From 3506883c75eea6edc505d8a985d58ec5ec781285 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Tue, 29 Oct 2024 21:23:08 +0100
Subject: [PATCH] [ticket/15851] Use raw values for verifying signature

PHPBB-15851
---
 phpBB/phpbb/update/get_updates.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/phpBB/phpbb/update/get_updates.php b/phpBB/phpbb/update/get_updates.php
index 730fe9e903..d9957971bc 100644
--- a/phpBB/phpbb/update/get_updates.php
+++ b/phpBB/phpbb/update/get_updates.php
@@ -101,7 +101,7 @@ class get_updates
 			return false;
 		}
 
-		$raw_signature = file_get_contents($signature_path);
+		$signature = file_get_contents($signature_path);
 
 		$hash = hash_file('sha384', $file_path, true);
 		if ($hash === false)
@@ -109,15 +109,21 @@ class get_updates
 			return false;
 		}
 
-		$signature = base64_decode($raw_signature);
-		if ($signature === false)
+		$raw_signature = base64_decode($signature);
+		if ($raw_signature === false)
+		{
+			return false;
+		}
+
+		$raw_public_key = base64_decode($this->public_key);
+		if ($raw_public_key === false)
 		{
 			return false;
 		}
 
 		try
 		{
-			return sodium_crypto_sign_verify_detached($signature, $hash, $this->public_key);
+			return sodium_crypto_sign_verify_detached($raw_signature, $hash, $raw_public_key);
 		}
 		catch (SodiumException)
 		{