Additional checks

This commit is contained in:
Michael 2018-03-09 05:38:15 +00:00
parent c9095386c8
commit 3e51fa73b1

View file

@ -221,6 +221,11 @@ class Diaspora
$signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
if ($handle == '') {
logger('No author could be decoded. Discarding. Message: ' . $envelope);
return false;
}
$key = self::key($handle); $key = self::key($handle);
if ($key == '') { if ($key == '') {
logger("Couldn't get a key for handle " . $handle . ". Discarding."); logger("Couldn't get a key for handle " . $handle . ". Discarding.");
@ -331,6 +336,10 @@ class Diaspora
} }
$key = self::key($author_addr); $key = self::key($author_addr);
if ($key == '') {
logger("Couldn't get a key for handle " . $author_addr . ". Discarding.");
System::httpExit(400);
}
$verify = Crypto::rsaVerify($signed_data, $signature, $key); $verify = Crypto::rsaVerify($signed_data, $signature, $key);
if (!$verify) { if (!$verify) {