Home Explore Help
Register Sign In
oleg
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Update InboxPipeline, fail earlier for invalid public keys. Fixes #2648

Daniel Supernault 4 years ago
parent
40db9a1296
commit
d1c5e9b867
2 changed files with 6 additions and 0 deletions
Unified View Show Diff Stats
  1. 3 0
      app/Jobs/InboxPipeline/InboxValidator.php
  2. 3 0
      app/Jobs/InboxPipeline/InboxWorker.php

+ 3 - 0
app/Jobs/InboxPipeline/InboxValidator.php
View File 

@@ -173,6 +173,9 @@ class InboxValidator implements ShouldQueue
 
             return;
 
             return;
 
         }
 
         }
 
         $pkey = openssl_pkey_get_public($actor->public_key);
 
         $pkey = openssl_pkey_get_public($actor->public_key);
 
+        if(!$pkey) {
 
+            return 0;
 
+        }
 
         $inboxPath = "/users/{$profile->username}/inbox";
 
         $inboxPath = "/users/{$profile->username}/inbox";
 
         list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
 
         list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
 
         if($verified == 1) { 
         if($verified == 1) {

+ 3 - 0
app/Jobs/InboxPipeline/InboxWorker.php
View File 

@@ -161,6 +161,9 @@ class InboxWorker implements ShouldQueue
 
             return;
 
             return;
 
         }
 
         }
 
         $pkey = openssl_pkey_get_public($actor->public_key);
 
         $pkey = openssl_pkey_get_public($actor->public_key);
 
+        if(!$pkey) {
 
+            return 0;
 
+        }
 
         $inboxPath = "/f/inbox";
 
         $inboxPath = "/f/inbox";
 
         list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
 
         list($verified, $headers) = HttpSignature::verify($pkey, $signatureData, $headers, $inboxPath, $body);
 
         if($verified == 1) { 
         if($verified == 1) {