don't try to verify messages if you can't decode base64

pull/1/head
ansuz 8 years ago
parent ecd3f68265
commit 7ab65367c5

@ -18,8 +18,12 @@ var isValidChannel = function (chan) {
var checkSignature = function (signedMsg, publicKey) {
if (!(signedMsg && publicKey)) { return null; }
try {
var signedBuffer = Nacl.util.decodeBase64(signedMsg);
var pubBuffer = Nacl.util.decodeBase64(publicKey);
} catch (e) {
return null;
}
var opened = Nacl.sign.open(signedBuffer, pubBuffer);
@ -46,7 +50,7 @@ RPC.create = function (config, cb) {
var msg = checkSignature(signed, publicKey);
if (!msg) {
return void respond("INVALID_SIGNATURE");
return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
}
if (typeof(msg) !== 'object') {

Loading…
Cancel
Save