From c9095386c8ae0f4b8adb140f7c04eab707f2d03b Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 9 Mar 2018 05:31:13 +0000 Subject: [PATCH 1/2] Diaspora: Avoid warning "supplied key param cannot be coerced into a public key" --- src/Protocol/Diaspora.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index 384a019587..ffa47b1688 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -222,10 +222,14 @@ class Diaspora $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); $key = self::key($handle); + if ($key == '') { + logger("Couldn't get a key for handle " . $handle . ". Discarding."); + return false; + } $verify = Crypto::rsaVerify($signable_data, $sig, $key); if (!$verify) { - logger('Message did not verify. Discarding.'); + logger('Message from ' . $handle . ' did not verify. Discarding.'); return false; } @@ -321,6 +325,11 @@ class Diaspora // Get the senders' public key $key_id = $base->sig[0]->attributes()->key_id[0]; $author_addr = base64_decode($key_id); + if ($author_addr == '') { + logger('No author could be decoded. Discarding. Message: ' . $xml); + System::httpExit(400); + } + $key = self::key($author_addr); $verify = Crypto::rsaVerify($signed_data, $signature, $key); From 3e51fa73b1cded6764634710fbee3c9d2dfaf6c3 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 9 Mar 2018 05:38:15 +0000 Subject: [PATCH 2/2] Additional checks --- src/Protocol/Diaspora.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index ffa47b1688..097ec8ddd5 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -221,6 +221,11 @@ class Diaspora $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); + if ($handle == '') { + logger('No author could be decoded. Discarding. Message: ' . $envelope); + return false; + } + $key = self::key($handle); if ($key == '') { logger("Couldn't get a key for handle " . $handle . ". Discarding."); @@ -331,6 +336,10 @@ class Diaspora } $key = self::key($author_addr); + if ($key == '') { + logger("Couldn't get a key for handle " . $author_addr . ". Discarding."); + System::httpExit(400); + } $verify = Crypto::rsaVerify($signed_data, $signature, $key); if (!$verify) {