mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't verify content length

main
Bob Mottram 2019-11-12 19:12:19 +00:00
parent ff09bf0181
commit 55194f95d5
1 changed files with 0 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
httpsig.py
View File

@ -173,9 +173,6 @@ def verifyPostHeaders(httpPrefix: str,publicKeyPem: str,headers: dict, \
# Unpack the signed headers and set values based on current headers and # Unpack the signed headers and set values based on current headers and
# body (if a digest was included) # body (if a digest was included)
signedHeaderList = [] signedHeaderList = []
contentLength=len(messageBodyJsonStr)
if debug:
print('DEBUG: verifyPostHeaders contentLength='+str(contentLength))
for signedHeader in signatureDict['headers'].split(' '): for signedHeader in signatureDict['headers'].split(' '):
if debug: if debug:
print('DEBUG: verifyPostHeaders signedHeader='+signedHeader) print('DEBUG: verifyPostHeaders signedHeader='+signedHeader)
@ -197,24 +194,12 @@ def verifyPostHeaders(httpPrefix: str,publicKeyPem: str,headers: dict, \
if headers.get('Content-Length'): if headers.get('Content-Length'):
contentLengthStr='Content-Length' contentLengthStr='Content-Length'
if headers.get(contentLengthStr): if headers.get(contentLengthStr):
if int(headers[contentLengthStr])!=contentLength:
if debug:
print('DEBUG: verifyPostHeaders content-length does not match '+headers[contentLengthStr]+' != '+str(contentLength))
return False
if debug:
print('DEBUG: verifyPostHeaders adding '+contentLengthStr+' to signedHeaderList')
signedHeaderList.append(f'{contentLengthStr}: {headers[signedHeader]}') signedHeaderList.append(f'{contentLengthStr}: {headers[signedHeader]}')
else: else:
if debug: if debug:
print('DEBUG: verifyPostHeaders '+contentLengthStr+' not found in '+str(headers)) print('DEBUG: verifyPostHeaders '+contentLengthStr+' not found in '+str(headers))
elif signedHeader == 'Content-Length': elif signedHeader == 'Content-Length':
if headers.get(signedHeader): if headers.get(signedHeader):
if int(headers[signedHeader])!=contentLength:
if debug:
print('DEBUG: verifyPostHeaders Content-Length does not match '+headers[signedHeader]+' != '+str(contentLength))
return False
if debug:
print('DEBUG: verifyPostHeaders adding Content-Length to signedHeaderList')
signedHeaderList.append(f'Content-Length: {headers[signedHeader]}') signedHeaderList.append(f'Content-Length: {headers[signedHeader]}')
else: else:
if debug: if debug: