Correctly handle verification of signatures without t= (timestamp) and with x= (expiration); both are optional (LP: 2071892)
This commit is contained in:
Scott Kitterman
@@ -1,4 +1,6 @@
|
|||||||
2024-07-04 Version 1.1.8
|
2024-07-04 Version 1.1.8
|
||||||
|
- Correctly handle verification of signatures without t= (timestamp) and
|
||||||
|
with x= (expiration); both are optional (LP: 2071892)
|
||||||
|
|
||||||
2024-06-23 Version 1.1.7
|
2024-06-23 Version 1.1.7
|
||||||
- Fix error in validate_signature_fields which prevented signature
|
- Fix error in validate_signature_fields which prevented signature
|
||||||
|
|||||||
+3
-1
@@ -331,6 +331,8 @@ def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b'
|
|||||||
t_sign = int(sig[b't'])
|
t_sign = int(sig[b't'])
|
||||||
if t_sign > now + slop:
|
if t_sign > now + slop:
|
||||||
raise ValidationError("t= value is in the future (%s)" % sig[b't'])
|
raise ValidationError("t= value is in the future (%s)" % sig[b't'])
|
||||||
|
else:
|
||||||
|
t_sign = None
|
||||||
|
|
||||||
if b'v' in sig and sig[b'v'] != b"1":
|
if b'v' in sig and sig[b'v'] != b"1":
|
||||||
raise ValidationError("v= value is not 1 (%s)" % sig[b'v'])
|
raise ValidationError("v= value is not 1 (%s)" % sig[b'v'])
|
||||||
@@ -345,7 +347,7 @@ def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b'
|
|||||||
if x_sign < now - slop:
|
if x_sign < now - slop:
|
||||||
raise ValidationError(
|
raise ValidationError(
|
||||||
"x= value is past (%s)" % sig[b'x'])
|
"x= value is past (%s)" % sig[b'x'])
|
||||||
if x_sign < t_sign:
|
if t_sign and x_sign < t_sign:
|
||||||
raise ValidationError(
|
raise ValidationError(
|
||||||
"x= value is less than t= value (x=%s t=%s)" %
|
"x= value is less than t= value (x=%s t=%s)" %
|
||||||
(sig[b'x'], sig[b't']))
|
(sig[b'x'], sig[b't']))
|
||||||
|
|||||||
Reference in New Issue
Block a user