1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
commit fb23e0af61c023e3a6dae8ad30dbd0f04d8a4d8f
Merge: 3541f5e ca2b448
Author: Russell Haering <russellhaering@gmail.com>
Date: Fri Aug 27 20:19:01 2021 -0700
Merge pull request #71 from aporcupine/patch-1
Explicitly check for case where SignatureValue is nil
Index: golang-github-russellhaering-goxmldsig-1.1.0/validate.go
===================================================================
--- golang-github-russellhaering-goxmldsig-1.1.0.orig/validate.go 2022-03-24 02:38:38.797524728 +0100
+++ golang-github-russellhaering-goxmldsig-1.1.0/validate.go 2022-03-24 02:38:38.797524728 +0100
@@ -271,6 +271,9 @@
if !bytes.Equal(digest, decodedDigestValue) {
return nil, errors.New("Signature could not be verified")
}
+ if sig.SignatureValue == nil {
+ return nil, errors.New("Signature could not be verified")
+ }
// Decode the 'SignatureValue' so we can compare against it
decodedSignature, err := base64.StdEncoding.DecodeString(sig.SignatureValue.Data)
|
