public
/
icepick
5
0
Fork 0
Code Issues 17 Pull Requests 1 Packages Projects Releases Wiki Activity

miniquorum: fix duplicate-signature validation logic

This commit is contained in:
Ryan Heywood 2025-04-10 15:31:06 -04:00
parent adf1e68006
commit 47f79aa62b
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
crates/miniquorum/src/lib.rs
View File

@ -439,14 +439,6 @@ impl Payload {
for issuer in signature.issuer_fingerprints() { for issuer in signature.issuer_fingerprints() {
let mut currently_seen = std::collections::HashMap::new(); let mut currently_seen = std::collections::HashMap::new();
for cert in &certs { for cert in &certs {
if let Some(seen_index) = seen.get(&cert.fingerprint()) {
return Err(BaseError::DuplicateSignature(
cert.fingerprint(),
index,
*seen_index,
)
.into());
}
match cert match cert
.with_policy(&policy, None)? .with_policy(&policy, None)?
.keys() .keys()
@ -456,16 +448,29 @@ impl Payload {
.next() .next()
.map(|signing_key| signature.verify_hash(&signing_key, hashed.clone())) .map(|signing_key| signature.verify_hash(&signing_key, hashed.clone()))
{ {
Some(Ok(())) => { Some(result) => {
// key found, signature matched // matching key found, check for duplicates
signature_matched = true; if let Some(seen_index) = seen.get(&cert.fingerprint()) {
return Err(BaseError::DuplicateSignature(
cert.fingerprint(),
index,
*seen_index,
)
.into());
}
// mark the cert as seen, so it isn't reusable match result {
currently_seen.insert(cert.fingerprint(), index); Ok(()) => {
} signature_matched = true;
Some(Err(e)) => {
if error_on_invalid { // mark the cert as seen, so it isn't reusable
return Err(e)?; currently_seen.insert(cert.fingerprint(), index);
}
Err(e) => {
if error_on_invalid {
return Err(e)?;
}
}
} }
} }
None => { None => {