mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #25214 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.30 

Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
This commit is contained in:
Morris Jobke 2021-01-21 10:25:02 +01:00 committed by GitHub
parent d4d33e3095 fcbbcacab4
commit 10214fbee0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
3rdparty

@ -1 +1 @@
Subproject commit 099e537a03d162302c2366f7d53088d5bf623c4c Subproject commit 3faef8dfa15d0b946759bdb888d5b245de6fb524

1
apps/files_external/lib/Lib/Storage/SFTP.php
View File

@ -141,6 +141,7 @@ class SFTP extends \OC\Files\Storage\Common {
$login = false; $login = false;
foreach ($this->auth as $auth) { foreach ($this->auth as $auth) {
/** @psalm-suppress TooManyArguments */
$login = $this->client->login($this->user, $auth); $login = $this->client->login($this->user, $auth);
if ($login === true) { if ($login === true) {
break; break;

22
lib/private/Installer.php
View File

@ -215,6 +215,18 @@ class Installer {
return false; return false;
} }
/**
* Split the certificate file in individual certs
*
* @param string $cert
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
return $matches[0];
}
/** /**
* Downloads an app and puts it into the app directory * Downloads an app and puts it into the app directory
* *
@ -231,12 +243,18 @@ class Installer {
if ($app['id'] === $appId) { if ($app['id'] === $appId) {
// Load the certificate // Load the certificate
$certificate = new X509(); $certificate = new X509();
$certificate->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt')); $rootCrt = file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt');
$rootCrts = $this->splitCerts($rootCrt);
foreach ($rootCrts as $rootCrt) {
$certificate->loadCA($rootCrt);
}
$loadedCertificate = $certificate->loadX509($app['certificate']); $loadedCertificate = $certificate->loadX509($app['certificate']);
// Verify if the certificate has been revoked // Verify if the certificate has been revoked
$crl = new X509(); $crl = new X509();
$crl->loadCA(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crt')); foreach ($rootCrts as $rootCrt) {
$crl->loadCA($rootCrt);
}
$crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl')); $crl->loadCRL(file_get_contents(__DIR__ . '/../../resources/codesigning/root.crl'));
if ($crl->validateSignature() !== true) { if ($crl->validateSignature() !== true) {
throw new \Exception('Could not validate CRL signature'); throw new \Exception('Could not validate CRL signature');

18
lib/private/IntegrityCheck/Checker.php
View File

@ -299,6 +299,18 @@ class Checker {
} }
} }
/**
* Split the certificate file in individual certs
*
* @param string $cert
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
return $matches[0];
}
/** /**
* Verifies the signature for the specified path. * Verifies the signature for the specified path.
* *
@ -333,7 +345,11 @@ class Checker {
// Check if certificate is signed by Nextcloud Root Authority // Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509(); $x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt'); $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$rootCerts = $this->splitCerts($rootCertificatePublicKey);
foreach ($rootCerts as $rootCert) {
$x509->loadCA($rootCert);
}
$x509->loadX509($certificate); $x509->loadX509($certificate);
if (!$x509->validateSignature()) { if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.'); throw new InvalidSignatureException('Certificate is not valid.');