mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-09-05 09:26:06 +00:00
Code Issues Projects Releases Wiki Activity

VerifyLoginTask: fast-fail by checking header x5u before verifying signature

Browse Source 
this is less costly, although it doesn't make any difference except in invalid cases.
This commit is contained in:
Dylan K. Taylor
2020-06-17 17:52:19 +01:00
parent 09771849ae
commit 11a3f9f1b9
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/pocketmine/network/mcpe/VerifyLoginTask.php
View File

@ -115,6 +115,9 @@ class VerifyLoginTask extends AsyncTask{
//First link, check that it is self-signed //First link, check that it is self-signed
$currentPublicKey = $headers["x5u"]; $currentPublicKey = $headers["x5u"];
}elseif($headers["x5u"] !== $currentPublicKey){
//Fast path: if the header key doesn't match what we expected, the signature isn't going to validate anyway
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.badSignature");
} }
$plainSignature = base64_decode(strtr($sigB64, '-_', '+/'), true); $plainSignature = base64_decode(strtr($sigB64, '-_', '+/'), true);