infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

don't try to verify messages if you can't decode base64

Browse Source
pull/1/head
ansuz 8 years ago
parent ecd3f68265
commit 7ab65367c5
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
rpc.js
Unescape Escape View File

@ -18,8 +18,12 @@ var isValidChannel = function (chan) {
var checkSignature = function (signedMsg, publicKey) { var checkSignature = function (signedMsg, publicKey) {
if (!(signedMsg && publicKey)) { return null; } if (!(signedMsg && publicKey)) { return null; }
try {
var signedBuffer = Nacl.util.decodeBase64(signedMsg); var signedBuffer = Nacl.util.decodeBase64(signedMsg);
var pubBuffer = Nacl.util.decodeBase64(publicKey); var pubBuffer = Nacl.util.decodeBase64(publicKey);
} catch (e) {
return null;
}
var opened = Nacl.sign.open(signedBuffer, pubBuffer); var opened = Nacl.sign.open(signedBuffer, pubBuffer);
@ -46,7 +50,7 @@ RPC.create = function (config, cb) {
var msg = checkSignature(signed, publicKey); var msg = checkSignature(signed, publicKey);
if (!msg) { if (!msg) {
return void respond("INVALID_SIGNATURE"); return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
} }
if (typeof(msg) !== 'object') { if (typeof(msg) !== 'object') {

Write Preview
Loading…
Cancel
Save