Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2026-02-20 18:54:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

OP-01-010 Invalid Armor Checksum Validation (Low)

Browse Source
This commit is contained in:
Thomas Oberndörfer
2014-03-29 16:25:28 +01:00
parent 5eca11ca5b
commit e8ef355604
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/encoding/armor.js
View File

@@ -131,7 +131,7 @@ function getCheckSum(data) {
function verifyCheckSum(data, checksum) {
var c = getCheckSum(data);
var d = checksum;
return c[0] == d[0] && c[1] == d[1] && c[2] == d[2];
return c[0] == d[0] && c[1] == d[1] && c[2] == d[2] && c[3] == d[3];
}
/**
* Internal function to calculate a CRC-24 checksum over a given string (data)
@@ -323,11 +323,13 @@ function dearmor(text) {
checksum = sig_sum.checksum;
}
checksum = checksum.substr(0, 4);
if (!verifyCheckSum(result.data, checksum)) {
throw new Error("Ascii armor integrity check on message failed: '" +
checksum +
"' should be '" +
getCheckSum(result) + "'");
getCheckSum(result.data) + "'");
}
verifyHeaders(result.headers);