Invalid signature leads to process termination #42

thirtified · 2020-11-09T16:41:21Z

The findResponder() routing in verify.js will throw an exception in case it is unable to verify the signature. This exception is not caught in verify() and thus will lead to crashing of the application.

project/node_modules/ocsp/lib/ocsp/verify.js:25
      throw new Error('Invalid signature');
      ^

Error: Invalid signature
    at findResponder (project/node_modules/ocsp/lib/ocsp/verify.js:25:13)
    at Object.verify (project/eidas-cert-check/node_modules/ocsp/lib/ocsp/verify.js:72:22)
    at project/node_modules/ocsp/lib/ocsp/check.js:38:12
    at done (project/node_modules/ocsp/lib/ocsp/utils.js:26:7)
    at IncomingMessage.<anonymous> (project/node_modules/ocsp/lib/ocsp/utils.js:46:7)
    at IncomingMessage.emit (events.js:327:22)
    at endReadableNT (_stream_readable.js:1224:12)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)

The text was updated successfully, but these errors were encountered:

Fixing uncaught exception when signature verification fails – fixes indutny#42.

thirtified · 2020-11-09T16:47:49Z

Great, turns out there is already a pending PR for this: #36

thirtified pushed a commit to thirtified/ocsp that referenced this issue Nov 9, 2020

Fixed uncaught exception

b9d2f02

Fixing uncaught exception when signature verification fails – fixes indutny#42.

thirtified mentioned this issue Nov 9, 2020

Fixed uncaught exception #43

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid signature leads to process termination #42

Invalid signature leads to process termination #42

thirtified commented Nov 9, 2020

thirtified commented Nov 9, 2020

Invalid signature leads to process termination #42

Invalid signature leads to process termination #42

Comments

thirtified commented Nov 9, 2020

thirtified commented Nov 9, 2020