Merge pull request #10 from tencentyun/fix/verify-user-buf

fix: 修复 userbuf 未校验的问题
tencentyun · Dec 30, 2021 · 66a882c · 66a882c
2 parents 3fefb5d + c3e2778
commit 66a882c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/src/tls_licence_tools.cpp b/src/tls_licence_tools.cpp
@@ -39,8 +39,8 @@ static void usage(const string& prog)
 	cout << "\tverify sig e.g.: " << prog << " verifyuser public.pem sig 1400000000 xiaojun" << endl;
 	cout << "\tverify2 sig: " << prog << " verify2 key sig_file sdkappid identifier" << endl;
 	cout << "\tverify2 sig e.g.: " << prog << " verify2 5bd2850fff3ecb11d7c805251c51ee463a25727bddc2385f3fa8bfee1bb93b5e sig 1400000000 xiaojun" << endl;
-	cout << "\tverify2user sig: " << prog << " verify2user key sig_file sdkappid identifier" << endl;
-	cout << "\tverify2user sig e.g.: " << prog << " verify2user 5bd2850fff3ecb11d7c805251c51ee463a25727bddc2385f3fa8bfee1bb93b5e sig 1400000000 xiaojun" << endl;
+	cout << "\tverify2user sig: " << prog << " verify2user key sig_file sdkappid identifier userbuf" << endl;
+	cout << "\tverify2user sig e.g.: " << prog << " verify2user 5bd2850fff3ecb11d7c805251c51ee463a25727bddc2385f3fa8bfee1bb93b5e sig 1400000000 xiaojun abc" << endl;
 
 	cout << "\tdump sig e.g.: " << prog << " dump sigtext" << endl;
 }
@@ -394,7 +394,7 @@ static int verify2_sig(const string& key, string& sig_file,
 }
 
 static int verify2_sig_with_userbuf(const string& key, string& sig_file,
-        string& sdkappid, string& identifier) {
+        string& sdkappid, string& identifier, string& userbuf) {
 
     // 首先读取 sig 文件中的内容
     // 我们的程序虽然是用的是这种方式，但是开发者在使用的时候肯定是用缓冲区直接调用接口
@@ -432,7 +432,6 @@ static int verify2_sig_with_userbuf(const string& key, string& sig_file,
     ss >> int_sdkappid;
     uint32_t expire_time;
     uint32_t init_time;
-    std::string userbuf;
     int ret = tls_check_userbuf_ticket(sig_str, key, int_sdkappid,
             identifier, expire_time, init_time, userbuf, err_msg);
     if (0 != ret) {
@@ -532,12 +531,13 @@ int main(int argc, char * argv[]) {
         std::string sdkappid_str = argv[4];
         std::string identifier = argv[5];
         ret = verify2_sig(key, sig_file, sdkappid_str, identifier);
-    } else if (0 == strcmp(cmd, "verify2user") && 6 == argc) {
+    } else if (0 == strcmp(cmd, "verify2user") && 7 == argc) {
         std::string key = argv[2];
         std::string sig_file = argv[3];
         std::string sdkappid_str = argv[4];
         std::string identifier = argv[5];
-        ret = verify2_sig_with_userbuf(key, sig_file, sdkappid_str, identifier);
+        std::string userbuf = argv[6];
+        ret = verify2_sig_with_userbuf(key, sig_file, sdkappid_str, identifier, userbuf);
     } else {
         usage(argv[0]);
         return -1;

diff --git a/src/tls_signature.cpp b/src/tls_signature.cpp
@@ -1064,15 +1064,21 @@ static int __verify_sig_v2(
             errMsg = "userbuf is not type of string";
             return CHECK_ERR15;
         }
-        std::string base64UserBuf = sig["TLS.userbuf"].GetString();
-        int ret = base64_decode(base64UserBuf.data(),
-                base64UserBuf.length(), userBuf);
+        std::string base64UserBufInSig = sig["TLS.userbuf"].GetString();
+        std::string userBufInSig;
+        int ret = base64_decode(base64UserBufInSig.data(),
+                base64UserBufInSig.length(), userBufInSig);
         if (0 != ret) {
             errMsg = fmt::sprintf("base64 decode userbuf error:%#x", ret);
             return CHECK_ERR15;
         }
+        if (userBufInSig != userBuf) {
+            errMsg = fmt::sprintf("userbuf doesn't match");
+            return CHECK_ERR15;
+        }
+        userBuf = userBufInSig;
         sigCalculated = hmacsha256(sdkappid, identifier,
-                initTime, expireTime, key, base64UserBuf);
+                initTime, expireTime, key, base64UserBufInSig);
     } else {
         sigCalculated = hmacsha256(sdkappid, identifier,
                 initTime, expireTime, key);