makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/15851] Use raw values for verifying signature

Browse source 
PHPBB-15851
This commit is contained in:
Marc Alexander 2024-10-29 21:23:08 +01:00
parent dacabf0537
commit 3506883c75
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
phpBB/phpbb/update/get_updates.php
View file

@ -101,7 +101,7 @@ class get_updates
return false; return false;
} }
$raw_signature = file_get_contents($signature_path); $signature = file_get_contents($signature_path);
$hash = hash_file('sha384', $file_path, true); $hash = hash_file('sha384', $file_path, true);
if ($hash === false) if ($hash === false)
@ -109,15 +109,21 @@ class get_updates
return false; return false;
} }
$signature = base64_decode($raw_signature); $raw_signature = base64_decode($signature);
if ($signature === false) if ($raw_signature === false)
{
return false;
}
$raw_public_key = base64_decode($this->public_key);
if ($raw_public_key === false)
{ {
return false; return false;
} }
try try
{ {
return sodium_crypto_sign_verify_detached($signature, $hash, $this->public_key); return sodium_crypto_sign_verify_detached($raw_signature, $hash, $raw_public_key);
} }
catch (SodiumException) catch (SodiumException)
{ {