From afbd1d2ba01c89960dfd6bcd205c89fa91a76255 Mon Sep 17 00:00:00 2001 From: core Date: Thu, 3 Aug 2023 11:30:50 -0400 Subject: [PATCH] fix constant panics when keystore is weird --- trifid-api/src/routes/v1/dnclient.rs | 29 +++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/trifid-api/src/routes/v1/dnclient.rs b/trifid-api/src/routes/v1/dnclient.rs index 967ba7b..ac573fa 100644 --- a/trifid-api/src/routes/v1/dnclient.rs +++ b/trifid-api/src/routes/v1/dnclient.rs @@ -70,13 +70,11 @@ pub async fn dnclient( let client_keys = host_in_ks .client_keys .iter() - .find(|u| u.id == req.counter as u64) - .unwrap(); + .find(|u| u.id == req.counter as u64); let client_keys_2 = host_in_ks .client_keys .iter() - .find(|u| u.id == host_in_ks.current_client_key) - .unwrap(); + .find(|u| u.id == host_in_ks.current_client_key);; let signature = match Signature::from_slice(&req.signature) { Ok(sig) => sig, @@ -92,15 +90,20 @@ pub async fn dnclient( } }; - if client_keys - .ed_pub - .verify(req.message.as_bytes(), &signature) - .is_err() - && client_keys_2 - .ed_pub - .verify(req.message.as_bytes(), &signature) - .is_err() - { + let mut valid = false; + + if let Some(client_keys) = client_keys { + if client_keys.ed_pub.verify(req.message.as_bytes(), &signature).is_ok() { + valid = true; + } + } + if let Some(client_keys_2) = client_keys_2 { + if client_keys_2.ed_pub.verify(req.message.as_bytes(), &signature).is_ok() { + valid = true; + } + } + + if !valid { // Be intentionally vague as the message is invalid. warn!("! invalid signature from {}", host); return HttpResponse::Unauthorized().json(vec![APIError {