fix: Correctly check result of function

nickvergessen · blizzz · commit eab019c8b373 · 2024-05-22T17:36:46.000+02:00
Signed-off-by: Joas Schilling &lt;coding@schilljs.com&gt;
diff --git a/lib/private/Installer.php b/lib/private/Installer.php
@@ -296,7 +296,7 @@ public function downloadApp($appId, $allowUnstable = false) {
 
 				// Check if the signature actually matches the downloaded content
 				$certificate = openssl_get_publickey($app['certificate']);
-				$verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512);
+				$verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1;
 				// PHP 8+ deprecates openssl_free_key and automatically destroys the key instance when it goes out of scope
 				if ((PHP_VERSION_ID < 80000)) {
 					openssl_free_key($certificate);
diff --git a/lib/private/Security/IdentityProof/Signer.php b/lib/private/Security/IdentityProof/Signer.php
@@ -93,12 +93,12 @@ public function verify(array $data): bool {
 			$user = $this->userManager->get($userId);
 			if ($user !== null) {
 				$key = $this->keyManager->getKey($user);
-				return (bool)openssl_verify(
+				return openssl_verify(
 					json_encode($data['message']),
 					base64_decode($data['signature']),
 					$key->getPublic(),
 					OPENSSL_ALGO_SHA512
-				);
+				) === 1;
 			}
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -93,12 +93,12 @@ public function verify(array $data): bool {`
`93`	`93`	`$user = $this->userManager->get($userId);`
`94`	`94`	`if ($user !== null) {`
`95`	`95`	`$key = $this->keyManager->getKey($user);`
`96`		`- return (bool)openssl_verify(`
	`96`	`+ return openssl_verify(`
`97`	`97`	`json_encode($data['message']),`
`98`	`98`	`base64_decode($data['signature']),`
`99`	`99`	`$key->getPublic(),`
`100`	`100`	`OPENSSL_ALGO_SHA512`
`101`		`- );`
	`101`	`+ ) === 1;`
`102`	`102`	`}`
`103`	`103`	`}`
`104`	`104`