makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-07 20:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/15851] Use raw values for verifying signature

Browse source 
PHPBB-15851
This commit is contained in:
Marc Alexander 2024-10-29 21:23:08 +01:00
parent dacabf0537
commit 3506883c75
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
phpBB/phpbb/update/get_updates.php
View file

@ -101,7 +101,7 @@ class get_updates
return false;
}
$raw_signature = file_get_contents($signature_path);
$signature = file_get_contents($signature_path);
$hash = hash_file('sha384', $file_path, true);
if ($hash === false)
@ -109,15 +109,21 @@ class get_updates
return false;
}
$signature = base64_decode($raw_signature);
if ($signature === false)
$raw_signature = base64_decode($signature);
if ($raw_signature === false)
{
return false;
}
$raw_public_key = base64_decode($this->public_key);
if ($raw_public_key === false)
{
return false;
}
try
{
return sodium_crypto_sign_verify_detached($signature, $hash, $this->public_key);
return sodium_crypto_sign_verify_detached($raw_signature, $hash, $raw_public_key);
}
catch (SodiumException)
{