Browse Source
Merge pull request #45321 from nextcloud/bugfix/noid/check-function-call
fix: Correctly check result of function
pull/45345/head
Anna
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
3 additions and
3 deletions
-
lib/private/Installer.php
-
lib/private/Security/IdentityProof/Signer.php
|
|
|
@ -280,7 +280,7 @@ class Installer { |
|
|
|
|
|
|
|
// Check if the signature actually matches the downloaded content
|
|
|
|
$certificate = openssl_get_publickey($app['certificate']); |
|
|
|
$verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512); |
|
|
|
$verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1; |
|
|
|
|
|
|
|
if ($verified === true) { |
|
|
|
// Seems to match, let's proceed
|
|
|
|
|
|
|
|
@ -74,12 +74,12 @@ class Signer { |
|
|
|
$user = $this->userManager->get($userId); |
|
|
|
if ($user !== null) { |
|
|
|
$key = $this->keyManager->getKey($user); |
|
|
|
return (bool)openssl_verify( |
|
|
|
return openssl_verify( |
|
|
|
json_encode($data['message']), |
|
|
|
base64_decode($data['signature']), |
|
|
|
$key->getPublic(), |
|
|
|
OPENSSL_ALGO_SHA512 |
|
|
|
); |
|
|
|
) === 1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
