upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-22 01:55:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 37

fix: Correctly check result of function

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2024-05-15 10:11:31 +02:00 committed by Arthur Schiwon
parent a812fac26b
commit eab019c8b3
No known key found for this signature in database
GPG key ID: 7424F1874854DF23
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/private/Installer.php
View file

@ -296,7 +296,7 @@ class Installer {
// Check if the signature actually matches the downloaded content
$certificate = openssl_get_publickey($app['certificate']);
$verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512);
$verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1;
// PHP 8+ deprecates openssl_free_key and automatically destroys the key instance when it goes out of scope
if ((PHP_VERSION_ID < 80000)) {
openssl_free_key($certificate);

4
lib/private/Security/IdentityProof/Signer.php
View file

@ -93,12 +93,12 @@ class Signer {
$user = $this->userManager->get($userId);
if ($user !== null) {
$key = $this->keyManager->getKey($user);
return (bool)openssl_verify(
return openssl_verify(
json_encode($data['message']),
base64_decode($data['signature']),
$key->getPublic(),
OPENSSL_ALGO_SHA512
);
) === 1;
}
}