The call to const json = JSON.parse(jsonB64); in line 19 is done before the verification of the data in if (result) in line 30
|
const json = JSON.parse(jsonB64); |
|
|
|
// @ts-ignore |
|
const sig = new KJUR.crypto.Signature({ alg: sigalg, prov: 'cryptojs/jsrsa' }); |
|
|
|
sig.init({ xy: pubkey, curve }); |
|
|
|
sig.updateString(jsonB64); |
|
|
|
const result = sig.verify(signature); |
|
|
|
if (result) { |
|
resolve(json); |
|
} else { |
|
reject('invalid ECDSA signature'); |
|
} |
thus even not verified data will be passed to JSON.parse (which can be invalid or try to trigger DOS/other attacks)
fix:
call to JSON.parse only if verification successful (line 31 inside the if (result) block)
The call to
const json = JSON.parse(jsonB64);in line 19 is done before the verification of the data inif (result)in line 30hamagen-react-native/src/services/SigningService.ts
Lines 19 to 34 in 14dd43b
thus even not verified data will be passed to JSON.parse (which can be invalid or try to trigger DOS/other attacks)
fix:
call to JSON.parse only if verification successful (line 31 inside the
if (result)block)