(signed, publicKey); if (!msg) { - return void respond("INVALID_SIGNATURE"); + return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY"); } if (typeof(msg) !== 'object') {