From cf3d42c066d2f54d4a57aa38907a7c6c7d06aeb6 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 16 Feb 2021 00:00:40 +0100
Subject: lacme-accountd(1): base64url-decode incoming signature requests.

Before printing them to the standard error.
---
 lacme-accountd | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'lacme-accountd')

diff --git a/lacme-accountd b/lacme-accountd
index e170637..0adfe38 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -30,7 +30,7 @@ my $NAME = 'lacme-accountd';
 use Errno 'EINTR';
 use File::Basename 'dirname';
 use Getopt::Long qw/:config posix_default no_ignore_case gnu_getopt auto_version/;
-use MIME::Base64 'encode_base64url';
+use MIME::Base64 qw/decode_base64url encode_base64url/;
 use Socket qw/PF_UNIX SOCK_STREAM SHUT_RDWR/;
 
 use Config::Tiny ();
@@ -195,7 +195,23 @@ sub conn($$;$) {
     # sign whatever comes in
     while (defined (my $data = $in->getline())) {
         $data =~ s/\r\n\z// or die;
-        print STDERR "[$id] >>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
+
+        my ($protected, $payload) = split(/\./, $data, 2);
+        unless (defined $protected and $protected =~ /\A[A-Za-z0-9\-_]+\z/) {
+            print STDERR "[$id] >>> Error: Malformed protected data, refusing to sign!\n";
+            last;
+        }
+        unless (defined $payload and $payload =~ /\A[A-Za-z0-9\-_]*\z/) {
+            # payload can be empty, for instance for POST-as-GET
+            print STDERR "[$id] >>> Error: Malformed payload data, refusing to sign!\n";
+            last;
+        }
+
+        print STDERR "[$id] >>> Incoming signature request for ",
+            "base64url(", decode_base64url($protected), ") . ",
+            "base64url(", decode_base64url($payload), ")"
+            unless $OPTS{quiet};
+
         my $sig = $SIGN->($data);
         $out->printflush( encode_base64url($sig), "\r\n" ) or warn "print: $!";
     }
-- 
cgit v1.2.3